last executing test programs: 16.572174235s ago: executing program 0 (id=135): io_uring_setup(0x30d5, &(0x7f00000000c0)={0x0, 0x3709}) mkdir(&(0x7f0000000040)='./bus\x00', 0x0) mount$bpf(0x0, &(0x7f0000000400)='./bus\x00', 0x0, 0x0, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) capset(&(0x7f0000000080)={0x19980330}, &(0x7f00000000c0)) mq_open(&(0x7f0000000480)='eth0\x00\xf1\x80{\xa8d\xba3\xcb\xae\x99\xe1\x14z\xd3\xe4\x80\xa2\xbc\xdd\xb8\xed\xe9\xa34s\xa6R(\x12\x91i\xeb\x1f\xd1\x8d\xb6\x9a|\xf2\xa6e\x02\x98\x88x\x8b\x85#v#\xf0/\x84\x7f_\x05\xcd9\xe1aRK\xd9\xc5\x99|\xcd\a\x17\xd1\xd2\a\xab\xd2\xd2b\xa9\xf7d%$\xc0\xa6vBK\x9f\x1c\x19s\xa5}|Q\xd5\xe6%!g\xad1M\xa0j\xa2x\a\x14T\xe6t\xa2v\xc3n\x93\\\xcc\x96\x00\xe4\x1f\x94\xac\xb5\xd6\xe5\xccm\x95\xa8R\x00r\x8fg\x9b\xc0\xc3\x15\xd0XB\xf1\xf2>~\x9dmQ\xae\xbe\xca\x1c\xdeQ\xc6\x1e\x12&\x9f\xbe\\?\x99\x18E\xe0\xd7\xf1^.S\xc4\x8f8{IY\vVsw_@P\x99\xd70\xad\xa4\xfd\x04\x7f>h\x8b\xd1q\xb9\x95\xef\xd0\'\xef\xb6\r\x9b\xd7\x1b\x0e\xa2\xcc\xc2\xe5\xce\xcb\xc3`b\xdc\xad\x9d\xf0.\b\xa5\xdfg8\x01\x92,\xb9\'+\x02Uc\xacI{R&\xb0\xd4\xe6\xecr\xfd\x94w', 0x42, 0x0, 0x0) 15.603862248s ago: executing program 0 (id=137): openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0/file0\x00', 0x200, 0x13) openat(r0, &(0x7f0000000080)='./file0/file0\x00', 0x12d502, 0x152) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$FS_IOC_GETFSLABEL(r1, 0x800452d2, &(0x7f0000000100)) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ipvlan0\x00', 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r3, &(0x7f0000000580)=[{&(0x7f0000000640)=""/102396, 0x18ffc}], 0x1, 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x0, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='syzkaller\x00', 0x7, 0x1000, &(0x7f0000000240)=""/4096}, 0x80) syz_emit_ethernet(0x46, &(0x7f0000000740)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x3, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback, @loopback}, "1400000023000000"}}}}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000019640)={'ip_vti0\x00', &(0x7f0000000140)={'gre0\x00', r2, 0x1, 0x8, 0xff, 0x6, {{0x8, 0x4, 0x3, 0x1, 0x20, 0x67, 0x0, 0x1, 0x2f, 0x0, @rand_addr=0x64010100, @broadcast, {[@lsrr={0x83, 0xb, 0x8c, [@private=0xa010102, @private=0xa010100]}, @end]}}}}}) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map, r5}, 0x10) r6 = fsopen(&(0x7f0000000040)='devpts\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c0000002600bdab"], 0x2c}}, 0x0) sendmsg$SMC_PNETID_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x11, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x376, &(0x7f0000000ac0)=ANY=[@ANYBLOB="0180c2000000bbbbbbbbbbbb86dd6003000003403afffe8000000000000000000000000000bbff020000000000000000000000000001860090780000100000ff000000000000000aa78ce54006598080a8030003004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af0502000100000500006d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd074bb558d29ad70e5edec3debed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978001d06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea0312681afef486491b7202167edb92f7c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5cf390dab23b500b0c0272479611e4e7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd577ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000000b17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a82689483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f0031907b8a3e10000a3e10300000009000000ffff00000000600000ff0bc0fe000000000000ff0000000000d9a02744000000000000000000000000113f14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e2eeb1d18065daa7628cf9ef083dfa9251a93e70e78fb611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc3e676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b00"/912], 0x0) 11.450436656s ago: executing program 0 (id=141): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, 0x0, 0x0) 9.381097843s ago: executing program 0 (id=144): setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, &(0x7f0000000000)=ANY=[@ANYRESHEX], 0x8) r0 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100004e20502500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={0x0, r2}, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r5, &(0x7f0000000140)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}, {0x0}], 0x2, 0x0, 0x7f) syz_emit_ethernet(0x3e, &(0x7f0000000100)={@local, @empty, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "fca33f", 0x8, 0x0, 0x0, @dev, @local, {[@routing={0x0, 0x0, 0x0, 0x3}]}}}}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) mlock(&(0x7f00002bf000/0x4000)=nil, 0x4000) bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) ioctl$vim2m_VIDIOC_QBUF(0xffffffffffffffff, 0xc04c560f, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$inet_mptcp_buf(r6, 0x11c, 0x3, &(0x7f0000000040)=""/175, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000340)={{{@in=@remote, @in6=@private0, 0x0, 0x7, 0x0, 0x0, 0x2, 0x0, 0x80, 0x2c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, {0x0, 0x0, 0x6, 0x800000000000002}, 0x0, 0x6e6bc0, 0x1}, {{@in6=@remote}, 0x0, @in6=@loopback, 0x0, 0x1, 0x0, 0x8}}, 0xe4) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="380000004800011d00000000000000000afe80ff", @ANYRES32=0x0, @ANYBLOB="000000001400010000000000000000000000000000000001080002"], 0x38}}, 0x0) r8 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)={0x14, r8, 0x301, 0x0, 0x0, {0x2b}}, 0x14}}, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_SET_FLAGS(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x30, r10, 0x205, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_PORT={0x6}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @private}]}]}, 0x30}}, 0x0) sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r4, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000540)={0x70, r10, 0x4, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_ADDR={0x2c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x18}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}]}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x200}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x1}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}]}, 0x70}, 0x1, 0x0, 0x0, 0x4}, 0x881) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@ipv6_delrule={0x28, 0x21, 0x121, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_UID_RANGE={0xc, 0x18, {r1, 0xffffffffffffffff}}]}, 0x28}}, 0x0) 8.393657923s ago: executing program 0 (id=148): socket$nl_route(0x10, 0x3, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) munlockall() read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = getpid() process_vm_readv(r1, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000880)=@newtaction={0x14, 0x30, 0x53b, 0x0, 0x0, {0x9}}, 0x14}}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) rt_sigpending(0x0, 0x1000000) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r4 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, 0x0) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000240)={0x0, 0x0, 0x2, 0x0, 0x0, [], [0x0, 0xfffffffd, 0x1000000], [0x0, 0x2, 0x2, 0x80000000], [0x0, 0x0, 0x5]}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0xe, 0x4, 0x4, 0x8}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x2, 0x6, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x0, 0x2, 0x0, r5, 0x0, 0x0, 0x0, 0x5f5e0ff}, @jmp={0x5, 0x0, 0x8, 0xb, 0x9, 0xffffffffffffffe0, 0xfffffffffffffffc}]}, &(0x7f0000000000)='GPL\x00', 0xc, 0xe3, &(0x7f0000000680)=""/227}, 0x90) read$watch_queue(0xffffffffffffffff, &(0x7f0000000b00)=""/4096, 0x1000) r6 = openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$UHID_CREATE(r6, &(0x7f00000002c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000540)=""/32, 0x20}}, 0x120) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="1201000000000040341a02080000000000010902"], 0x0) syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0) write$UHID_DESTROY(r6, &(0x7f0000000040), 0x4) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f0000000800)) 6.966280688s ago: executing program 2 (id=150): r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r2) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r3 = inotify_init1(0x0) fcntl$setown(r3, 0x8, 0xffffffffffffffff) fcntl$getownex(r3, 0x10, &(0x7f0000000140)={0x0, 0x0}) r5 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) r6 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x12, r6, 0x0) fallocate(r5, 0x0, 0x0, 0x1000f4) r7 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) ftruncate(r7, 0x9e5d) r8 = syz_open_procfs(r4, &(0x7f0000000600)='fd/4\x00') open_by_handle_at(r8, &(0x7f0000000100)=ANY=[@ANYBLOB="0c000000010000000b", @ANYRES16=r1], 0x9e0a) unshare(0x20000400) r9 = socket(0x15, 0x5, 0x0) connect$l2tp6(r9, 0x0, 0x0) r10 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)={0x1c, r10, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x92}]}, 0x1c}}, 0x0) 6.56104661s ago: executing program 2 (id=151): r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x20, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x1000000, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}}}, 0x108) 6.234057738s ago: executing program 2 (id=152): socket$inet6_udp(0xa, 0x2, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_tcp_int(r2, 0x6, 0x19, 0xffffffffffffffff, &(0x7f0000000040)) close(r1) r3 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r3, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x4}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10) socket$tipc(0x1e, 0x0, 0x0) r4 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f00000001c0)={0x42, 0x4}, 0x10) r5 = syz_io_uring_setup(0x3357, &(0x7f0000000080)={0x0, 0x0, 0x20, 0x1, 0xffffffde}, &(0x7f0000000300), &(0x7f0000000100)) close(r5) syz_io_uring_setup(0x231, &(0x7f0000000600)={0x0, 0xe740, 0x80, 0x0, 0x11f}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_io_uring_submit(r6, r7, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0}) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r8 = getpid() sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r10 = socket$inet(0xa, 0x801, 0x84) connect$inet(r10, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r10, 0x10008) r11 = accept4(r10, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r11, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x2}, 0x8) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0x9}, &(0x7f0000000240)=0x8) sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0) 5.755974059s ago: executing program 1 (id=154): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, 0x0, 0x0) 5.411135824s ago: executing program 1 (id=157): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x21, 0x4, 0x8, 0xfffff9e9}, 0x48) 5.139196242s ago: executing program 1 (id=158): setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, &(0x7f0000000000)=ANY=[@ANYRESHEX], 0x8) r0 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100004e20502500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={0x0, r2}, 0x10) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r5, &(0x7f0000000140)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}, {0x0}], 0x2, 0x0, 0x7f) syz_emit_ethernet(0x3e, &(0x7f0000000100)={@local, @empty, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "fca33f", 0x8, 0x0, 0x0, @dev, @local, {[@routing={0x0, 0x0, 0x0, 0x3}]}}}}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) mlock(&(0x7f00002bf000/0x4000)=nil, 0x4000) bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) ioctl$vim2m_VIDIOC_QBUF(0xffffffffffffffff, 0xc04c560f, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) getsockopt$inet_mptcp_buf(r6, 0x11c, 0x3, &(0x7f0000000040)=""/175, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000340)={{{@in=@remote, @in6=@private0, 0x0, 0x7, 0x0, 0x0, 0x2, 0x0, 0x80, 0x2c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, {0x0, 0x0, 0x6, 0x800000000000002}, 0x0, 0x6e6bc0, 0x1}, {{@in6=@remote}, 0x0, @in6=@loopback, 0x0, 0x1, 0x0, 0x8}}, 0xe4) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="380000004800011d00000000000000000afe80ff", @ANYRES32=0x0, @ANYBLOB="000000001400010000000000000000000000000000000001080002"], 0x38}}, 0x0) r8 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)={0x14, r8, 0x301, 0x0, 0x0, {0x2b}}, 0x14}}, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_SET_FLAGS(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x30, r10, 0x205, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_IF_IDX={0x8}, @MPTCP_PM_ADDR_ATTR_PORT={0x6}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @private}]}]}, 0x30}}, 0x0) sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r4, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000540)={0x70, r10, 0x4, 0x70bd26, 0x25dfdbfc, {}, [@MPTCP_PM_ATTR_ADDR={0x2c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x18}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}]}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x200}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x1}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x4}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x2}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x7}]}, 0x70}, 0x1, 0x0, 0x0, 0x4}, 0x881) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@ipv6_delrule={0x28, 0x21, 0x121, 0x0, 0x0, {}, [@FIB_RULE_POLICY=@FRA_UID_RANGE={0xc, 0x18, {r1, 0xffffffffffffffff}}]}, 0x28}}, 0x0) 4.759586691s ago: executing program 3 (id=160): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, &(0x7f0000000040)={'IDLETIMER\x00'}, &(0x7f0000000240)=0x1e) 4.583557155s ago: executing program 3 (id=161): sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[], 0x1c}}, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000400)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYRES64=r2], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, 0x0, 0x0) socket$netlink(0x10, 0x3, 0xb) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r4 = syz_open_dev$video(&(0x7f0000000100), 0x0, 0x0) ioctl$VIDIOC_S_SELECTION(r4, 0xc0405668, &(0x7f0000000000)) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000500)={0xa00, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) 4.57652365s ago: executing program 4 (id=162): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x3}) ioctl$MEDIA_IOC_G_TOPOLOGY(0xffffffffffffffff, 0xc0487c04, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f00000005c0)=[{}, {}, {}], 0x0, 0x0, 0x0, 0x9, 0x0, &(0x7f0000000880)=[{}, {}, {}, {}, {}, {}, {}, {}, {}]}) listen(0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) syz_open_dev$vbi(0x0, 0x0, 0x2) sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES16], 0x40}}, 0x0) sendto$inet(r1, 0x0, 0x0, 0x2000077d, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) epoll_create1(0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000180), 0x88141, 0x0) r2 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/kernel/address_bits', 0x0, 0x0) fchdir(r2) r3 = open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x105) getdents(r3, &(0x7f0000001fc0)=""/184, 0xb8) timerfd_create(0x0, 0x0) r4 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r4, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60) 3.552205033s ago: executing program 0 (id=163): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000002400)=[{{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000002c0), 0x0, &(0x7f0000000580)=[@rights={{0x14, 0x1, 0x1, [r1]}}, @rights={{0x18, 0x1, 0x1, [r1, r2]}}, @rights={{0x24, 0x1, 0x1, [r1, r0, r2, r2, r0]}}, @rights={{0x34, 0x1, 0x1, [r1, r1, r2, r0, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r2]}}], 0x90, 