last executing test programs: 1m22.831335142s ago: executing program 3 (id=2671): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e0500"], 0xffdd) (fail_nth: 3) 1m20.671834748s ago: executing program 3 (id=2679): prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) r3 = fsopen(&(0x7f0000000040)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000000)='source', &(0x7f00000001c0)='%(\x1f\xf3PI\x02n\x16u{4\x9e+\xfd\xd9\xb2\xae\x1d\xbb\x16\xca[', 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000000)='cifs.spnego\x00', &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r4) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x40046207, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) socket(0x0, 0x0, 0x10000000000002) r6 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x4c, r6, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x27}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x71}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'rr\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8}]}]}, 0x4c}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)) getpid() sched_setscheduler(0x0, 0x2, &(0x7f0000000200)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)) syz_emit_ethernet(0x199, &(0x7f00000003c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa86082b9827c186dd6000000001633a00fc020000000000000000000000000000ff020000000000000000000000000001010690780600000060317413000000000000000000000000000000000000000020010000000000000000000000000000000000000000000000001078640000002f09000000000000c204fffff20605020006040107c910fe8000000000000000000000000000aa072800000001080800000080000000000000cadbf348b306008000000000000000000000000000f9650000000000000000000000000088000001670000003600000000000000c204000000ea0000000c040600400200fe880000000000000000000000000101fe80000000000000000000000000000000000000000000000000ffff00000000fe8000000000000000000000000000bb00000000000000000000ffff640101010000000000000000000000000000000142c868f94d11794807264c87b7c895c994bdff1aae2b83ea26d45d7163b27be2de9b062f3fbdf8918abc1cd0fb56ca63eb637bc84ba2e2c9b08d6cdfb8a5e4627c94363ed55d23daf9fb51"], 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) pipe2$watch_queue(&(0x7f00000000c0), 0x80) 1m7.554012694s ago: executing program 0 (id=2706): socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000240)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r5, &(0x7f0000000200)=0x1, 0x12) mkdirat$cgroup(r4, &(0x7f00000000c0)='syz1\x00', 0x1ff) write$cgroup_pid(r5, &(0x7f0000000080), 0x12) 1m5.620228811s ago: executing program 0 (id=2708): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) ioctl$DRM_IOCTL_MODE_SETGAMMA(0xffffffffffffffff, 0xc02064a5, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) pipe2$9p(0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) open(0x0, 0x0, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x42d00) r5 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$RTC_WKALM_SET(r5, 0x5452, &(0x7f0000000040)={0x0, 0x0, {0x200000}}) r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r6]) 12.307220636s ago: executing program 2 (id=2804): socket$nl_generic(0x10, 0x3, 0x10) r0 = getuid() setreuid(0x0, r0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000002cc0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000002d00)={'wlan0\x00'}) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000000)=0x10000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000100)={@local}) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r3, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe4e26ad], 0x1, 0x400}) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r3, 0x7b1, &(0x7f0000000080)={&(0x7f00000016c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x1, 0x400}) sendmsg$NL80211_CMD_SET_MPATH(r2, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000002d40)=ANY=[@ANYBLOB="010000000000000000001600000008000300", @ANYBLOB="0324"], 0x28}}, 0x0) mkdir(0x0, 0x0) open(&(0x7f0000000480)='.\x00', 0x0, 0x0) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000001940)={0x0, 0x0, &(0x7f0000001900)={&(0x7f0000000300)=ANY=[@ANYBLOB="380000000314010000000000000000000900020073797a31000000000800410072786500140033006c6f000000000000eaff0000000000006ff405e36eb398530d360d6a1f80a0963014c4e37124ac30b43e6a3562ee3f09c70b6f01d7b40b2666d6cf3f6e8921331cfdf69c38f0d4c7cf8df6d2c73362f71d86f641953057a5c26aa373690e9ea4986f50c35f1b0bb8ef6025c5250012ddb4c116e98fdea15c746c2e9cae2e63"], 0x38}}, 0x0) getpid() open(&(0x7f0000000040)='.