0x10}}, {{&(0x7f0000000440)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000800)=[{&(0x7f0000000640)="0ecc11d35c43e990c176edecb8770b4c71da62442a27cb677e09bf8ed395fa6328e944366fc67df54011072b0e3e67b3f6be6ac8bd3e5de431d317e924049dff86a94d3e29a67d46b243609cbbc7ca1aff9fb21765eb8801125f44eef71d002221a3ad1df60f49ddc7476a9bd9e233ddef97427aa34169e24d1396bb5c6da74bb3f5d296caefb0ae915518c0046f717dc9cbff9e6599d4c33934", 0x9a}, {&(0x7f0000000700)="324be4f5ebc71775f26ec328151c52682a46da1a613f22d991d856677f81b22c50ab42e5396df81d340764b8f81963cae8e6abf27bfd58c94dcb8d716b05d9f90c74495b0c965c53d491915707c72d2bd5a6ed79a51ac9883b1c2340c3139b6d538db67b38cbb94df744c1c2928e25d165990d6d22b0ef87547d18a7a429de6758e8acbf6afe3e8f898dd85d2924decd808bce2b3cdc2aa90223d486e5c56b05266e6857b543f4de100153b2516db02754b0c2b30c19faee2497b00ee23142b72f8243ecc80b46eaeedf5387fe5077176cfe6c7d1d2689f91bfe0a69828c976fac4f804dadc3e63771", 0xe9}, {&(0x7f0000000c00)="b538bb5061e58c21eafd24f4573b2f3bdbf3451e945f4a353a026856ae7d154fabcd0d4489e4d73d5bb711b39f7581b3ec35dfcd37f745ff1b2b586f56af77e4ba462af3f5a13e24f7fe96fa97ef2890be5ba4b98f691d65cd7da45c076c9b1c8c0a948bf231fa6af5e2a33a3165e03a8d7debe4fca2e8ce34e736f940ef9410bafd736a98c047f7b8d75f28d6f7893ae9c86ed795a922c028885cac05a32ebdd07351a3d18a6d7550de844602604cd1a8cd9b5290bfe85ff06639f19d9581ea264d1b4db1c7478b0a705ef999ebf4216385ccf319eebf8ec5df763dd7b55827fbcfe9b9c37bf41e4f0c356db6565d5d468d230d12cf2656c153965077113f1b71ae9ad5d760463eb77681249556f206799f5cc0ed606c356e2826ca729ded739c78ae0de9ae5ee9e8526854dfb09075949ac42a45ac067aea78ad21fc7d3dc81d880fc10015e6dd4296cf99d839fc8b7b76a2989b415434f78dc886aa45807da97f5f132a0d32e9646ce23e30cba6cfc32ef4c6d6d727e5320d5896a8f48df556dfe6152bd6bc4a0d56c1c7d2975613926d2ac416daa58164b1f5942f3ab082534c9256be419b9ebd8152a97892159ac2aa6c5e171ae5790cac3159d794b85498d6f970f87e398e79b9ee750ec1d544fdc2ba6eda68438057c3bd553d5aae87b08856318c275ce13eb566cbbbef5dfc50d93642a1703b5f1d8d9cbefa8fb38681255aa498e1fa6333ecfc99734b9825e1dcb3c1443fb7fb82ab549125e80843742ac7b170af13794f68164b6123abd0a4de30de902d9b27f42e3d563432378fc60bb23129b22923a17472c92007e6bf55b5f8bb11806294a028ce415a0c9ab1c336c6037e27623e311b821fc1da815c71ee9ef47275426deccdc291bc461a529dd0727dabae14829c43c1f80b29a87a2b36ac1d0c70d6d87665c51876497b1059bd601f6554ff9c7ffbab8c8358ca6fddf70522bfdba6681b62dd5a1613aea1a556355f8f1185db5cafe763beb8ce45d183baf612e14c6d76afb22e64a2d29042702d532e225ffc58b6ec934dc79598501e60ecdaaee7856a9a616b6eeaac2e6fa27c08cc0fe68b3ea1d39e1f47605b541d77eb638140ebc96cde9a2ef436bf72fc2965898ccbc16be0a5ee7d1a0a6bc8401de19f2f3dd958c5a6ee01ba4aa69f8e98f35a854beb332a9bf3ac92907e1dea18c5005008ea7638c5e9db5f23586ef08bcf1c57bf1a0a214c63974d13135120f6b364eb5dd06758e5f4bdaf4d1dd41ffc87a3d15e2bbf5421a2414dbcaeec62fbb82ab129fefa4a64be7548f2c5033af8ad32f34e196e46fe9e5172d5f787fc56fc60b988f62a488156d104d573ee3d0b302ff2c50bd4fda10e25bce371d0991d0c36b7f7b7e8b5468f584cad2525b799e6cccf2b5ac4387784c5bab564fd6c34432ed4a4c4ad4d4a1bcdfd49e9e4e3741e2d764ca506bc44d9fd84846fd8dc009423b289f23870fbab33d89bf9324d8e706a9d10b9a4b8e2ec5c043933812d6b04cdcc0d22852836e2482ca2baf41f72a908fc107c8ebf9161de5eb69b80d6d0396495e46878d0e99683601812a3788eb1a6fbb33bd773d139357384053421b1d00fd35341c65fb3724ba090873d18d267637864ac397da447186880f2fc05fe8cb43ff85359fcab56d478dc82ba9f93256a53d4ca736c1485c55c08477bfbf6092e9587ee413c8759abec24992d4dffd523c3f7ba11ad684331536046628c317da5725fb1d8978e5e553f0e80424317c9ba4a3994fba9ad51b900c6d85bd2d5a556a3a7a1bf8a50edce41cb0f225e8c99972d7124bf59d9cd73976d27e0e90534fad4df6808e3165aecac2529c60e3b90a6a88de5a21fd3b963021d6d7ded43a151b70b866957e7468e2e957ba4ae819a262dc866d871bc83a9dec4f2d8550c4d58f0817b17ef2a004c8a8d263dfcde9d494a21230a4c6f08dde4bc6d2f1b63f232e6e67da7b50eff2e6b32f7015e873a5dda95be226b4d308d550c59c85bfa7297a051bd72e06ba601630e208195f95811002a2b7df5f058e865f6f96dd3649475723d4b023856f0e4e9b5763806cb1261edaf92108e9f1fa6beff76ba240164c081935e13f7a225f37f7135665e14d54e039d1e05fa39d0ab11eefbe33efb417ae34934df6068239aacc6c91353800898a5bc15e7be29a160a438520b785aed5220249c6c41afabd2490b5b64ec1a3527bfdfb465a9f23b16d01df5c3e41a71479d60759be8af2b061027432516d310707d11cfbee0dcac01449392e7d8f1af6ecaf175b3238c8981f2c7a8d54d7339c3a59587375bc82884d0fa65033e91014fd23c599305f7a2e079ddeebbbd8bce8f43a08b3589a16a04679fb4246d6255066bfc1ae7584d955c301001793a05026ea81cdf7c04414904b8fe8ff652cf5deef668a2fc668c73b801779a71fc840a8f28ad15bed4728b6369eee998e9d7dbe6b42f75f1c301eabf37453d8e8c8c64dc252dcddcb73eba8e73716d3b65eac9144656f61bb1500e488794a99a776365944faebca1f3e52d80a3f341c50a5dae9d2093fe516f17d48d843d669f0b4d7eb04adb3549d585e1fe33906de89669c0a78770b84bf408477b24506038daadd5bb81325b1f4839682ccce98316fabb2ab4171fd05a0fceabeecc53b5f1737289dce0eeb0ce8df10021ee1aa892db826d0ea20d9d6b4eb5b5d4a9fac1743ece37aadcb8de7966bf5ba4fee65adcff5edd859aca09e21cd0309999e34362a6078882ced1d58ba3dcf7732123e95685875df3ef2333cfa6048dd492df3b8bd5ef18a70f1972ef6b6f6a57756ea6b5d5eeb7f176a555cacdd3a0f69661f0481f2434b57b7252e13ef48f40cb910d9989fe23052de2a0ad485d401d9c93f20334befbc93e72d4ec0b0938733f81017cfe0bd8d7d29ab1f5f7e3ca1635192b48911dbe9c4db3a48df08fbd938dfbf88ba16f0eff44a9ee2debfa78606f69f7ccfd6bb8c445a676b285c4b3596a1f349e331c27b904b511bc876cd414f296fdd6960254cf712d078f84b12e4f271e5e2e4b60c5aa007c5bf27e39c3492d4a7f94ad10aa2ded5673475e8acc85f29fbda58eaf15d50a5253c62892c56ccc420b70af10cf5b966a88eabfc9d1742c2ccb1b54557653734485f8182d5dea3bc9f836cabf4b0388775b8f98cf885ecff8e27a1dd73eeae469ac78e60e4fe33564296441a37efa9101dbdf6b37d808954a865daa742b9fb1955aab2ed451bf50cc0a489e8b6dcb210d5ea4ef9262f81b2b8a44d291acf232e16e3a787fc239eadaf2fd00099b0185e7598567824734051eb215206c0373ccc2a4678fdb4ef4d8cb898517054b332d1186a56ca588ebd2dda45cb6c67fff1b3bc12703930d3aed13baab0199b07667c15704a1b5ec7708345c073445a075626f7f77a6593fb38d8ebe6a7bca110f8536c530775f37f6da9a3216fd6db8319da5a2674fa506f1d652d89752646b970766729c0090bf92554f58062cd9c4e67a67c598b86ab89ec7e21d3e8dde325742241212e9184f4b04e35cd4b938cdee1026e2a9444da33258906c204854821ba2c3e2133842b24eca8f4029c21e2818c49ae3f8af9bd072ebd9ad2c6533f6f9718721fd87264872e23a2390d0fc7e5cee55dc05a87d66f4d757b76034ea39bc0ba4d0daa9e2d737a8918fc8ecb8fa11a6dab226590779de95f567d13954217ee51fa3e35b1e1c1a86e66512833b0a7915cdbece03acc3257fc5e0d81ab290be71ef28cd313b074cbcef90b9b6d971831119b64ee86ccc2191347ded24f3e1ed2807fd700664ecccae86195fd989c955b97364b02befc0a75fd1662f81b631fdd71458272b03ff70110af00cb37a1d704c1922f908d5a5b1285326ef0881a8351481f64949e6badfbc2610699f538932d39d16904bad627c95847709e56365bb45846e403311d395d21535fbd05e2a8d6df6890aa6fdae7e91d600ef399179bf834d85a3c18110fd9eb6f40281dc876a3df67f392be510833bdb71ed501cff07d349e474d431db36ecbad1d43772d41d25b81db7e8f9c50c9bd2f5d16b6ab28b1282ba1d5e310f0f281b52114664f4d31340cad2b8acde6de7902e039ef0062c867372ae6065a5df51090ab269c7a4c2a0e029a04df375f226afed91c251daf66b6b9f1dd12fa0d14043499d592766aeafcd6e8c4b5559c598380b316525bcf6664019d056b3db9285032d1df601b54c39983b5bbb383ded84cbb6f2a564f18531a41ec4aff54dade6845a5a34a8f60ba593f89da28899486d7b918c33b1630e6999cd8ef083a33c16c89a75769d940260e8ebbee63902aae8aaad885f3cf531f3df928a9b659004ceeadc2cc8fe78f42648e53d0d7a1fd8dfbcf582e1b333c98f500869527a30146797b02a251d0a102eb6f329c2786334c659da1a29b98d77e007cc55f99b48909bdbfbb8f094837726f67a6ab92ea4fbe8d647b7453d5e655b353d52f8001ec1a70a21ffff1d4df58162791a2bc75a7d3609693e9da383b06770bad382242a1d83b677da49bd6381d11d91f8254b0e36c6a71583f27ba64ccd53b0caab676fdfabfd4b8e6c6f9ed2c4250e1c7d19d95b5766dc47d086c0273b61666c96c285fadd14846dcb16e8039ee7f206307c16dee164727f4d16951f12a203ff018e5548ce87db6a15fd061c82ce49f97eb12b030d7df81c2ba79b6b16b81017c1e5aa13b5d8b761037cac424a16d99b5f4017b957f4d9e5ad71338d761d912f23c859dcffef2695d56be60666a6e15416b4f6c699dea0958e8ad950949cf7273a950e354afc54ab785346fb6e6a127253a71ad9669bca354a6a5306c4ab993cebc92b42b1ddd9c993cca89c5bda6e693709845a9c18f7711bff25213e66d74e4c07fd463708dea1b172c0a8688427a2cd4830c5f07887e344fc4975048b3bef2a355b375119b95ce8e74fba8c9826687789d5576fda01ea7f729c244636d46f8123f82b646119450f754960086502b3600cb4aca9caa547bfa60d536e3d05c436d14e56222b02cca7b3c445ec812f4f545a53ee80d9b84090d2f46d5d9b9fa0ad5943b0073b9bef1ee1f3d5045214cb50ffd32edf6bcb5dc6f401dee668da8990adedfe3eb14e0d8ea47cd9206fba34b7bd10c758907b5a46397a509f3434d2d8baf10d8f33531733228d3939805add603d40f6e0f785b3e76e853adb01f5add8e3abe8c343c89333c35e7a4faae9a7b60aa20bffa660bb7dc79537ed6444c0e3681eebf24d431d8f261053d7328f99c6b03bc49f1223075b3feaa1b034d9213d15d8cca1eb317877c873706b7ff5f41ece30440d99d1fe9a474daaefcaeb1f69964a7c6191d90107cd681d87bf51ff36dba12f35cea0b6e99225b0d1c23884d78a2a386220a5ef052228de70ff362a0f440815fe38aef5484dff92999d4bdab7c439ffebcc6825b02ea5b8936bb81cba86b49b17e3836c75de092e366bbfaa8ed6f9b04364d89773aef79fc6d96f0b05a68bce63b0319c2424c38f7c246ebbc30c06de4e33fb91574c56fc1ee92db28303bdff8b874f7fbece8ea4f249981bc30b50f5cf9759882f94b0d051b49c55edf09c03dc9d2875046750d497e1d90d6f10e7a1fa253b362663cdfcddceb95b75da2fb7ca93e2d1a76876a4efce59c92fd5e685c1f4be9b5ba23a580cc2a72cc957ef3f686c207be2cbcf381c05bce1be4a11e221e76265cb42e4a9855d332228eef0e7945903f4002deea6835e0d9d063422d93813705128aa3a8e34f96505cd08501ab1ea03", 0x1000}], 0x3, &(0x7f0000000ac0)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xffffffffffffffff, 0xee01}}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee01}}}], 0x80, 0x10}}, {{0x0, 0x0, &(0x7f0000001e80)=[{&(0x7f0000001c00)="99d77178e744139f5ef427b7079c194fdea31bd475fdcd09765bb6e0314e5f88644c14cc6b9aeff0e06b01d9cb9b07fab97f275fe8a2596703c3682270e67ef67085bbe3e5da323690003d1724f4d2e9e421f29b79375b89c268ffff8711226abcc42c2c659a34d0b03a6e618985ded1a68bc0dc062921d84ba48108c61adc5bfa8db20b3f914b61005d4a5dc439cb31639673cf5545ec733c22c75d26f7cc69a572", 0xa2}, {&(0x7f0000000b40)="514aec895ba008edc57669a195fb5a48cedc7d802148cf69cc7a15a61522260074f1fbb8414367d1f75fff4452443bf7dcbfb8b7226215bc299d8220", 0x3c}, {&(0x7f0000001cc0)="175d2ddb3fd771559c30050598a016d8ded40fe30187f4cbc94e39719bbacc16f62fef9405883041381c5ab97472d9d88b90bf6ce413c13febcf5ca6c68c8967fa011b67f446d42dbda2876bf9aa8c7c4e0f45f629952567e6ea2defb24068032f4836cb815cf3e0f059400f5c6c633fa8cf6eda5f7fbfb1bdeb84f8724367e5bf818aed7e5dfa6e2a553de8256165f80c058f636f2d74303de81eba36d88488aa61b7e5fa31dedd9eb9336a9a5531f26c", 0xb1}, {&(0x7f0000001d80)="bfeefbd563626f5e4641cd0b685b866a438844b30dc025e9413ca27536ec4413d28e0684ebe91699f51909cf7343872a8e7dd467ad57934327878370a53c7ff443b6fcf8fc7289c41cd5b8a7292b36436cc33aa5a5c078eacc3de45648df407a94c92335414c35cf2cb09b7a899b545c54fa6a3ce3b72f5ca331b34558c9dde4ccdb11343c574d58cd26a286c6cd669ae10a1290fd813daf11cf7d2e993d19d47b2da7d15d663f1e36a94dfa824d3d8d1a4f7821da33a65593f6d39df3c30864ede0f2cf0944fcd9e7cde44a83bc", 0xce}], 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="1c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="0000000024000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r0, @ANYRES32, @ANYRES32, @ANYRES32=r1, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r2, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=r2, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000028000000000000000100000001000000", @ANYRES32=r1, @ANYRES32=r0], 0xd8, 0x8b10c00fd48e263d}}, {{0x0, 0x0, &(0x7f0000002340)=[{&(0x7f0000002140)="fcacb8e4be2e69f3a093be2e4cf4aa8b7a65ec54d171e49495ddafb032d585c44cd1deb1675d85523412872a43aa3dddf415d3110ce80900c0d3dc947106cfb5b78061caeeb54e8ca9e92dac5e8d23108be06c166d2f9203dc983eb6d69d916953be1311f378790afc8beafe18cd7a0318a90e708a4da8163bbb3a33f932a8abd15a416e77d8855e595d5c500a60e7c45ff18831", 0x94}, {&(0x7f0000002200)="9b73d031cc86f90eb049e8532a51dd04d4400109fe0959e9e685d47c3b830adcbe7748192223d824d8b0518acb4c8793e0014c6c6be57f26e8170ad503ebb72f3ac892ee108913ac10a9a5ef8066fd424f7366bee1ac0194124eaf790f7a355656d1f775c58f796241ea8d37d9e415f81df824cbef61be6cfa85574d713e567a4ba07e634f8f7adf36ebfba78bb8c61b91710a5743dd4d2bd9ade8a20bdb06e0e9bb5848c28d2f06bbb386d116f86b73a299bbe48272d3232445a53139b9564b1e7678bcd15de9f3ad60e58b3a93f5547f5949bed580afb01fda5d2f94125f7bbaf94e742302d5016f1366211e511112d4f4998c8e5d202314f8", 0xfa}, {&(0x7f0000002300)="70be3ae2ca7349cf9aee2b92c352dbe0327e378ce037d5a3eecf6ab9", 0x1c}], 0x3, &(0x7f0000002380)=[@cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff}}}, @cred={{0x1c}}], 0x40, 0x4000000}}], 0x4, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x5, 0x79, 0x7, 0x20000004}, 0x48) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="1201000000000040341a020800000000000109022400010000000009040000020300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r6, 0x0, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "4ee6fa", 0x8, 0x0, 0x0, @dev, @mcast2, {[@dstopts={0x89}]}}}}}, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x6000, 0x0) faccessat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x2) syz_usb_control_io$hid(r6, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000180)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x0, "d32052f2"}]}}, 0x0}, 0x0) r7 = syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0) syz_usb_control_io(r6, 0x0, 0x0) ioctl$HIDIOCGFEATURE(r7, 0xc040480c, &(0x7f0000000b80)={0x0, "80e21d3f6c946c4b77ca1ec78558619c83df381ea2e6acaaedabfbe5f9695fd2d5e3b1577598bb5b0f3bc3bccd35091df07c0d5633c59fc830306b2e5454126f"}) getsockopt$llc_int(r5, 0x10c, 0x6, &(0x7f0000000140), &(0x7f00000001c0)=0x4) close(0x3) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r9, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@delchain={0x24, 0x5f, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0x5, 0x1}}}, 0x24}}, 0x0) r11 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000000400000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f00000002c0)='tlb_flush\x00', r11}, 0x10) syz_clone(0x1800, 0x0, 0x0, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001}) ppoll(&(0x7f0000000200)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x3) 3.52827714s ago: executing program 1 (id=164): openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0/file0\x00', 0x200, 0x13) openat(r0, &(0x7f0000000080)='./file0/file0\x00', 0x12d502, 0x152) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$FS_IOC_GETFSLABEL(r1, 0x800452d2, &(0x7f0000000100)) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ipvlan0\x00', 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r3, &(0x7f0000000580)=[{&(0x7f0000000640)=""/102396, 0x18ffc}], 0x1, 0x0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0x0, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='syzkaller\x00', 0x7, 0x1000, &(0x7f0000000240)=""/4096}, 0x80) syz_emit_ethernet(0x46, &(0x7f0000000740)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x3, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback, @loopback}, "1400000023000000"}}}}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000019640)={'ip_vti0\x00', &(0x7f0000000140)={'gre0\x00', r2, 0x1, 0x8, 0xff, 0x6, {{0x8, 0x4, 0x3, 0x1, 0x20, 0x67, 0x0, 0x1, 0x2f, 0x0, @rand_addr=0x64010100, @broadcast, {[@lsrr={0x83, 0xb, 0x8c, [@private=0xa010102, @private=0xa010100]}, @end]}}}}}) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map, r5}, 0x10) r6 = fsopen(&(0x7f0000000040)='devpts\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000100)=ANY=[@ANYBLOB="2c0000002600bdab"], 0x2c}}, 0x0) sendmsg$SMC_PNETID_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10) recvmmsg(r7, &(0x7f0000004340)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x51}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000580)=""/4096, 0x1000}], 0x1}}], 0x2, 0x0, 