\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x0, 0x261, 0x2}, 0x48) open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) 11.084037988s ago: executing program 2 (id=2805): bind$alg(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, 0x0) r0 = io_uring_setup(0x2234, &(0x7f0000000080)={0x0, 0xfffffffd, 0x2, 0x5, 0x2bf}) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r0, 0xd, &(0x7f0000000140)={0x7, 0x0, 0x0, 0x0}, 0x20) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r0, 0xe, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000040)=[{0x0, 0xffffffff00000000}], &(0x7f0000000100), 0x7}, 0x20) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r0, 0xe, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000000)=[{0x0}], 0x0, 0x1}, 0x20) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, &(0x7f0000000300)=[{}, {}, {0x0, 0x0, 0x0, 0x8}]}, 0x90) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c) r2 = socket$inet6(0xa, 0x3, 0x84) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@mcast2, @in=@private=0xa010102, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x7, 0x0, 0xfffffffffffffffc}, {}, 0x0, 0x0, 0x1}, {{@in6=@empty, 0x0, 0x6c}, 0xa, @in6=@private2, 0x0, 0x4}}, 0xe8) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r4 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r4, &(0x7f0000001a40)=[{&(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000300)="a0", 0x1}], 0x1}], 0x1, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000140)={'sit0\x00', 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, 0x0, 0x0) lseek(r5, 0x0, 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000500)=ANY=[@ANYBLOB="a0000000", @ANYRES16=0x0, @ANYBLOB="3704000000000000000001000000840008804c000080240002007783be853b0c2637147a3298e6a2a2baa30ff35c4307914886d66c0aa0411062000002006c8c9c2bd087ac82f2242fdf6d3889d15801352027cc95f65febb31d809e9edf0c00008000000300040000002800008024000100000000000000000000000000000000000000000000000000000000000000e8ff07000100fb347dd27283e181e062e9b5610acc9bbede2a7ce625", @ANYRES32=0x0, @ANYBLOB], 0xf4}}, 0x80448c1) pipe2$watch_queue(0x0, 0x80) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) socket$inet(0x2, 0x80001, 0x84) sendmmsg$inet(r4, &(0x7f0000000bc0)=[{{&(0x7f00000001c0)={0x2, 0x0, @local}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000200)="b1", 0x1}], 0x1}}, {{&(0x7f0000000380)={0x2, 0x0, @broadcast}, 0x10, &(0x7f0000000a80)=[{&(0x7f00000003c0)="e4", 0x1}], 0x1}}], 0x2, 0x0) 9.978919739s ago: executing program 2 (id=2807): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) writev(r0, &(0x7f0000002b80)=[{&(0x7f0000002740)="a1", 0x45c}], 0x1) 9.871070433s ago: executing program 3 (id=2701): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r1 = dup(r0) write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c) socket$inet6(0xa, 0x3, 0x88) socket$packet(0x11, 0x3, 0x300) write$proc_mixer(0xffffffffffffffff, 0x0, 0xb8) openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r4, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r4, &(0x7f0000000200)={0x2, 0x4e24, @multicast2}, 0x10) sendmmsg(r4, &(0x7f0000003a80)=[{{&(0x7f00000000c0)=@in={0x2, 0x4e24, @loopback}, 0x80, 0x0}}], 0x1, 0x20040051) write$binfmt_script(r4, &(0x7f0000000340)={'#! ', './file0'}, 0xb) socket$inet(0x2, 0x80000, 0x0) listen(0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_GETFSUUID(0xffffffffffffffff, 0x8008662c, 0x0) setsockopt$MRT6_DONE(0xffffffffffffffff, 0x29, 0xc9, 0x0, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r5, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 9.547046456s ago: executing program 2 (id=2808): socket$nl_generic(0x10, 0x3, 0x10) r0 = getuid() setreuid(0x0, r0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) socket$nl_netfilter(0x10, 0x3, 0xc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000002cc0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000002d00)={'wlan0\x00'}) r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000000)=0x10000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000100)={@local}) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r3, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe4e26ad], 0x1, 0x400}) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r3, 0x7b1, &(0x7f0000000080)={&(0x7f00000016c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7cb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x1, 0x400}) sendmsg$NL80211_CMD_SET_MPATH(r2, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f0000002d40)=ANY=[@ANYRES32, @ANYBLOB="0324"], 0x28}}, 0x0) mkdir(0x0, 0x0) open(&(0x7f0000000480)='.\x00', 0x0, 0x0) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f0000001940)={0x0, 0x0, &(0x7f0000001900)={&(0x7f0000000300)=ANY=[@ANYBLOB="380000000314010000000000000000000900020073797a31000000000800410072786500140033006c6f000000000000eaff0000000000006ff405e36eb398530d360d6a1f80a0963014c4e37124ac30b43e6a3562ee3f09c70b6f01d7b40b2666d6cf3f6e8921331cfdf69c38f0d4c7cf8df6d2c73362f71d86f641953057a5c26aa373690e9ea4986f50c35f1b0bb8ef6025c5250012ddb4c116e98fdea15c746c2e9cae2e63"], 0x38}}, 0x0) getpid() open(&(0x7f0000000040)='.