0x0) syz_emit_ethernet(0x376, &(0x7f0000000ac0)=ANY=[@ANYBLOB="0180c2000000bbbbbbbbbbbb86dd6003000003403afffe8000000000000000000000000000bbff020000000000000000000000000001860090780000100000ff000000000000000aa78ce54006598080a8030003004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af0502000100000500006d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd074bb558d29ad70e5edec3debed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978001d06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea0312681afef486491b7202167edb92f7c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5cf390dab23b500b0c0272479611e4e7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd577ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000000b17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a82689483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f0031907b8a3e10000a3e10300000009000000ffff00000000600000ff0bc0fe000000000000ff0000000000d9a02744000000000000000000000000113f14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e2eeb1d18065daa7628cf9ef083dfa9251a93e70e78fb611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc3e676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b00"/912], 0x0) 3.263261697s ago: executing program 4 (id=165): r0 = socket(0x200000000000011, 0x2, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r1, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000140)=ANY=[@ANYBLOB="1000000012140100000000000000d573659173af477c807c6317ae0000"], 0x10}}, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000040)={@default, @bcast, @null, 0x5, 0x8000, 0x7, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @null, @null, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) r2 = socket$inet(0x2, 0x2, 0x0) tee(r2, r2, 0x7, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x88002, 0x0) read$proc_mixer(r4, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x5, 0x8000}, 0x48) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000640)=ANY=[@ANYBLOB="9febb57a4f270000000000003400000034000000060000000400000000000007000000800000000000000001050000001000000000000000010000850000000000000000020000000000000100ea0000da00"], &(0x7f0000000340)=""/142, 0x52, 0x35b, 0x1}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.freeze\x00', 0x275a, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xe) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000180)={{0x1, 0x1, 0x18}, '\x00'}) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r6, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCGFLAGS1(r6, 0x40047452, &(0x7f0000000100)) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x8, 0x55, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x90) setsockopt$ALG_SET_AEAD_AUTHSIZE(r3, 0x117, 0x5, 0x0, 0xe8d500000000) socket$nl_crypto(0x10, 0x3, 0x15) socket$nl_route(0x10, 0x3, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=0x0) sched_setscheduler(r7, 0x1, &(0x7f0000000080)) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 3.178511725s ago: executing program 2 (id=166): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1}, 0x48) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1}, 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x17, 0x0, 0x57, 0x7ffc, 0x1001}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r2 = syz_clone(0x2001300, &(0x7f00000003c0)="ad2956220db6e5428c7c3abf644bcf6dce499bb183d9cd5f873eb73f050044dffc656f1fe511158814772fb574fd5451039014bb6ab069512d7f042c367c92abccdd02a5d7dc3b18664637099b36d0c73b307bb97350914f06f1c326383c218f4281d6d0a7c8b2bb8c8b3435511593b09b61f9b9e343bb413b04d34d6e", 0x7d, 0x0, 0x0, 0x0) syz_open_procfs(r2, &(0x7f00000001c0)='environ\x00') (async) syz_open_procfs(r2, &(0x7f00000001c0)='environ\x00') bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x90) r3 = socket$tipc(0x1e, 0x5, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x1a, 0x3ff, 0x100, 0x0, 0x0, r0, 0x80000000, '\x00', 0x0, r1, 0x5, 0x5, 0x5}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r4, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) bind$tipc(r3, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) (async) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) r6 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r6, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) close(r3) (async) close(r3) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000008c0)=ANY=[@ANYRESDEC=0x0, @ANYBLOB="0000000000000000b7010000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008080000b704000000000000850000005878c4c043748423281c35e9ffd003a53f9d48777f89e417d92539e4430717a9b4137835401448fb7663cfc094aa264ee8605958ef7ea73ea2ae94e345b515791de6638d21ccb668a2c8af339da8c7b2bb7ba3258d6585a125e69dda6b403766054b28a38368715fd41b77454ab358ad70a850ac380a8e70e00d8734e272301f7323645c29136d8705e97732e061626fb80489a4"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb}, 0x90) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000008c0)=ANY=[@ANYRESDEC=0x0, @ANYBLOB="0000000000000000b7010000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008080000b704000000000000850000005878c4c043748423281c35e9ffd003a53f9d48777f89e417d92539e4430717a9b4137835401448fb7663cfc094aa264ee8605958ef7ea73ea2ae94e345b515791de6638d21ccb668a2c8af339da8c7b2bb7ba3258d6585a125e69dda6b403766054b28a38368715fd41b77454ab358ad70a850ac380a8e70e00d8734e272301f7323645c29136d8705e97732e061626fb80489a4"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb}, 0x90) syz_usb_connect(0x0, 0x10b, &(0x7f0000000000)=ANY=[@ANYBLOB="05010900b24b6a10e6040300770100000001090224000b010000000904000302ccd4280009050b02000000040009058a02"], 0x0) (async) r7 = syz_usb_connect(0x0, 0x10b, &(0x7f0000000000)=ANY=[@ANYBLOB="05010900b24b6a10e6040300770100000001090224000b010000000904000302ccd4280009050b02000000040009058a02"], 0x0) syz_usb_control_io$hid(r7, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) (async) r8 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) r9 = fcntl$dupfd(r8, 0x0, r8) ioctl$USBDEVFS_SUBMITURB(r9, 0x8038550a, &(0x7f0000000140)=@urb_type_interrupt={0x1, {0xc}, 0x7, 0xa5, &(0x7f0000000200)="22f68c84829e18e31b2ad7794d", 0xd, 0x0, 0x4, 0x0, 0xffffffff, 0x8001, &(0x7f0000000340)="91713a101c5d906697e905ebada2cab2146a97e0509c88db9621ea9a0fcc2e6a81342a82ac6beac807f5949e2102c9f7259887a04381b65e0ed419abab40ad1a983348f4515a26569a"}) 3.16789634s ago: executing program 3 (id=167): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, 0x0, 0x0) 3.034059464s ago: executing program 4 (id=168): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xf}, 0x3}], 0x1c) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0) r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) write$dsp(r4, &(0x7f0000002080), 0x0) pselect6(0x40, &(0x7f00000007c0), &(0x7f0000000800)={0x7f}, 0x0, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = epoll_create1(0x0) r6 = socket$unix(0x1, 0x1, 0x0) close(r6) socket(0x1d, 0x2, 0x6) setsockopt$sock_int(r6, 0x1, 0x2e, &(0x7f0000000040)=0x80, 0x4) syz_io_uring_setup(0x1b3f, &(0x7f0000000300), &(0x7f0000000040), &(0x7f0000000240)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f0000000080)={0xe0028008, 0x100000}) 2.984867945s ago: executing program 3 (id=169): r0 = io_uring_setup(0x30d5, &(0x7f00000000c0)={0x0, 0x3709}) mkdir(&(0x7f0000000040)='./bus\x00', 0x0) mount$bpf(0x0, &(0x7f0000000400)='./bus\x00', 0x0, 0x0, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x618a02, 0x0) syz_open_procfs$userns(0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) r2 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x40, 0x0, 0x0) mq_timedreceive(r2, &(0x7f0000000000)=""/83, 0x9b0c4f391059f39b, 0x20000000, &(0x7f0000000100)={0x77359400}) capset(&(0x7f0000000080)={0x19980330}, &(0x7f00000000c0)) syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/ipc\x00') close_range(r0, 0xffffffffffffffff, 0x0) 2.933774656s ago: executing program 1 (id=170): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) write$P9_RGETLOCK(0xffffffffffffffff, 0x0, 0xe6da) openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0xfea7) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)}, 0x0) 1.469038415s ago: executing program 4 (id=171): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, &(0x7f0000000040)={'IDLETIMER\x00'}, &(0x7f0000000240)=0x1e) 1.34622496s ago: executing program 4 (id=172): io_uring_setup(0x30d5, &(0x7f00000000c0)={0x0, 0x3709}) mkdir(&(0x7f0000000040)='./bus\x00', 0x0) mount$bpf(0x0, &(0x7f0000000400)='./bus\x00', 0x0, 0x0, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) capset(&(0x7f0000000080)={0x19980330}, &(0x7f00000000c0)) mq_open(&(0x7f0000000480)='eth0\x00\xf1\x80{\xa8d\xba3\xcb\xae\x99\xe1\x14z\xd3\xe4\x80\xa2\xbc\xdd\xb8\xed\xe9\xa34s\xa6R(\x12\x91i\xeb\x1f\xd1\x8d\xb6\x9a|\xf2\xa6e\x02\x98\x88x\x8b\x85#v#\xf0/\x84\x7f_\x05\xcd9\xe1aRK\xd9\xc5\x99|\xcd\a\x17\xd1\xd2\a\xab\xd2\xd2b\xa9\xf7d%$\xc0\xa6vBK\x9f\x1c\x19s\xa5}|Q\xd5\xe6%!g\xad1M\xa0j\xa2x\a\x14T\xe6t\xa2v\xc3n\x93\\\xcc\x96\x00\xe4\x1f\x94\xac\xb5\xd6\xe5\xccm\x95\xa8R\x00r\x8fg\x9b\xc0\xc3\x15\xd0XB\xf1\xf2>~\x9dmQ\xae\xbe\xca\x1c\xdeQ\xc6\x1e\x12&\x9f\xbe\\?\x99\x18E\xe0\xd7\xf1^.S\xc4\x8f8{IY\vVsw_@P\x99\xd70\xad\xa4\xfd\x04\x7f>h\x8b\xd1q\xb9\x95\xef\xd0\'\xef\xb6\r\x9b\xd7\x1b\x0e\xa2\xcc\xc2\xe5\xce\xcb\xc3`b\xdc\xad\x9d\xf0.\b\xa5\xdfg8\x01\x92,\xb9\'+\x02Uc\xacI{R&\xb0\xd4\xe6\xecr\xfd\x94w', 0x42, 0x0, 0x0) 1.297970231s ago: executing program 3 (id=173): io_uring_setup(0xdac, &(0x7f0000000180)={0x0, 0x0, 0x2}) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x27}, 0x74) socket(0x840000000002, 0x3, 0xff) prlimit64(0x0, 0xb, &(0x7f0000000140), 0x0) getpid() socket$igmp6(0xa, 0x3, 0x2) poll(&(0x7f00000001c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet6(0xa, 0x3, 0x8000000003c) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f0000000000), 0xb2c, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x13, 0x0, 0x0) 1.147909996s ago: executing program 1 (id=174): socket(0x1e, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x5, 0x0) ioctl$VIDIOC_S_CTRL(0xffffffffffffffff, 0xc0405627, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000100)=0x401) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r1 = openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2) r3 = fcntl$dupfd(r2, 0x0, r2) write$binfmt_script(r3, &(0x7f0000000100), 0xfffffd9d) write$binfmt_script(r3, &(0x7f0000001b00), 0xd8f41574) writev(r3, &(0x7f0000000040)=[{&(0x7f0000001100)="fe", 0xca80}], 0x1) ioctl$PPPIOCGIDLE(r3, 0x8008743f, 0x0) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="10000000000000006d280b2075c8c6509078804d14d0ea86b92a9225bc5e", @ANYRES64=0x3], 0x10) r4 = socket$rds(0x15, 0x5, 0x0) bind$rds(r4, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) sendmsg$rds(r4, 0x0, 0x0) sendmsg$rds(r4, &(0x7f0000000680)={&(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x82) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x292000, 0x0) utimensat(r5, 0x0, 0x0, 0x0) syz_io_uring_setup(0x2ddd, 0x0, 0x0, 0x0) pipe2(0x0, 0x0) 322.190551ms ago: executing program 4 (id=175): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = socket$inet(0x2, 0x2000080001, 0x84) sendto$inet(r2, &(0x7f0000000140)="18", 0x1, 0x0, &(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) sendto$inet(r2, &(0x7f0000000100)='h', 0x1, 0x0, &(0x7f0000000240)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) r3 = socket$netlink(0x10, 0x3, 0x4) writev(r3, &(0x7f0000000280)=[{&(0x7f0000000340)="4800000014001d0d09074beafd0d8c560284606080ffe0064e204e20590000a2bc5603ca00000f7f8907000020008d42188fedc22e47ad8f75edc6d100000101ff0000000309ff5b", 0x48}], 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) r4 = openat$smackfs_access(0xffffffffffffff9c, &(0x7f0000000100)='/sys/fs/smackfs/access2\x00', 0x2, 0x0) write$smackfs_access(r4, 0x0, 0x0) pwrite64(r4, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x0, 0x0) r5 = socket$unix(0x1, 0x2, 0x0) bind$unix(r5, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r6 = socket$unix(0x1, 0x2, 0x0) connect$unix(r6, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) writev(r6, &(0x7f0000000040)=[{&(0x7f0000000000)="d2", 0x1}], 0x1) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) r7 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e"], 0x0) syz_usb_control_io(r7, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r8 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r8, 0xc0145b0e, &(0x7f0000000040)) setsockopt$SO_TIMESTAMP(r5, 0x1, 0x23, &(0x7f0000000080)=0x6, 0x26) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x25, &(0x7f00000000c0)=0x41d9, 0x4) recvmmsg(r5, &(0x7f0000000300), 0x40000000000049e, 0x1000000000fe, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) 314.438087ms ago: executing program 2 (id=176): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x2010, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000040)={[{@userxattr}, {@nfs_export_on}, {@redirect_dir_nofollow}]}) 192.618974ms ago: executing program 3 (id=177): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0) r4 = syz_usb_connect$hid(0x3, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x30, 0x16c0, 0x75e1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x0, 0x9, [{{0x9, 0x4, 0x0, 0x9, 0x1, 0x3, 0x1, 0x3, 0x2, {0x9, 0x21, 0x1, 0x4, 0x1, {0x22, 0xde}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x3b, 0x2, 0x3b}}, [{{0x9, 0x5, 0x2, 0x3, 0x400, 0x1, 0x6, 0xd6}}]}}}]}}]}}, &(0x7f00000004c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x310, 0x67, 0x9, 0xfa, 0xff, 0x9}, 0xf, &(0x7f0000000240)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x5, 0xd, 0x2, 0x7}]}, 0x6, [{0xd3, &(0x7f0000000280)=@string={0xd3, 0x3, "0ec52c87e6430bf23c8a394b139ec9d92c5e55f49c1f47ba5b0dc32c3abf23a592cb87d1db0170ed59a064c78214f1cf910323b02da67aeb4451c042de0460d43b6d99cc74e9cd625372be91977e5be01ef08fd4d6f9d896a0b5451d66594cbc4423677eb2329302e0df2a314d8d10f55f951e95b85bf0eab10b9bc94dd5142195a8c7cfce176b9e7c9d0aa93945f7eb24e180dfc397750b57bd5eafdf3918a14359086b1cec8eadba82e590ccb4f93e218bd0c9e2ba3069d2b8cb3d5f1dcd001ba07be7f1fe976126f59fdd2708f06fa9"}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x4c09}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x3009}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0xfcff}}, {0x3d, &(0x7f0000000440)=@string={0x3d, 0x3, "e93d3525e31376f27b6fa5b65fb1f4701584d0b1fc1d75617fee2ace446319f61a918db15c470941bebaa92e52f97fcb1e05db316e9d4e55c36c62"}}, {0xd, &(0x7f0000000480)=@string={0xd, 0x3, "e0cdac50457258a485a275"}}]}) syz_usb_disconnect(r4) fcntl$setstatus(r3, 0x4, 0x42000) r5 = open$dir(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fcntl$setstatus(r5, 0x4, 0x42400) open$dir(&(0x7f0000000100)='./file0\x00', 0x6400, 0x100) r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDGKBMODE(r7, 0x4b4a, &(0x7f0000000080)) ioctl$EVIOCGKEY(r6, 0x80404518, 0x0) getpid() syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) 0s ago: executing program 2 (id=178): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) open(&(0x7f00000000c0)='.