\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x0, 0x261, 0x2}, 0x48) open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) 9.534963867s ago: executing program 4 (id=2809): read$FUSE(0xffffffffffffffff, &(0x7f0000002600)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) syz_clone3(&(0x7f0000000580)={0x0, 0x0, &(0x7f0000000040), 0x0, {0x4000002a}, 0x0, 0x0, 0x0, &(0x7f0000004800)=[0x0, r0, r0, r0, 0x0], 0x5}, 0x58) socket$netlink(0x10, 0x3, 0x8) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$vim2m_VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058560f, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000280)={@in6={{0xa, 0x0, 0x0, @private2, 0x5}}, 0x0, 0x0, 0x20, 0x0, "98d3340600c7aa11897ecaab876eab79576839c5656be841ee2702e944af80373be266bd1883a68f0000070000000000000000000000000000000000000000000000000000000000000043be94ef00"}, 0xd8) bind$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x8200, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102376, 0x18fe8}], 0x1, 0x0, 0x0) r2 = socket$kcm(0x29, 0x5, 0x0) write$cgroup_pressure(r2, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0xc63b9e35) read$FUSE(r1, &(0x7f00000005c0)={0x2020}, 0x2020) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000001c0)) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) lseek(r4, 0x851, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xc, 0x0, 0xffffffffffffffc4) socket(0x3, 0xa, 0x8) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan0\x00'}) socket(0x2a, 0x2, 0x0) 9.501372322s ago: executing program 1 (id=2810): set_mempolicy(0x4005, &(0x7f0000000000)=0x7e, 0x8) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001800), 0x44c300, 0x0) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='.\x00', 0x0, 0x0) mkdirat(r2, &(0x7f0000000240)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={[{@noprefix}, {@none}, {@subsystem='net_prio'}]}) setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000280)={'veth0_to_hsr\x00', {0x2, 0x4e23, @loopback}}) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x2, &(0x7f00000002c0)=ANY=[@ANYBLOB="62000000000000007b0a00ff000000001d0a00000000000018100000", @ANYRES32, @ANYBLOB="1000e800000000250000006cd42d130065e100009500000000000000"], &(0x7f0000000140)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0}, 0x90) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x20000050) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) io_setup(0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r3, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r4 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0x2) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x11) ioctl$TIOCVHANGUP(r5, 0x5437, 0x0) bind$inet(r4, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r4, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r4, &(0x7f0000000640), 0x0, 0x82) syz_emit_ethernet(0x7c, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6002000b00462f00fe880000000000000000000000000001fe8000000000000000000000000000aa242065580002000097de00000800000086dd080088be00000000100000000100000000000000080022eb00000000200000000200000000000000000000000800655800000000"], 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xa0}}, 0x0) 8.646241177s ago: executing program 4 (id=2811): openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000080)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x2b0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8], [0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x6, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8fca, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1001, 0x0, 0x0, 0x0, 0xa90d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x40000000015, 0x5, 0x0) r4 = syz_io_uring_setup(0x5169, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)=0x0) syz_io_uring_setup(0x360b, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4}, &(0x7f0000000340)=0x0, 0x0) syz_io_uring_submit(r6, r5, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r4, 0xb15, 0x0, 0x0, 0x0, 0x0) r7 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r7, &(0x7f0000000080)={0x28, 0x0, 0x0, @hyper}, 0x10) accept4$vsock_stream(r7, 0x0, 0x0, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r8, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) dup(r8) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4800c}, 0x0) 8.342959653s ago: executing program 3 (id=2812): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r1 = dup(r0) write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c) socket$inet6(0xa, 0x3, 0x88) socket$packet(0x11, 0x3, 0x300) write$proc_mixer(0xffffffffffffffff, 0x0, 0xb8) openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x4e24, @multicast2}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000003a80)=[{{&(0x7f00000000c0)=@in={0x2, 0x4e24, @loopback}, 0x80, 0x0}}], 0x1, 