\x00', 0x18, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.34' (ED25519) to the list of known hosts. [ 74.083165][ T5211] cgroup: Unknown subsys name 'net' [ 74.283290][ T5211] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 76.026313][ T5211] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 78.690634][ T5230] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 78.699829][ T5230] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 78.709079][ T5230] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 78.717220][ T5230] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 78.725616][ T5230] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 78.734380][ T5230] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 78.742486][ T5230] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 78.782417][ T5232] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 78.792567][ T5228] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 78.796709][ T5234] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 78.801362][ T5228] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 78.815471][ T5228] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 78.823813][ T5228] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 78.834997][ T5228] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 78.843149][ T5234] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 78.852326][ T5234] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 78.859610][ T5228] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 78.866865][ T5237] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 78.875349][ T5234] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 78.883721][ T5237] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 78.893436][ T5237] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 78.901467][ T5237] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 78.908893][ T5228] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 78.909802][ T5237] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 78.926075][ T5242] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 78.926293][ T5241] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 78.933986][ T5242] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 78.941125][ T5237] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 78.956610][ T5242] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 78.976409][ T5237] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.357780][ T5222] chnl_net:caif_netlink_parms(): no params data found [ 79.548764][ T5222] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.557643][ T5222] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.565171][ T5222] bridge_slave_0: entered allmulticast mode [ 79.573069][ T5222] bridge_slave_0: entered promiscuous mode [ 79.612551][ T5222] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.619908][ T5222] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.628218][ T5222] bridge_slave_1: entered allmulticast mode [ 79.637115][ T5222] bridge_slave_1: entered promiscuous mode [ 79.706330][ T5222] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 79.762380][ T5222] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 79.797947][ T5235] chnl_net:caif_netlink_parms(): no params data found [ 79.842328][ T5222] team0: Port device team_slave_0 added [ 79.865311][ T5223] chnl_net:caif_netlink_parms(): no params data found [ 79.879720][ T5222] team0: Port device team_slave_1 added [ 79.908353][ T5233] chnl_net:caif_netlink_parms(): no params data found [ 80.014453][ T5222] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 80.021623][ T5222] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.051140][ T5222] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 80.071267][ T5222] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 80.078469][ T5222] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 80.104759][ T5222] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 80.131897][ T5221] chnl_net:caif_netlink_parms(): no params data found [ 80.236786][ T5235] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.244845][ T5235] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.252194][ T5235] bridge_slave_0: entered allmulticast mode [ 80.259309][ T5235] bridge_slave_0: entered promiscuous mode [ 80.268359][ T5235] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.275648][ T5235] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.282952][ T5235] bridge_slave_1: entered allmulticast mode [ 80.290241][ T5235] bridge_slave_1: entered promiscuous mode [ 80.442452][ T5222] hsr_slave_0: entered promiscuous mode [ 80.450183][ T5222] hsr_slave_1: entered promiscuous mode [ 80.470828][ T5233] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.478695][ T5233] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.486241][ T5233] bridge_slave_0: entered allmulticast mode [ 80.493485][ T5233] bridge_slave_0: entered promiscuous mode [ 80.500959][ T5223] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.508585][ T5223] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.516529][ T5223] bridge_slave_0: entered allmulticast mode [ 80.524865][ T5223] bridge_slave_0: entered promiscuous mode [ 80.534967][ T5235] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.548437][ T5235] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.571611][ T5221] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.579018][ T5221] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.586479][ T5221] bridge_slave_0: entered allmulticast mode [ 80.593811][ T5221] bridge_slave_0: entered promiscuous mode [ 80.601086][ T5233] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.608610][ T5233] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.615866][ T5233] bridge_slave_1: entered allmulticast mode [ 80.623467][ T5233] bridge_slave_1: entered promiscuous mode [ 80.630855][ T5223] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.638448][ T5223] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.645852][ T5223] bridge_slave_1: entered allmulticast mode [ 80.653714][ T5223] bridge_slave_1: entered promiscuous mode [ 80.685546][ T5221] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.693015][ T5221] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.700221][ T5221] bridge_slave_1: entered allmulticast mode [ 80.708192][ T5221] bridge_slave_1: entered promiscuous mode [ 80.758540][ T5223] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.774294][ T5235] team0: Port device team_slave_0 added [ 80.793211][ T54] Bluetooth: hci1: command tx timeout [ 80.831011][ T5223] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.855998][ T5235] team0: Port device team_slave_1 added [ 80.879034][ T5221] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.894683][ T5221] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 80.908714][ T5233] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.923424][ T5233] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.019728][ T5223] team0: Port device team_slave_0 added [ 81.026738][ T5235] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.032757][ T4607] Bluetooth: hci0: command tx timeout [ 81.034118][ T5235] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.039398][ T4607] Bluetooth: hci2: command tx timeout [ 81.065500][ T54] Bluetooth: hci4: command tx timeout [ 81.065786][ T54] Bluetooth: hci3: command tx timeout [ 81.072342][ T5235] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.110177][ T5221] team0: Port device team_slave_0 added [ 81.138818][ T5223] team0: Port device team_slave_1 added [ 81.158831][ T5235] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.166531][ T5235] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.193132][ T5235] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.212403][ T5221] team0: Port device team_slave_1 added [ 81.222834][ T5233] team0: Port device team_slave_0 added [ 81.262941][ T5223] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.270557][ T5223] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.298531][ T5223] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.314238][ T5233] team0: Port device team_slave_1 added [ 81.336608][ T5221] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.343754][ T5221] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.369913][ T5221] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.400537][ T5223] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.407989][ T5223] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.434484][ T5223] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.471538][ T5221] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.478692][ T5221] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.505629][ T5221] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.571226][ T5233] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.578424][ T5233] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.605061][ T5233] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.650901][ T5233] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.659814][ T5233] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 81.686498][ T5233] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.703885][ T5235] hsr_slave_0: entered promiscuous mode [ 81.713159][ T5235] hsr_slave_1: entered promiscuous mode [ 81.719453][ T5235] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.727551][ T5235] Cannot create hsr debugfs directory [ 81.784701][ T5223] hsr_slave_0: entered promiscuous mode [ 81.791209][ T5223] hsr_slave_1: entered promiscuous mode [ 81.798407][ T5223] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.806227][ T5223] Cannot create hsr debugfs directory [ 81.892390][ T5221] hsr_slave_0: entered promiscuous mode [ 81.898907][ T5221] hsr_slave_1: entered promiscuous mode [ 81.908895][ T5221] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.916618][ T5221] Cannot create hsr debugfs directory [ 81.956710][ T5233] hsr_slave_0: entered promiscuous mode [ 81.963998][ T5233] hsr_slave_1: entered promiscuous mode [ 81.970358][ T5233] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 81.978161][ T5233] Cannot create hsr debugfs directory [ 82.148114][ T5222] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 82.211874][ T5222] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 82.274613][ T5222] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 82.335944][ T5222] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 82.502013][ T5235] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 82.513299][ T5235] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 82.536460][ T5235] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 82.547898][ T5235] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 82.635648][ T5223] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 82.650646][ T5223] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 82.674064][ T5223] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 82.686999][ T5223] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 82.833966][ T5233] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.844686][ T5233] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.872472][ T4607] Bluetooth: hci1: command tx timeout [ 82.882609][ T5233] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.895747][ T5233] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 82.935355][ T5222] 8021q: adding VLAN 0 to HW filter on device bond0 [ 82.970942][ T5221] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 83.003521][ T5221] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 83.015539][ T5221] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 83.029217][ T5221] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 83.051493][ T5222] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.111443][ T3627] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.118896][ T3627] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.129974][ T4607] Bluetooth: hci3: command tx timeout [ 83.129994][ T5237] Bluetooth: hci4: command tx timeout [ 83.130039][ T5237] Bluetooth: hci0: command tx timeout [ 83.136184][ T4607] Bluetooth: hci2: command tx timeout [ 83.158940][ T3627] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.166139][ T3627] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.191555][ T5235] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.309339][ T5235] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.369307][ T5223] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.397540][ T2562] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.404741][ T2562] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.420103][ T2562] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.427334][ T2562] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.516088][ T5223] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.570234][ T3627] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.577411][ T3627] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.608818][ T2562] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.616039][ T2562] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.675236][ T5233] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.738458][ T5233] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.829502][ T3627] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.836744][ T3627] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.862709][ T5222] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.886442][ T5221] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.927692][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.934907][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.955258][ T5221] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.066859][ T2562] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.074120][ T2562] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.125354][ T2562] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.132596][ T2562] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.269317][ T5235] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.297249][ T5222] veth0_vlan: entered promiscuous mode [ 84.364224][ T5222] veth1_vlan: entered promiscuous mode [ 84.424803][ T5223] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.587257][ T5222] veth0_macvtap: entered promiscuous mode [ 84.694948][ T5222] veth1_macvtap: entered promiscuous mode [ 84.727968][ T5223] veth0_vlan: entered promiscuous mode [ 84.778469][ T5233] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.790430][ T5223] veth1_vlan: entered promiscuous mode [ 84.816962][ T5222] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.849779][ T5221] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.874742][ T5222] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.951183][ T5222] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.955915][ T4607] Bluetooth: hci1: command tx timeout [ 84.962476][ T5222] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.975660][ T5222] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.984802][ T5222] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.066613][ T5223] veth0_macvtap: entered promiscuous mode [ 85.137011][ T5223] veth1_macvtap: entered promiscuous mode [ 85.147968][ T5221] veth0_vlan: entered promiscuous mode [ 85.190273][ T5221] veth1_vlan: entered promiscuous mode [ 85.196402][ T4607] Bluetooth: hci2: command tx timeout [ 85.202528][ T4607] Bluetooth: hci0: command tx timeout [ 85.202848][ T5237] Bluetooth: hci3: command tx timeout [ 85.207951][ T4607] Bluetooth: hci4: command tx timeout [ 85.226947][ T3627] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.236784][ T3627] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.305839][ T5233] veth0_vlan: entered promiscuous mode [ 85.316159][ T5223] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.327456][ T5223] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.341201][ T5223] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.360171][ T5223] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.370700][ T5223] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.383297][ T5223] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.396350][ T5223] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.406575][ T5223] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.415786][ T5223] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.426488][ T5223] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.453456][ T2574] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.457424][ T5233] veth1_vlan: entered promiscuous mode [ 85.461327][ T2574] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.487787][ T5235] veth0_vlan: entered promiscuous mode [ 85.519229][ T5235] veth1_vlan: entered promiscuous mode [ 85.616161][ T5233] veth0_macvtap: entered promiscuous mode [ 85.638103][ T5233] veth1_macvtap: entered promiscuous mode [ 85.653107][ T5221] veth0_macvtap: entered promiscuous mode [ 85.759582][ T5233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.779393][ T5233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.790655][ T5233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.808198][ T5233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.820465][ T5307] FAULT_INJECTION: forcing a failure. [ 85.820465][ T5307] name failslab, interval 1, probability 0, space 0, times 1 [ 85.822771][ T5233] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.833343][ T5307] CPU: 0 UID: 0 PID: 5307 Comm: syz.2.3 Not tainted 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0 [ 85.841472][ T5221] veth1_macvtap: entered promiscuous mode [ 85.850909][ T5307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 85.850936][ T5307] Call Trace: [ 85.850949][ T5307] [ 85.850961][ T5307] dump_stack_lvl+0x241/0x360 [ 85.851003][ T5307] ? __pfx_dump_stack_lvl+0x10/0x10 [ 85.851027][ T5307] ? __pfx__printk+0x10/0x10 [ 85.887606][ T5307] should_fail_ex+0x3b0/0x4e0 [ 85.892332][ T5307] ? dst_alloc+0x12b/0x190 [ 85.896785][ T5307] should_failslab+0xac/0x100 [ 85.901483][ T5307] ? dst_alloc+0x12b/0x190 [ 85.905909][ T5307] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 85.911301][ T5307] dst_alloc+0x12b/0x190 [ 85.915559][ T5307] ip_route_input_rcu+0x24be/0x3910 [ 85.920787][ T5307] ? __pfx_ip_route_input_rcu+0x10/0x10 [ 85.926356][ T5307] ? __pfx_lock_acquire+0x10/0x10 [ 85.931392][ T5307] ? nf_conntrack_in+0x15e6/0x1880 [ 85.936532][ T5307] ? ipt_do_table+0x157a/0x1860 [ 85.941432][ T5307] ip_route_input_noref+0x170/0x260 [ 85.946670][ T5307] ? ip_route_input_noref+0xb1/0x260 [ 85.951980][ T5307] ? __pfx_ip_route_input_noref+0x10/0x10 [ 85.957725][ T5307] ? tcp_v4_early_demux+0x445/0x930 [ 85.962934][ T5307] ? tcp_v4_early_demux+0x56c/0x930 [ 85.968168][ T5307] ip_rcv_finish_core+0x5ab/0x1b40 [ 85.973307][ T5307] ip_rcv_finish+0x14a/0x560 [ 85.977905][ T5307] ? NF_HOOK+0x392/0x450 [ 85.982158][ T5307] ? __pfx_ip_rcv_finish+0x10/0x10 [ 85.987277][ T5307] NF_HOOK+0x3a4/0x450 [ 85.991357][ T5307] ? NF_HOOK+0x9a/0x450 [ 85.995523][ T5307] ? __pfx_NF_HOOK+0x10/0x10 [ 86.000126][ T5307] ? ip_rcv_core+0x801/0xd10 [ 86.004725][ T5307] ? __pfx_ip_rcv_finish+0x10/0x10 [ 86.009853][ T5307] ? __pfx_ip_rcv+0x10/0x10 [ 86.014387][ T5307] __netif_receive_skb+0x2bf/0x650 [ 86.019557][ T5307] ? __pfx_lock_acquire+0x10/0x10 [ 86.024612][ T5307] ? seqcount_lockdep_reader_access+0x1d7/0x220 [ 86.030881][ T5307] ? __pfx___netif_receive_skb+0x10/0x10 [ 86.036530][ T5307] ? __kasan_slab_alloc+0x66/0x80 [ 86.041572][ T5307] ? read_tsc+0x9/0x20 [ 86.045652][ T5307] ? timekeeping_get_ns+0x2c0/0x420 [ 86.050869][ T5307] ? netif_receive_skb+0x131/0x890 [ 86.055998][ T5307] ? netif_receive_skb+0x131/0x890 [ 86.061154][ T5307] netif_receive_skb+0x1e8/0x890 [ 86.066216][ T5307] ? tun_rx_batched+0x160/0x8f0 [ 86.071092][ T5307] ? __pfx_netif_receive_skb+0x10/0x10 [ 86.076581][ T5307] ? tun_rx_batched+0x160/0x8f0 [ 86.081454][ T5307] tun_rx_batched+0x1b7/0x8f0 [ 86.086144][ T5307] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 86.092501][ T5307] ? __pfx_lock_acquire+0x10/0x10 [ 86.097550][ T5307] ? __pfx_tun_rx_batched+0x10/0x10 [ 86.102783][ T5307] tun_get_user+0x2f84/0x4720 [ 86.107473][ T5307] ? tun_get_user+0x2a78/0x4720 [ 86.112346][ T5307] ? __lock_acquire+0x137a/0x2040 [ 86.117389][ T5307] ? __pfx_tun_get_user+0x10/0x10 [ 86.122440][ T5307] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 86.127908][ T5307] ? tun_get+0x1e/0x2f0 [ 86.132080][ T5307] ? __pfx_lock_release+0x10/0x10 [ 86.137131][ T5307] ? tun_get+0x1e/0x2f0 [ 86.141293][ T5307] ? tun_get+0x27d/0x2f0 [ 86.145553][ T5307] tun_chr_write_iter+0x113/0x1f0 [ 86.150601][ T5307] vfs_write+0xa72/0xc90 [ 86.154855][ T5307] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 86.160413][ T5307] ? __pfx_vfs_write+0x10/0x10 [ 86.165204][ T5307] ksys_write+0x1a0/0x2c0 [ 86.169547][ T5307] ? __pfx_ksys_write+0x10/0x10 [ 86.174407][ T5307] ? do_syscall_64+0x100/0x230 [ 86.179181][ T5307] ? do_syscall_64+0xb6/0x230 [ 86.183864][ T5307] do_syscall_64+0xf3/0x230 [ 86.188377][ T5307] ? clear_bhb_loop+0x35/0x90 [ 86.193068][ T5307] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 86.198987][ T5307] RIP: 0033:0x7f36c757849f [ 86.203415][ T5307] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8d 02 00 48 [ 86.223047][ T5307] RSP: 002b:00007f36c6fff000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 86.231482][ T5307] RAX: ffffffffffffffda RBX: 00007f36c7715f80 RCX: 00007f36c757849f [ 86.239481][ T5307] RDX: 0000000000000046 RSI: 00000000200000c0 RDI: 00000000000000c8 [ 86.247574][ T5307] RBP: 00007f36c6fff090 R08: 0000000000000000 R09: 0000000000000000 [ 86.255649][ T5307] R10: 0000000000000046 R11: 0000000000000293 R12: 0000000000000001 [ 86.263636][ T5307] R13: 0000000000000000 R14: 00007f36c7715f80 R15: 00007ffdd2cfc858 [ 86.271655][ T5307] [ 86.291769][ T2574] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.294998][ T5233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.299712][ T2574] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.310833][ T5233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.329206][ T5233] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.351093][ T5233] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.364485][ T5233] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.377387][ T5235] veth0_macvtap: entered promiscuous mode [ 86.440248][ T5235] veth1_macvtap: entered promiscuous mode [ 86.465822][ T5233] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.479964][ T5233] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.492115][ T5233] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.500888][ T5233] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.537408][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.573319][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.629527][ T5311] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 86.649327][ T5221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.662410][ T5221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.667512][ T5311] netlink: 56 bytes leftover after parsing attributes in process `syz.2.7'. [ 86.683330][ T5221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.694184][ T5221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.704584][ T5221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.717171][ T5221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.741156][ T5221] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.767923][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.778742][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.788901][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.800468][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.824118][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.849532][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.869294][ T5313] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7'. [ 86.881531][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.892482][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.908685][ T5313] netlink: 428 bytes leftover after parsing attributes in process `syz.2.7'. [ 86.919667][ T5235] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.928514][ T5313] netlink: 24 bytes leftover after parsing attributes in process `syz.2.7'. [ 86.944501][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.957895][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.968490][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.985890][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.997069][ T5235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.013560][ T5235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.029475][ T5235] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.037534][ T4607] Bluetooth: hci1: command tx timeout [ 87.159359][ T5221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.185266][ T5221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.220581][ T5221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.248865][ T5221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.273126][ T5221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.284801][ T4607] Bluetooth: hci4: command tx timeout [ 87.284857][ T4607] Bluetooth: hci3: command tx timeout [ 87.284895][ T4607] Bluetooth: hci0: command tx timeout [ 87.284934][ T4607] Bluetooth: hci2: command tx timeout [ 87.302870][ T5221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.352354][ T5221] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.364073][ T5221] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.380567][ T5221] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.399228][ T5221] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.408958][ T5221] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.417873][ T5221] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.426912][ T5221] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.448382][ T5235] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.466181][ T5235] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.476354][ T5235] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.491230][ T5235] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.635896][ T5318] FAULT_INJECTION: forcing a failure. [ 87.635896][ T5318] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 87.707394][ T5318] CPU: 1 UID: 0 PID: 5318 Comm: syz.2.8 Not tainted 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0 [ 87.717899][ T5318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 87.727965][ T5318] Call Trace: [ 87.727979][ T5318] [ 87.727989][ T5318] dump_stack_lvl+0x241/0x360 [ 87.728022][ T5318] ? __pfx_dump_stack_lvl+0x10/0x10 [ 87.728045][ T5318] ? __pfx__printk+0x10/0x10 [ 87.728080][ T5318] ? __pfx_lock_release+0x10/0x10 [ 87.728113][ T5318] ? __up_read+0x2c2/0x6b0 [ 87.728139][ T5318] should_fail_ex+0x3b0/0x4e0 [ 87.728171][ T5318] _copy_to_user+0x2f/0xb0 [ 87.728205][ T5318] do_pagemap_cmd+0x129e/0x1330 [ 87.728264][ T5318] ? __pfx_do_pagemap_cmd+0x10/0x10 [ 87.728330][ T5318] ? bpf_lsm_file_ioctl+0x9/0x10 [ 87.728363][ T5318] ? security_file_ioctl+0x87/0xb0 [ 87.728393][ T5318] ? __pfx_do_pagemap_cmd+0x10/0x10 [ 87.728427][ T5318] __se_sys_ioctl+0xfc/0x170 [ 87.728466][ T5318] do_syscall_64+0xf3/0x230 [ 87.728489][ T5318] ? clear_bhb_loop+0x35/0x90 [ 87.728519][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.728544][ T5318] RIP: 0033:0x7f36c75799b9 [ 87.728565][ T5318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.728584][ T5318] RSP: 002b:00007f36c6fff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 87.728610][ T5318] RAX: ffffffffffffffda RBX: 00007f36c7715f80 RCX: 00007f36c75799b9 [ 87.728627][ T5318] RDX: 00000000200004c0 RSI: 00000000c0606610 RDI: 0000000000000005 [ 87.728643][ T5318] RBP: 00007f36c6fff090 R08: 0000000000000000 R09: 0000000000000000 [ 87.728658][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 87.728672][ T5318] R13: 0000000000000000 R14: 00007f36c7715f80 R15: 00007ffdd2cfc858 [ 87.728706][ T5318] [ 88.130956][ T1837] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.157024][ T1837] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.302332][ T1837] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.337119][ T1837] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.461818][ T1837] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.494898][ T1837] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.688225][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.721085][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.763954][ T2574] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.806858][ T2574] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.950728][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.982899][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.578193][ T5342] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 89.768531][ T29] audit: type=1326 audit(1723763174.463:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5336 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5133799b9 code=0x7ffc0000 [ 90.046665][ T5276] IPVS: starting estimator thread 0... [ 90.103056][ T29] audit: type=1326 audit(1723763174.463:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5336 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5133799b9 code=0x7ffc0000 [ 90.130955][ T29] audit: type=1326 audit(1723763174.473:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5336 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=108 compat=0 ip=0x7fe5133799b9 code=0x7ffc0000 [ 90.184310][ T29] audit: type=1326 audit(1723763174.473:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5336 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5133799b9 code=0x7ffc0000 [ 90.383451][ T29] audit: type=1326 audit(1723763174.473:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5336 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe5133799b9 code=0x7ffc0000 [ 90.407489][ T5346] IPVS: using max 24 ests per chain, 57600 per kthread [ 90.441355][ T29] audit: type=1326 audit(1723763174.483:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5336 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe5133799b9 code=0x7ffc0000 [ 91.224363][ T8] IPVS: starting estimator thread 0... [ 91.231758][ T29] audit: type=1326 audit(1723763175.613:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5339 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dc3b799b9 code=0x7ffc0000 [ 91.334782][ T5361] IPVS: using max 16 ests per chain, 38400 per kthread [ 91.479758][ T29] audit: type=1326 audit(1723763175.613:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5339 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dc3b799b9 code=0x7ffc0000 [ 91.501364][ T29] audit: type=1326 audit(1723763175.623:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5339 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=108 compat=0 ip=0x7f8dc3b799b9 code=0x7ffc0000 [ 91.623885][ T29] audit: type=1326 audit(1723763175.623:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5339 comm="syz.1.2" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8dc3b799b9 code=0x7ffc0000 [ 92.272268][ T5371] IPVS: set_ctl: invalid protocol: 2 255.255.255.255:20000 [ 92.426813][ T25] cfg80211: failed to load regulatory.db [ 92.525672][ T5369] vivid-000: ================= START STATUS ================= [ 92.542367][ T5369] vivid-000: Radio HW Seek Mode: Bounded [ 92.542869][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 92.554043][ T5369] vivid-000: Radio Programmable HW Seek: false [ 92.600089][ T5369] vivid-000: RDS Rx I/O Mode: Block I/O [ 92.611732][ T5369] vivid-000: Generate RBDS Instead of RDS: false [ 92.622569][ T5369] vivid-000: RDS Reception: true [ 92.809584][ T5369] vivid-000: RDS Program Type: 0 inactive [ 92.819536][ T5369] vivid-000: RDS PS Name: inactive [ 92.855355][ T5384] FAULT_INJECTION: forcing a failure. [ 92.855355][ T5384] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 92.873461][ T5369] vivid-000: RDS Radio Text: inactive [ 92.929452][ T5369] vivid-000: RDS Traffic Announcement: false inactive [ 92.941965][ T5384] CPU: 1 UID: 0 PID: 5384 Comm: syz.3.18 Not tainted 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0 [ 92.952647][ T5384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 92.962771][ T5384] Call Trace: [ 92.966061][ T5384] [ 92.968997][ T5384] dump_stack_lvl+0x241/0x360 [ 92.973716][ T5384] ? __pfx_dump_stack_lvl+0x10/0x10 [ 92.978928][ T5384] ? __pfx__printk+0x10/0x10 [ 92.983545][ T5384] ? __pfx_lock_release+0x10/0x10 [ 92.988594][ T5384] should_fail_ex+0x3b0/0x4e0 [ 92.993315][ T5384] _copy_from_user+0x2f/0xe0 [ 92.997925][ T5384] copy_msghdr_from_user+0xae/0x680 [ 93.003156][ T5384] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 93.009019][ T5384] __sys_sendmsg+0x23d/0x3a0 [ 93.013651][ T5384] ? __pfx___sys_sendmsg+0x10/0x10 [ 93.018808][ T5384] ? vfs_write+0x7c4/0xc90 [ 93.023291][ T5384] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 93.029672][ T5384] ? do_syscall_64+0x100/0x230 [ 93.034569][ T5384] ? do_syscall_64+0xb6/0x230 [ 93.039271][ T5384] do_syscall_64+0xf3/0x230 [ 93.043909][ T5384] ? clear_bhb_loop+0x35/0x90 [ 93.048611][ T5384] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.054527][ T5384] RIP: 0033:0x7f35d65799b9 [ 93.058953][ T5384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.078573][ T5384] RSP: 002b:00007f35d733b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 93.087004][ T5384] RAX: ffffffffffffffda RBX: 00007f35d6715f80 RCX: 00007f35d65799b9 [ 93.095014][ T5384] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 [ 93.103011][ T5384] RBP: 00007f35d733b090 R08: 0000000000000000 R09: 0000000000000000 [ 93.110994][ T5384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 93.118977][ T5384] R13: 0000000000000000 R14: 00007f35d6715f80 R15: 00007ffc22c977b8 [ 93.127001][ T5384] [ 93.150615][ T5369] vivid-000: RDS Traffic Program: false inactive [ 93.159765][ T5369] vivid-000: RDS Music: false inactive [ 93.176769][ T5369] vivid-000: ================== END STATUS ================== [ 93.441912][ T5393] netlink: 8 bytes leftover after parsing attributes in process `syz.3.21'. [ 93.789470][ T5393] netlink: 8 bytes leftover after parsing attributes in process `syz.3.21'. [ 93.842445][ T5393] netlink: 8 bytes leftover after parsing attributes in process `syz.3.21'. [ 94.978114][ T5412] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 95.089488][ T5414] netlink: 28 bytes leftover after parsing attributes in process `syz.1.24'. [ 95.317327][ T5419] netlink: 44 bytes leftover after parsing attributes in process `syz.3.26'. [ 95.362041][ T5413] Zero length message leads to an empty skb [ 95.622236][ T5276] IPVS: starting estimator thread 0... [ 96.053749][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 96.062988][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 96.119569][ T29] kauditd_printk_skb: 2 callbacks suppressed [ 96.119589][ T29] audit: type=1326 audit(1723763180.523:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5415 comm="syz.2.27" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c75799b9 code=0x7ffc0000 [ 96.232278][ T29] audit: type=1326 audit(1723763180.523:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5415 comm="syz.2.27" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c75799b9 code=0x7ffc0000 [ 96.255562][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.265501][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 96.275257][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.283841][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.292548][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.302703][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.317790][ T5425] IPVS: using max 24 ests per chain, 57600 per kthread [ 96.565791][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 97.121463][ T29] audit: type=1326 audit(1723763180.523:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5415 comm="syz.2.27" exe="/root/syz-executor" sig=0 arch=c000003e syscall=108 compat=0 ip=0x7f36c75799b9 code=0x7ffc0000 [ 97.235335][ T5408] ALSA: mixer_oss: invalid OSS volume '' [ 97.314664][ T29] audit: type=1326 audit(1723763180.523:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5415 comm="syz.2.27" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c75799b9 code=0x7ffc0000 [ 97.443073][ T29] audit: type=1326 audit(1723763180.523:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5415 comm="syz.2.27" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f36c75799b9 code=0x7ffc0000 [ 97.479885][ T29] audit: type=1326 audit(1723763180.523:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5415 comm="syz.2.27" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f36c75799b9 code=0x7ffc0000 [ 99.000618][ T5442] sched: RT throttling activated [ 99.007833][ T5237] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 99.021187][ T5237] Bluetooth: hci1: Injecting HCI hardware error event [ 99.036898][ T4607] Bluetooth: hci1: hardware error 0x00 [ 99.543769][ T58] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 99.686442][ T5454] binder: 5453:5454 ioctl c0189377 20000040 returned -22 [ 99.726426][ T5454] binder: 5453:5454 ioctl c018620c 20000000 returned -22 [ 99.776448][ T58] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.818042][ T58] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.844740][ T58] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 99.872250][ T5460] netlink: 209844 bytes leftover after parsing attributes in process `syz.3.34'. [ 99.890936][ T58] usb 2-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 99.908888][ T58] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.960872][ T58] usb 2-1: config 0 descriptor?? [ 101.721873][ T4607] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 103.210977][ T58] usbhid 2-1:0.0: can't add hid device: -71 [ 103.228281][ T5472] netlink: 28 bytes leftover after parsing attributes in process `syz.2.39'. [ 103.247533][ T58] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 103.279950][ T58] usb 2-1: USB disconnect, device number 2 [ 103.460683][ T5305] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 104.511993][ T5305] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 104.525491][ T5305] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.536173][ T5305] usb 1-1: New USB device found, idVendor=056a, idProduct=00d0, bcdDevice= 0.00 [ 104.545403][ T5305] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.564496][ T5305] usb 1-1: config 0 descriptor?? [ 104.788595][ T58] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 106.354568][ T5497] ubi1: attaching mtd0 [ 106.362116][ T5497] netlink: 12 bytes leftover after parsing attributes in process `syz.1.46'. [ 106.696278][ T5505] syz.3.48 uses obsolete (PF_INET,SOCK_PACKET) [ 106.735795][ T58] usb 5-1: device descriptor read/all, error -71 [ 106.781461][ T5305] usbhid 1-1:0.0: can't add hid device: -71 [ 106.802721][ T5305] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 106.830813][ T5305] usb 1-1: USB disconnect, device number 2 [ 106.918428][ T5510] FAULT_INJECTION: forcing a failure. [ 106.918428][ T5510] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 106.967898][ T5510] CPU: 1 UID: 0 PID: 5510 Comm: syz.1.50 Not tainted 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0 [ 106.978476][ T5510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 106.988655][ T5510] Call Trace: [ 106.991966][ T5510] [ 106.995114][ T5510] dump_stack_lvl+0x241/0x360 [ 106.999856][ T5510] ? __pfx_dump_stack_lvl+0x10/0x10 [ 107.005102][ T5510] ? __pfx__printk+0x10/0x10 [ 107.009731][ T5510] ? snprintf+0xda/0x120 [ 107.014008][ T5510] should_fail_ex+0x3b0/0x4e0 [ 107.018752][ T5510] _copy_to_user+0x2f/0xb0 [ 107.023200][ T5510] simple_read_from_buffer+0xca/0x150 [ 107.028685][ T5510] proc_fail_nth_read+0x1e9/0x250 [ 107.033750][ T5510] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 107.039355][ T5510] ? rw_verify_area+0x520/0x6b0 [ 107.044346][ T5510] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 107.049929][ T5510] vfs_read+0x204/0xbc0 [ 107.054114][ T5510] ? __pfx_lock_release+0x10/0x10 [ 107.059192][ T5510] ? __pfx_vfs_read+0x10/0x10 [ 107.063951][ T5510] ? __fget_files+0x29/0x470 [ 107.068572][ T5510] ? __fget_files+0x3f6/0x470 [ 107.073283][ T5510] ksys_read+0x1a0/0x2c0 [ 107.077570][ T5510] ? __pfx_ksys_read+0x10/0x10 [ 107.082369][ T5510] ? do_syscall_64+0x100/0x230 [ 107.087181][ T5510] ? do_syscall_64+0xb6/0x230 [ 107.091894][ T5510] do_syscall_64+0xf3/0x230 [ 107.096428][ T5510] ? clear_bhb_loop+0x35/0x90 [ 107.101139][ T5510] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.107055][ T5510] RIP: 0033:0x7f8dc3b783fc [ 107.111480][ T5510] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 107.131104][ T5510] RSP: 002b:00007f8dc49e3030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 107.139536][ T5510] RAX: ffffffffffffffda RBX: 00007f8dc3d15f80 RCX: 00007f8dc3b783fc [ 107.147517][ T5510] RDX: 000000000000000f RSI: 00007f8dc49e30a0 RDI: 0000000000000006 [ 107.155500][ T5510] RBP: 00007f8dc49e3090 R08: 0000000000000000 R09: 0000000000000000 [ 107.163477][ T5510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 107.171450][ T5510] R13: 0000000000000000 R14: 00007f8dc3d15f80 R15: 00007ffc972fa648 [ 107.179442][ T5510] [ 108.293676][ T5528] netlink: 28 bytes leftover after parsing attributes in process `syz.2.55'. [ 108.665474][ T5542] netlink: 8 bytes leftover after parsing attributes in process `syz.0.59'. [ 108.860681][ T5542] netlink: 8 bytes leftover after parsing attributes in process `syz.0.59'. [ 108.870629][ T5542] netlink: 8 bytes leftover after parsing attributes in process `syz.0.59'. [ 109.482803][ T5549] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 109.588789][ T5305] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 109.839060][ T5305] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 109.862444][ T5305] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 109.885697][ T5305] usb 2-1: New USB device found, idVendor=09da, idProduct=022b, bcdDevice= 0.00 [ 109.943479][ T5305] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.986395][ T5305] usb 2-1: config 0 descriptor?? [ 110.510387][ T5305] a4tech 0003:09DA:022B.0001: item fetching failed at offset 5/7 [ 110.544729][ T5305] a4tech 0003:09DA:022B.0001: parse failed [ 110.555647][ T5305] a4tech 0003:09DA:022B.0001: probe with driver a4tech failed with error -22 [ 111.615830][ T46] usb 2-1: USB disconnect, device number 3 [ 111.653940][ T5561] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 113.347100][ T5583] netlink: 28 bytes leftover after parsing attributes in process `syz.2.71'. [ 115.332064][ T5305] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 115.708224][ T5610] FAULT_INJECTION: forcing a failure. [ 115.708224][ T5610] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 115.748734][ T5610] CPU: 1 UID: 0 PID: 5610 Comm: syz.1.78 Not tainted 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0 [ 115.759316][ T5610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 115.769401][ T5610] Call Trace: [ 115.772717][ T5610] [ 115.775673][ T5610] dump_stack_lvl+0x241/0x360 [ 115.780391][ T5610] ? __pfx_dump_stack_lvl+0x10/0x10 [ 115.785623][ T5610] ? __pfx__printk+0x10/0x10 [ 115.790270][ T5610] ? __pfx_lock_release+0x10/0x10 [ 115.795368][ T5610] should_fail_ex+0x3b0/0x4e0 [ 115.800086][ T5610] _copy_from_user+0x2f/0xe0 [ 115.805289][ T5610] copy_msghdr_from_user+0xae/0x680 [ 115.810530][ T5610] ? __pfx___might_resched+0x10/0x10 [ 115.815873][ T5610] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 115.821744][ T5610] ? __might_fault+0xaa/0x120 [ 115.826490][ T5610] __sys_sendmmsg+0x374/0x740 [ 115.831218][ T5610] ? __pfx___sys_sendmmsg+0x10/0x10 [ 115.836776][ T5610] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 115.842740][ T5610] ? ksys_write+0x23e/0x2c0 [ 115.847908][ T5610] ? __pfx_lock_release+0x10/0x10 [ 115.853726][ T5610] ? vfs_write+0x7c4/0xc90 [ 115.858536][ T5610] ? __mutex_unlock_slowpath+0x21d/0x750 [ 115.864846][ T5610] ? __pfx_vfs_write+0x10/0x10 [ 115.870282][ T5610] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 115.876534][ T5610] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 115.883108][ T5610] ? do_syscall_64+0x100/0x230 [ 115.888469][ T5610] __x64_sys_sendmmsg+0xa0/0xb0 [ 115.893515][ T5610] do_syscall_64+0xf3/0x230 [ 115.898165][ T5610] ? clear_bhb_loop+0x35/0x90 [ 115.903260][ T5610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.909731][ T5610] RIP: 0033:0x7f8dc3b799b9 [ 115.914664][ T5610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 115.935019][ T5610] RSP: 002b:00007f8dc49e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 115.943588][ T5610] RAX: ffffffffffffffda RBX: 00007f8dc3d15f80 RCX: 00007f8dc3b799b9 [ 115.951628][ T5610] RDX: 000000000000fdef RSI: 00000000200020c0 RDI: 0000000000000004 [ 115.959643][ T5610] RBP: 00007f8dc49e3090 R08: 0000000000000000 R09: 0000000000000000 [ 115.967743][ T5610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 115.975748][ T5610] R13: 0000000000000000 R14: 00007f8dc3d15f80 R15: 00007ffc972fa648 [ 115.985727][ T5610] [ 115.996856][ T5305] usb 1-1: Using ep0 maxpacket: 8 [ 116.006894][ T5305] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 116.026392][ T5305] usb 1-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 116.082447][ T5305] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 116.091590][ T5305] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.145154][ T5305] usbtmc 1-1:16.0: bulk endpoints not found [ 117.481907][ T5624] binder: 5623:5624 ioctl 4018620d 0 returned -22 [ 117.767083][ T5305] usb 1-1: USB disconnect, device number 3 [ 117.866087][ T4607] Bluetooth: hci0: ISO packet for unknown connection handle 0 [ 118.612383][ T5277] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 119.085156][ T5277] usb 3-1: Using ep0 maxpacket: 16 [ 119.188471][ T5277] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 119.216396][ T5277] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 119.229800][ T5277] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 119.240107][ T5277] usb 3-1: New USB device strings: Mfr=236, Product=255, SerialNumber=0 [ 119.538720][ T5277] usb 3-1: Product: syz [ 119.581318][ T5277] usb 3-1: Manufacturer: syz [ 119.864378][ T5277] usb 3-1: config 0 descriptor?? [ 120.025581][ T5651] FAULT_INJECTION: forcing a failure. [ 120.025581][ T5651] name failslab, interval 1, probability 0, space 0, times 0 [ 120.039864][ T5651] CPU: 1 UID: 0 PID: 5651 Comm: syz.1.91 Not tainted 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0 [ 120.050422][ T5651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 120.060493][ T5651] Call Trace: [ 120.063798][ T5651] [ 120.066741][ T5651] dump_stack_lvl+0x241/0x360 [ 120.071478][ T5651] ? __pfx_dump_stack_lvl+0x10/0x10 [ 120.076714][ T5651] ? __pfx__printk+0x10/0x10 [ 120.081355][ T5651] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 120.087394][ T5651] ? __pfx___might_resched+0x10/0x10 [ 120.092720][ T5651] should_fail_ex+0x3b0/0x4e0 [ 120.097431][ T5651] should_failslab+0xac/0x100 [ 120.102134][ T5651] ? __alloc_skb+0x1c3/0x440 [ 120.106736][ T5651] kmem_cache_alloc_node_noprof+0x71/0x320 [ 120.112579][ T5651] __alloc_skb+0x1c3/0x440 [ 120.117029][ T5651] ? __pfx___alloc_skb+0x10/0x10 [ 120.122010][ T5651] ? netlink_ack_tlv_len+0x6e/0x200 [ 120.127227][ T5651] netlink_ack+0x13f/0xa30 [ 120.132132][ T5651] ? __pfx_lock_acquire+0x10/0x10 [ 120.137194][ T5651] ? __pfx_mptcp_pm_nl_del_addr_doit+0x10/0x10 [ 120.143386][ T5651] netlink_rcv_skb+0x262/0x430 [ 120.148170][ T5651] ? __pfx_genl_rcv_msg+0x10/0x10 [ 120.153227][ T5651] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 120.158548][ T5651] ? __netlink_deliver_tap+0x77e/0x7c0 [ 120.164058][ T5651] genl_rcv+0x28/0x40 [ 120.168235][ T5651] netlink_unicast+0x7f0/0x990 [ 120.173061][ T5651] ? __pfx_netlink_unicast+0x10/0x10 [ 120.178399][ T5651] ? __virt_addr_valid+0x183/0x530 [ 120.183743][ T5651] ? __check_object_size+0x49c/0x900 [ 120.189062][ T5651] ? bpf_lsm_netlink_send+0x9/0x10 [ 120.194200][ T5651] netlink_sendmsg+0x8e4/0xcb0 [ 120.199011][ T5651] ? __pfx_netlink_sendmsg+0x10/0x10 [ 120.204331][ T5651] ? __import_iovec+0x536/0x820 [ 120.209232][ T5651] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 120.214601][ T5651] ? security_socket_sendmsg+0x87/0xb0 [ 120.220124][ T5651] ? __pfx_netlink_sendmsg+0x10/0x10 [ 120.225602][ T5651] __sock_sendmsg+0x221/0x270 [ 120.230636][ T5651] ____sys_sendmsg+0x525/0x7d0 [ 120.235746][ T5651] ? __pfx_____sys_sendmsg+0x10/0x10 [ 120.241455][ T5651] __sys_sendmsg+0x2b0/0x3a0 [ 120.246802][ T5651] ? __pfx___sys_sendmsg+0x10/0x10 [ 120.251961][ T5651] ? vfs_write+0x7c4/0xc90 [ 120.256561][ T5651] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 120.262950][ T5651] ? do_syscall_64+0x100/0x230 [ 120.267763][ T5651] ? do_syscall_64+0xb6/0x230 [ 120.272480][ T5651] do_syscall_64+0xf3/0x230 [ 120.277027][ T5651] ? clear_bhb_loop+0x35/0x90 [ 120.281766][ T5651] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 120.287861][ T5651] RIP: 0033:0x7f8dc3b799b9 [ 120.293919][ T5651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.313775][ T5651] RSP: 002b:00007f8dc49e3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 120.322238][ T5651] RAX: ffffffffffffffda RBX: 00007f8dc3d15f80 RCX: 00007f8dc3b799b9 [ 120.330357][ T5651] RDX: 0000000000000000 RSI: 00000000200003c0 RDI: 0000000000000003 [ 120.338411][ T5651] RBP: 00007f8dc49e3090 R08: 0000000000000000 R09: 0000000000000000 [ 120.346595][ T5651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 120.354608][ T5651] R13: 0000000000000000 R14: 00007f8dc3d15f80 R15: 00007ffc972fa648 [ 120.362645][ T5651] [ 121.453630][ T5277] kovaplus 0003:1E7D:2D50.0002: item fetching failed at offset 5/7 [ 121.472579][ T5277] kovaplus 0003:1E7D:2D50.0002: parse failed [ 121.478726][ T5277] kovaplus 0003:1E7D:2D50.0002: probe with driver kovaplus failed with error -22 [ 121.568729][ T5637] netlink: 48 bytes leftover after parsing attributes in process `syz.2.86'. [ 122.418916][ T46] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 122.502923][ T5637] fuse: Bad value for 'rootmode' [ 122.563046][ T5637] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 122.652138][ T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 122.672454][ T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 122.722009][ T5637] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 122.731852][ T46] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 122.755504][ T46] usb 4-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 122.792600][ T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.832928][ T46] usb 4-1: config 0 descriptor?? [ 122.856648][ T5680] usb 3-1: USB disconnect, device number 2 [ 122.887654][ T5669] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.897001][ T5669] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.770351][ T46] acrux 0003:1A34:0802.0003: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.3-1/input0 [ 123.886361][ T5669] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 123.969855][ T46] acrux 0003:1A34:0802.0003: no inputs found [ 124.047269][ T46] acrux 0003:1A34:0802.0003: Failed to enable force feedback support, error: -19 [ 124.105387][ T5669] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 124.375296][ T5669] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.388410][ T5669] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.400383][ T5669] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.420881][ T5669] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.601787][ T5679] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 124.824152][ T5679] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 124.846346][ T5679] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 124.856789][ T5679] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 124.871201][ T5679] usb 2-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 124.881288][ T5679] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.904634][ T5679] usb 2-1: config 0 descriptor?? [ 125.268398][ T5703] usb 4-1: USB disconnect, device number 2 [ 125.419935][ T5679] acrux 0003:1A34:0802.0004: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.1-1/input0 [ 125.554503][ T5679] acrux 0003:1A34:0802.0004: no inputs found [ 125.734702][ T5679] acrux 0003:1A34:0802.0004: Failed to enable force feedback support, error: -19 [ 126.620897][ T5732] netlink: 8 bytes leftover after parsing attributes in process `syz.0.110'. [ 127.072522][ T5330] usb 2-1: reset high-speed USB device number 4 using dummy_hcd [ 128.547009][ T5747] netlink: 8 bytes leftover after parsing attributes in process `syz.2.112'. [ 128.647201][ T5752] binder: 5750:5752 ioctl 4018620d 0 returned -22 [ 128.668680][ T5752] binder: 5750:5752 ioctl c0306201 0 returned -14 [ 128.687221][ T5752] binder: 5750:5752 ioctl c0306201 0 returned -14 [ 129.171942][ T5752] FAULT_INJECTION: forcing a failure. [ 129.171942][ T5752] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 129.221339][ T5752] CPU: 0 UID: 0 PID: 5752 Comm: syz.4.116 Not tainted 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0 [ 129.232015][ T5752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 129.242201][ T5752] Call Trace: [ 129.245516][ T5752] [ 129.248469][ T5752] dump_stack_lvl+0x241/0x360 [ 129.253174][ T5752] ? __pfx_dump_stack_lvl+0x10/0x10 [ 129.258378][ T5752] ? __pfx__printk+0x10/0x10 [ 129.262982][ T5752] ? __pfx_lock_release+0x10/0x10 [ 129.268014][ T5752] ? __lock_acquire+0x137a/0x2040 [ 129.273049][ T5752] should_fail_ex+0x3b0/0x4e0 [ 129.277731][ T5752] _copy_from_user+0x2f/0xe0 [ 129.282331][ T5752] kstrtouint_from_user+0xc6/0x190 [ 129.287449][ T5752] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 129.293183][ T5752] ? __pfx_lock_acquire+0x10/0x10 [ 129.298222][ T5752] proc_fail_nth_write+0xaa/0x2d0 [ 129.303256][ T5752] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 129.309767][ T5752] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 129.315858][ T5752] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 129.321705][ T5752] vfs_write+0x2a2/0xc90 [ 129.326274][ T5752] ? __pfx_vfs_write+0x10/0x10 [ 129.331249][ T5752] ? __fget_files+0x29/0x470 [ 129.335923][ T5752] ? __fget_files+0x3f6/0x470 [ 129.340828][ T5752] ksys_write+0x1a0/0x2c0 [ 129.345183][ T5752] ? __pfx_ksys_write+0x10/0x10 [ 129.350042][ T5752] ? do_syscall_64+0x100/0x230 [ 129.354817][ T5752] ? do_syscall_64+0xb6/0x230 [ 129.359498][ T5752] do_syscall_64+0xf3/0x230 [ 129.364008][ T5752] ? clear_bhb_loop+0x35/0x90 [ 129.368691][ T5752] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.374588][ T5752] RIP: 0033:0x7f4b2e57849f [ 129.379002][ T5752] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8d 02 00 48 [ 129.398618][ T5752] RSP: 002b:00007f4b2f3bd030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 129.407050][ T5752] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4b2e57849f [ 129.415039][ T5752] RDX: 0000000000000001 RSI: 00007f4b2f3bd0a0 RDI: 0000000000000005 [ 129.423020][ T5752] RBP: 00007f4b2f3bd090 R08: 0000000000000000 R09: 0000000000000000 [ 129.431001][ T5752] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 129.438985][ T5752] R13: 0000000000000000 R14: 00007f4b2e715f80 R15: 00007ffd45e3ef88 [ 129.446981][ T5752] [ 129.454211][ T5679] usb 2-1: USB disconnect, device number 4 [ 130.753071][ T5770] netlink: 4 bytes leftover after parsing attributes in process `syz.1.121'. [ 130.954414][ T5758] capability: warning: `syz.2.119' uses 32-bit capabilities (legacy support in use) [ 131.211757][ T5276] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 132.264220][ T5276] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 132.367622][ T5276] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 132.377568][ T5276] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 132.397508][ T5276] usb 5-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 132.408512][ T5276] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.424869][ T5276] usb 5-1: config 0 descriptor?? [ 132.550602][ T5795] netlink: 4 bytes leftover after parsing attributes in process `syz.0.127'. [ 132.580272][ T5795] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 132.705419][ T5276] usbhid 5-1:0.0: can't add hid device: -71 [ 133.247333][ T5276] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 133.287878][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.297436][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.314999][ T5276] usb 5-1: USB disconnect, device number 4 [ 133.615451][ T5811] FAULT_INJECTION: forcing a failure. [ 133.615451][ T5811] name failslab, interval 1, probability 0, space 0, times 0 [ 133.698190][ T5811] CPU: 0 UID: 0 PID: 5811 Comm: syz.1.133 Not tainted 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0 [ 133.708839][ T5811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 133.718903][ T5811] Call Trace: [ 133.722189][ T5811] [ 133.725123][ T5811] dump_stack_lvl+0x241/0x360 [ 133.729826][ T5811] ? __pfx_dump_stack_lvl+0x10/0x10 [ 133.735061][ T5811] ? __pfx__printk+0x10/0x10 [ 133.739691][ T5811] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 133.745687][ T5811] ? __pfx___might_resched+0x10/0x10 [ 133.750989][ T5811] should_fail_ex+0x3b0/0x4e0 [ 133.755694][ T5811] should_failslab+0xac/0x100 [ 133.760403][ T5811] ? __alloc_skb+0x1c3/0x440 [ 133.765024][ T5811] kmem_cache_alloc_node_noprof+0x71/0x320 [ 133.770844][ T5811] ? br_get_link_af_size_filtered+0xdb/0xd30 [ 133.776843][ T5811] __alloc_skb+0x1c3/0x440 [ 133.781276][ T5811] ? __pfx___alloc_skb+0x10/0x10 [ 133.786227][ T5811] ? if_nlmsg_size+0x74f/0x7a0 [ 133.791003][ T5811] ? if_nlmsg_size+0x53a/0x7a0 [ 133.795776][ T5811] rtmsg_ifinfo_build_skb+0x84/0x260 [ 133.801082][ T5811] ? in6_dev_get+0x22a/0x290 [ 133.805717][ T5811] ? notifier_call_chain+0x162/0x3e0 [ 133.811023][ T5811] rtmsg_ifinfo+0x91/0x1b0 [ 133.815461][ T5811] netdev_state_change+0x139/0x1a0 [ 133.820590][ T5811] ? __pfx_netdev_state_change+0x10/0x10 [ 133.826331][ T5811] ? __nla_parse+0x40/0x60 [ 133.830777][ T5811] do_setlink+0x3e3/0x41f0 [ 133.835218][ T5811] ? stack_trace_save+0x118/0x1d0 [ 133.840265][ T5811] ? __lock_acquire+0x137a/0x2040 [ 133.845331][ T5811] ? __pfx_stack_trace_save+0x10/0x10 [ 133.850809][ T5811] ? __pfx_do_setlink+0x10/0x10 [ 133.855780][ T5811] ? __nla_validate_parse+0x26ce/0x3090 [ 133.861381][ T5811] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 133.867675][ T5811] ? rtnl_newlink+0xf2/0x20a0 [ 133.872394][ T5811] ? __pfx___nla_validate_parse+0x10/0x10 [ 133.878594][ T5811] ? validate_linkmsg+0x71e/0x900 [ 133.883654][ T5811] rtnl_newlink+0x1119/0x20a0 [ 133.888512][ T5811] ? rtnl_newlink+0xb01/0x20a0 [ 133.893416][ T5811] ? __pfx_rtnl_newlink+0x10/0x10 [ 133.898905][ T5811] ? __pfx___mutex_trylock_common+0x10/0x10 [ 133.904928][ T5811] ? rcu_is_watching+0x15/0xb0 [ 133.909729][ T5811] ? trace_contention_end+0x3c/0x120 [ 133.915147][ T5811] ? __mutex_lock+0x2ef/0xd70 [ 133.920526][ T5811] ? __pfx_lock_release+0x10/0x10 [ 133.926237][ T5811] ? __pfx_rtnl_newlink+0x10/0x10 [ 133.931382][ T5811] rtnetlink_rcv_msg+0x73f/0xcf0 [ 133.936633][ T5811] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 133.941898][ T5811] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 133.947884][ T5811] ? ref_tracker_free+0x643/0x7e0 [ 133.952975][ T5811] netlink_rcv_skb+0x1e3/0x430 [ 133.957963][ T5811] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 133.963785][ T5811] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 133.969552][ T5811] ? netlink_deliver_tap+0x2e/0x1b0 [ 133.975625][ T5811] netlink_unicast+0x7f0/0x990 [ 133.980439][ T5811] ? __pfx_netlink_unicast+0x10/0x10 [ 133.986208][ T5811] ? __virt_addr_valid+0x183/0x530 [ 133.991612][ T5811] ? __check_object_size+0x49c/0x900 [ 133.997515][ T5811] ? bpf_lsm_netlink_send+0x9/0x10 [ 134.002654][ T5811] netlink_sendmsg+0x8e4/0xcb0 [ 134.007454][ T5811] ? __pfx_netlink_sendmsg+0x10/0x10 [ 134.012765][ T5811] ? __import_iovec+0x536/0x820 [ 134.017637][ T5811] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 134.023025][ T5811] ? security_socket_sendmsg+0x87/0xb0 [ 134.028499][ T5811] ? __pfx_netlink_sendmsg+0x10/0x10 [ 134.033804][ T5811] __sock_sendmsg+0x221/0x270 [ 134.038508][ T5811] ____sys_sendmsg+0x525/0x7d0 [ 134.043293][ T5811] ? __pfx_____sys_sendmsg+0x10/0x10 [ 134.048611][ T5811] __sys_sendmsg+0x2b0/0x3a0 [ 134.053225][ T5811] ? __pfx___sys_sendmsg+0x10/0x10 [ 134.058345][ T5811] ? vfs_write+0x7c4/0xc90 [ 134.062978][ T5811] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 134.069325][ T5811] ? do_syscall_64+0x100/0x230 [ 134.074100][ T5811] ? do_syscall_64+0xb6/0x230 [ 134.078874][ T5811] do_syscall_64+0xf3/0x230 [ 134.083516][ T5811] ? clear_bhb_loop+0x35/0x90 [ 134.089056][ T5811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 134.095875][ T5811] RIP: 0033:0x7f8dc3b799b9 [ 134.100313][ T5811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 134.119932][ T5811] RSP: 002b:00007f8dc49e3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 134.128361][ T5811] RAX: ffffffffffffffda RBX: 00007f8dc3d15f80 RCX: 00007f8dc3b799b9 [ 134.136350][ T5811] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 134.144430][ T5811] RBP: 00007f8dc49e3090 R08: 0000000000000000 R09: 0000000000000000 [ 134.152413][ T5811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 134.160397][ T5811] R13: 0000000000000000 R14: 00007f8dc3d15f80 R15: 00007ffc972fa648 [ 134.168394][ T5811] [ 134.192153][ T5815] netlink: 44 bytes leftover after parsing attributes in process `syz.0.134'. [ 134.495782][ T5276] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 134.674060][ T5276] usb 5-1: device descriptor read/64, error -71 [ 135.241944][ T5276] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 135.588859][ T5276] usb 5-1: device descriptor read/64, error -71 [ 138.167693][ T5276] usb usb5-port1: attempt power cycle [ 138.801356][ T5833] netlink: 8 bytes leftover after parsing attributes in process `syz.0.137'. [ 140.671704][ T29] audit: type=1326 audit(1723763225.743:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5847 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35d65799b9 code=0x7ffc0000 [ 141.402336][ T5331] IPVS: starting estimator thread 0... [ 141.422379][ T29] audit: type=1326 audit(1723763225.743:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5847 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35d65799b9 code=0x7ffc0000 [ 141.463018][ T29] audit: type=1326 audit(1723763225.753:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5847 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=108 compat=0 ip=0x7f35d65799b9 code=0x7ffc0000 [ 141.511815][ T5858] IPVS: using max 15 ests per chain, 36000 per kthread [ 141.731249][ T29] audit: type=1326 audit(1723763225.753:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5847 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35d65799b9 code=0x7ffc0000 [ 141.886708][ T29] audit: type=1326 audit(1723763225.763:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5847 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35d65799b9 code=0x7ffc0000 [ 141.951852][ T5331] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 142.027669][ T29] audit: type=1326 audit(1723763225.763:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5847 comm="syz.3.142" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f35d65799b9 code=0x7ffc0000 [ 142.104615][ T5870] netlink: 'syz.1.146': attribute type 1 has an invalid length. [ 142.154409][ T5870] netlink: 224 bytes leftover after parsing attributes in process `syz.1.146'. [ 142.185389][ T5331] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 142.220651][ T5331] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 142.255019][ T5331] usb 5-1: New USB device found, idVendor=056a, idProduct=00d0, bcdDevice= 0.00 [ 142.283991][ T5331] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.310267][ T5331] usb 5-1: config 0 descriptor?? [ 142.770004][ T5331] wacom 0003:056A:00D0.0005: unknown main item tag 0x0 [ 143.117361][ T5331] wacom 0003:056A:00D0.0005: Unknown device_type for 'HID 056a:00d0'. Assuming pen. [ 143.690326][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 143.712266][ T5331] wacom 0003:056A:00D0.0005: hidraw0: USB HID v0.00 Device [HID 056a:00d0] on usb-dummy_hcd.4-1/input0 [ 143.739944][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 143.765255][ T5331] input: Wacom Bamboo 2FG Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:056A:00D0.0005/input/input6 [ 143.801823][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 143.844607][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 143.879947][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 143.923758][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 143.955066][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 143.991208][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.012064][ T5276] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 144.035302][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.068933][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.107793][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.135422][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.162557][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.180518][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.194361][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.203984][ T5866] netlink: 'syz.3.145': attribute type 1 has an invalid length. [ 144.214202][ T5870] nvme_fabrics: missing parameter 'transport=%s' [ 144.246012][ T5276] usb 1-1: config 0 has no interfaces? [ 144.273311][ T5866] netlink: 224 bytes leftover after parsing attributes in process `syz.3.145'. [ 144.273407][ T5870] nvme_fabrics: missing parameter 'nqn=%s' [ 144.285743][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.300002][ T5276] usb 1-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 144.340611][ T5276] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.351953][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.368667][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.381949][ T5276] usb 1-1: config 0 descriptor?? [ 144.433971][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.473332][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.498792][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.529649][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.541229][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.553125][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.584886][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.644309][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.709219][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.778998][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.808051][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.855028][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.892412][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.944007][ T5273] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 144.986286][ T5273] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz0] on syz0 [ 145.057483][ T5331] usb 5-1: USB disconnect, device number 8 [ 146.796626][ T5273] usb 1-1: USB disconnect, device number 4 [ 147.625179][ T5933] netlink: 8 bytes leftover after parsing attributes in process `syz.1.164'. [ 147.642996][ T5933] netlink: 8 bytes leftover after parsing attributes in process `syz.1.164'. [ 147.675946][ T5933] netlink: 8 bytes leftover after parsing attributes in process `syz.1.164'. [ 147.881594][ T5940] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 147.893190][ T5273] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 147.923792][ T5940] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 148.114060][ T5273] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 148.153641][ T5273] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 148.171973][ T5273] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 148.186642][ T5273] usb 1-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 148.197748][ T5273] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.822219][ T5330] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 149.155437][ T5273] usb 1-1: config 0 descriptor?? [ 149.620818][ T5273] acrux 0003:1A34:0802.0007: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.0-1/input0 [ 149.661934][ T5273] acrux 0003:1A34:0802.0007: no inputs found [ 149.684062][ T5273] acrux 0003:1A34:0802.0007: Failed to enable force feedback support, error: -19 [ 151.194210][ T5679] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 156.357215][ T5273] usb 1-1: reset high-speed USB device number 5 using dummy_hcd [ 255.861595][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 255.869439][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P5222/1:b..l [ 255.878328][ C0] rcu: (detected by 0, t=10503 jiffies, g=12581, q=340 ncpus=2) [ 255.886569][ C0] task:syz-executor state:R running task stack:19984 pid:5222 tgid:5222 ppid:5218 flags:0x00004000 [ 255.900639][ C0] Call Trace: [ 255.904049][ C0] [ 255.907023][ C0] __schedule+0x17ae/0x4a10 [ 255.911595][ C0] ? __pfx___schedule+0x10/0x10 [ 255.916509][ C0] ? copy_pmd_range+0x7a7a/0x8500 [ 255.921578][ C0] ? preempt_schedule+0xe1/0xf0 [ 255.926470][ C0] preempt_schedule_common+0x84/0xd0 [ 255.931916][ C0] preempt_schedule+0xe1/0xf0 [ 255.936646][ C0] ? __pfx_preempt_schedule+0x10/0x10 [ 255.942065][ C0] ? __page_table_check_ptes_set+0x30f/0x410 [ 255.948149][ C0] ? copy_pmd_range+0x7a7a/0x8500 [ 255.953353][ C0] preempt_schedule_thunk+0x1a/0x30 [ 255.959042][ C0] _raw_spin_unlock+0x3e/0x50 [ 255.963779][ C0] copy_pmd_range+0x7ad5/0x8500 [ 255.968707][ C0] ? __pfx_copy_pmd_range+0x10/0x10 [ 255.973952][ C0] ? look_up_lock_class+0x77/0x160 [ 255.979126][ C0] ? register_lock_class+0x102/0x980 [ 255.984463][ C0] ? __pfx_register_lock_class+0x10/0x10 [ 255.990143][ C0] ? mark_lock+0x9a/0x350 [ 255.994529][ C0] ? __lock_acquire+0x137a/0x2040 [ 255.999637][ C0] copy_page_range+0x99f/0xe90 [ 256.004479][ C0] ? __pfx_copy_page_range+0x10/0x10 [ 256.009821][ C0] ? __pfx_up_write+0x10/0x10 [ 256.014705][ C0] ? __asan_memset+0x23/0x50 [ 256.019423][ C0] ? __pfx_vma_interval_tree_augment_rotate+0x10/0x10 [ 256.026406][ C0] ? vma_interval_tree_insert_after+0x259/0x2b0 [ 256.032704][ C0] copy_mm+0x11ea/0x1f30 [ 256.037015][ C0] ? __pfx_copy_mm+0x10/0x10 [ 256.041654][ C0] ? __init_rwsem+0x122/0x160 [ 256.046364][ C0] ? copy_signal+0x549/0x670 [ 256.050999][ C0] copy_process+0x187c/0x3e10 [ 256.055737][ C0] ? copy_process+0x9fa/0x3e10 [ 256.060549][ C0] ? __pfx_copy_process+0x10/0x10 [ 256.065639][ C0] kernel_clone+0x223/0x870 [ 256.070194][ C0] ? __pfx_kernel_clone+0x10/0x10 [ 256.075375][ C0] __x64_sys_clone+0x258/0x2a0 [ 256.080187][ C0] ? __pfx___x64_sys_clone+0x10/0x10 [ 256.085513][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 256.091551][ C0] ? exc_page_fault+0x590/0x8c0 [ 256.096445][ C0] ? do_syscall_64+0xb6/0x230 [ 256.101158][ C0] do_syscall_64+0xf3/0x230 [ 256.105698][ C0] ? clear_bhb_loop+0x35/0x90 [ 256.110420][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.116362][ C0] RIP: 0033:0x7f36c7570213 [ 256.120839][ C0] RSP: 002b:00007ffdd2cfcad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 256.129302][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f36c7570213 [ 256.137307][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 256.145307][ C0] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 256.153390][ C0] R10: 00005555743cc7d0 R11: 0000000000000246 R12: 0000000000000000 [ 256.161392][ C0] R13: 0000000000024c98 R14: 0000000000024c14 R15: 00007ffdd2cfcc60 [ 256.169415][ C0] [ 256.172461][ C0] rcu: rcu_preempt kthread starved for 10482 jiffies! g12581 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 256.183683][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 256.193680][ C0] rcu: RCU grace-period kthread stack dump: [ 256.199593][ C0] task:rcu_preempt state:R running task stack:24464 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 256.211378][ C0] Call Trace: [ 256.214685][ C0] [ 256.217645][ C0] __schedule+0x17ae/0x4a10 [ 256.222218][ C0] ? __pfx___schedule+0x10/0x10 [ 256.227114][ C0] ? __pfx_lock_release+0x10/0x10 [ 256.232177][ C0] ? __asan_memset+0x23/0x50 [ 256.236805][ C0] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 256.242657][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 256.249118][ C0] ? schedule+0x90/0x320 [ 256.253401][ C0] schedule+0x14b/0x320 [ 256.257599][ C0] schedule_timeout+0x1be/0x310 [ 256.262488][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 256.267904][ C0] ? __pfx_process_timeout+0x10/0x10 [ 256.273495][ C0] ? prepare_to_swait_event+0x32e/0x350 [ 256.279084][ C0] rcu_gp_fqs_loop+0x2df/0x1330 [ 256.283970][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 256.289225][ C0] ? __pfx_rcu_implicit_dynticks_qs+0x10/0x10 [ 256.295336][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 256.300655][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 256.306688][ C0] ? finish_swait+0xd4/0x1e0 [ 256.311322][ C0] rcu_gp_kthread+0xa7/0x3b0 [ 256.315965][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 256.321206][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 256.327144][ C0] ? __kthread_parkme+0x169/0x1d0 [ 256.332222][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 256.337457][ C0] kthread+0x2f0/0x390 [ 256.341567][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 256.346795][ C0] ? __pfx_kthread+0x10/0x10 [ 256.351433][ C0] ret_from_fork+0x4b/0x80 [ 256.355896][ C0] ? __pfx_kthread+0x10/0x10 [ 256.360533][ C0] ret_from_fork_asm+0x1a/0x30 [ 256.365356][ C0] [ 256.368401][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 256.374754][ C0] Sending NMI from CPU 0 to CPUs 1: [ 256.380003][ C1] NMI backtrace for cpu 1 [ 256.380016][ C1] CPU: 1 UID: 0 PID: 5979 Comm: syz.3.177 Not tainted 6.11.0-rc3-syzkaller-00066-g1fb918967b56 #0 [ 256.380037][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 256.380047][ C1] RIP: 0010:kasan_check_range+0x5/0x290 [ 256.380075][ C1] Code: 8d e8 5f 9b e3 ff 90 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 55 <41> 57 41 56 41 54 53 b0 01 48 85 f6 0f 84 a0 01 00 00 4c 8d 04 37 [ 256.380089][ C1] RSP: 0018:ffffc90000a18d30 EFLAGS: 00000056 [ 256.380109][ C1] RAX: 0000000000000001 RBX: dffffc0000000000 RCX: ffffffff8171323f [ 256.380122][ C1] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc90000a18da0 [ 256.380133][ C1] RBP: ffffc90000a18e10 R08: ffff8880b932c883 R09: 1ffff11017265910 [ 256.380146][ C1] R10: dffffc0000000000 R11: ffffed1017265911 R12: ffff8880b932c880 [ 256.380159][ C1] R13: 1ffff920001431b4 R14: ffffc90000a18da0 R15: 1ffff11017265911 [ 256.380172][ C1] FS: 00007f35d733b6c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 256.380188][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 256.380200][ C1] CR2: 00007f4b2f359f98 CR3: 000000007ca38000 CR4: 00000000003506f0 [ 256.380215][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 256.380225][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 256.380236][ C1] Call Trace: [ 256.380242][ C1] [ 256.380249][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 256.380272][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 256.380298][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 256.380319][ C1] ? nmi_handle+0x2a/0x5a0 [ 256.380346][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 256.380368][ C1] ? nmi_handle+0x14f/0x5a0 [ 256.380384][ C1] ? nmi_handle+0x2a/0x5a0 [ 256.380401][ C1] ? kasan_check_range+0x5/0x290 [ 256.380422][ C1] ? default_do_nmi+0x63/0x160 [ 256.380445][ C1] ? exc_nmi+0x123/0x1f0 [ 256.380465][ C1] ? end_repeat_nmi+0xf/0x53 [ 256.380490][ C1] ? do_raw_spin_lock+0x14f/0x370 [ 256.380511][ C1] ? kasan_check_range+0x5/0x290 [ 256.380533][ C1] ? kasan_check_range+0x5/0x290 [ 256.380556][ C1] ? kasan_check_range+0x5/0x290 [ 256.380577][ C1] [ 256.380583][ C1] [ 256.380589][ C1] do_raw_spin_lock+0x14f/0x370 [ 256.380609][ C1] ? __pfx_lock_release+0x10/0x10 [ 256.380635][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 256.380654][ C1] ? seqcount_lockdep_reader_access+0x1c1/0x220 [ 256.380683][ C1] _raw_spin_lock_irqsave+0xe1/0x120 [ 256.380707][ C1] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 256.380730][ C1] ? sched_clock_cpu+0x76/0x490 [ 256.380748][ C1] ? ktime_get+0x9b/0xb0 [ 256.380767][ C1] ? lapic_next_event+0x11/0x20 [ 256.380809][ C1] ? clockevents_program_event+0x240/0x350 [ 256.380836][ C1] hrtimer_interrupt+0xfb/0x990 [ 256.380857][ C1] ? sched_clock_cpu+0x76/0x490 [ 256.380877][ C1] ? irqtime_account_irq+0xd4/0x1e0 [ 256.380901][ C1] ? __pfx_sched_clock_cpu+0x10/0x10 [ 256.380920][ C1] ? __irq_exit_rcu+0x100/0x1c0 [ 256.380942][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 256.380968][ C1] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 256.380997][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 256.381023][ C1] [ 256.381029][ C1] [ 256.381035][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 256.381055][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140 [ 256.381079][ C1] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 3e c7 3f f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 83 20 ab f5 65 8b 05 f4 f5 4b 74 85 c0 74 43 48 c7 04 24 0e 36 [ 256.381093][ C1] RSP: 0018:ffffc90016097b80 EFLAGS: 00000206 [ 256.381112][ C1] RAX: bd29c33d3b5af500 RBX: 1ffff92002c12f74 RCX: ffffffff94cea903 [ 256.381125][ C1] RDX: dffffc0000000000 RSI: ffffffff8bead560 RDI: 0000000000000001 [ 256.381137][ C1] RBP: ffffc90016097c10 R08: ffffffff8ff6a6af R09: 1ffffffff1fed4d5 [ 256.381150][ C1] R10: dffffc0000000000 R11: fffffbfff1fed4d6 R12: dffffc0000000000 [ 256.381163][ C1] R13: 1ffff92002c12f70 R14: ffffc90016097ba0 R15: 0000000000000246 [ 256.381187][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 256.381212][ C1] ? __send_signal_locked+0xb44/0xdc0 [ 256.381230][ C1] ? __lock_task_sighand+0x29/0x2d0 [ 256.381250][ C1] group_send_sig_info+0x2e0/0x310 [ 256.381270][ C1] ? __pfx_group_send_sig_info+0x10/0x10 [ 256.381290][ C1] ? __pfx_signal_setup_done+0x10/0x10 [ 256.381314][ C1] bpf_send_signal_common+0x2dd/0x430 [ 256.381339][ C1] ? __pfx_bpf_send_signal_common+0x10/0x10 [ 256.381362][ C1] ? __pfx___cant_migrate+0x10/0x10 [ 256.381389][ C1] ? bpf_trace_run2+0x1fc/0x540 [ 256.381408][ C1] bpf_send_signal+0x19/0x30 [ 256.381434][ C1] bpf_prog_7ba5217f62dcd359+0x40/0x44 [ 256.381450][ C1] bpf_trace_run2+0x2ec/0x540 [ 256.381473][ C1] ? __pfx_bpf_trace_run2+0x10/0x10 [ 256.381491][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 256.381517][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 256.381542][ C1] ? do_syscall_64+0x100/0x230 [ 256.381561][ C1] trace_sys_enter+0x93/0xd0 [ 256.381576][ C1] syscall_trace_enter+0xf8/0x150 [ 256.381594][ C1] do_syscall_64+0xcc/0x230 [ 256.381611][ C1] ? clear_bhb_loop+0x35/0x90 [ 256.381632][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.381651][ C1] RIP: 0033:0x7f35d6515319 [ 256.381664][ C1] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 256.381677][ C1] RSP: 002b:00007f35d733ab40 EFLAGS: 00000246 ORIG_RAX: 000000000000000f [ 256.381694][ C1] RAX: ffffffffffffffda RBX: 00007f35d6715f88 RCX: 00007f35d6515319 [ 256.381706][ C1] RDX: 00007f35d733ab40 RSI: 00007f35d733ac70 RDI: 0000000000000011 [ 256.381718][ C1] RBP: 00007f35d6715f80 R08: 0000000000000000 R09: 0000000000000000 [ 256.381728][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f35d6715f8c [ 256.381739][ C1] R13: 0000000000000000 R14: 00007ffc22c976d0 R15: 00007ffc22c977b8 [ 256.381761][ C1] [ 263.011839][ C1] hrtimer: interrupt took 390687 ns