0x20040051) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000340)={'#! ', './file0'}, 0xb) setsockopt$inet_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0xc, &(0x7f0000000040)=@gcm_256={{}, "a2879a2323b8254e", "86dd270f98c60203791922c5acce09cc4c1afd8c02f79131becff587e9572ef9", "770c937d", "5590a6b25e516d6a"}, 0x38) socket$inet(0x2, 0x80000, 0x0) listen(0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_GETFSUUID(0xffffffffffffffff, 0x8008662c, 0x0) setsockopt$MRT6_DONE(0xffffffffffffffff, 0x29, 0xc9, 0x0, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r4, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 5.941177594s ago: executing program 4 (id=2813): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$qrtr(0x2a, 0x2, 0x0) write$binfmt_script(r0, 0x0, 0xfffffdcc) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x1, 0x1a8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000480], 0x0, 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000001b000012000000004b28c962170b7020000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000086dd6361696630000000000000000000000076657468315f746f5f7465616d00000073797a6b616c6c65723100000000000076657468315f746f5f7465616d000000aaaaaaaaaabb0000000000000180c20000000000000000000000e8000000e80000001801000069703600000100000000000009000000000000000000000000000000000000005000000000010000fe80000000000000000000000000000000000000000000000000ffffac1e000000448c1ac46f9221775ce76daa853d0000000000000000004000000000000000000080000000000000010000000000063e004904004a194dc2f70d04a500000000000000000000000800000000000400"/424]}, 0x220) r2 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000001502", @ANYRES8=r2], 0x3c}}, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYBLOB], 0x3c}, 0x1, 0x2000000000000000}, 0x0) 5.862830547s ago: executing program 2 (id=2814): r0 = socket(0x10, 0x803, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x64}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="6000000002060500b56ec43879f08e000000000000c00500000700000211000300686173682a69702c706f720400000000020073797a320000000005000400130000001400078008001300000905001500020000000500050000000000050004"], 0x60}}, 0x0) bind$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @local}, 0x20) socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) r6 = socket$key(0xf, 0x3, 0x2) sendfile(r6, r1, 0x0, 0x600) r7 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001040)=ANY=[@ANYBLOB="380000000314010000000000000000080900020073797a30000000000800410072786500140033006c6f"], 0x38}}, 0x0) sendmsg$nl_route(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="34000000100001f8ffffff000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000c002b8008000100", @ANYRES32, @ANYBLOB="08001b"], 0x34}}, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000200)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_link_settings={0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0xfffffff3]}}) 5.806923028s ago: executing program 1 (id=2815): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, 0x0, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, &(0x7f0000000040)={0x0, 0x0, "ae95c69400311d48aad0bff5434e4daefeebbdfe3198b929fed36aae687d362c2d866ff14a0cbec8b491d56b52b140eda575852ea81921ebff746d451657e65d0811e5987eac486c9c4b75c4ff6aafb611cd7d03cbfbd9e500d9cb12cf3f19ee82e9b469a8cf57f61583f3bac73b19c5a450293e4710c264514b37c7fa25e36383a27a84d5a4c0e18de5a1797c673863cc00dc5cdc32c1258d84c073535e5deff67705562d14d97b87083ee4d46c2ca0fce82cfb9dbd65fac7a0ee3f343365d654fe8ab11cc98ca5c93434e40115965798a90c26c17a88eb3cdca0696b1c499a07bc1bb0be5b081894d9d8a6c33ceef29631b455362d75701de885445f54041d", "1296de93d42abc942a6fcff4a23adae0c2631cfb9500a8620adf1c360b8f47dce7c2b4bcecc57bc566e09f34ec744e1d981896bc465305253f59ea34aa23152317847405bd362bd5386481795d0ce05c0136607206492a7b73c35ccdf2d231ea2c288fcd61e5edd1b9a44ee645bcb16ad18aa4031e32b85059c9f27764c0fc113d5e02bc6d37e484537f225b64d0b4c5922b9a9a96e927973556251495945bb9254acea71793a6547fdbe626b61ff774b328ffab05567144f750b3ac185f43a0b904e2c5843a93dbca340c5bfe586abb0a0bdff03d367a5836a3dd0062d94550de352d712167b87b907f50e8884dfb47f8b586b25cb8c15eeebca606d82a44b4e4efeae61f6d4aff2ad6ed6e66439884905619707bf24cd18527b88e3fe5237bcb9ea28ca7410d1ed1a4ad410871da87b75bd880ed100d53ebcac789a647ecf7c70bda96f8c4e128a5183c4fb6e93bd4d7187dcc43bfb7540602050b28f2d2745c3353a81dd60920bfc2100bccde902f1cc5e1b9cc354f9c3936db7b13cb2ca3b5de486cb7af0824a20a0adf1dd9452bba5780eebce1a5299aaa66806475b54c443f730636e15fec969f06dc2662115f842123b4a7f05fb923bff4d5a9a0d3611d8380f5c189492c0c32697851698882e7cac74617cf725bd5ef186fdfa0d3ee91afcbc07d22d7f3d59ddc41cc62b5a22c11f652ffa6272cceefdc3fde005251740c8e023965f6a6325be94603c0564052a254e5adc05c8a335d3cc4c364ce4aa05ae2bf39b02630d39abe1026e8f2493c45278ec983e27689eeed4849c58d8b451263f015c7e9b41727b8b920d7fc422ef5804bb4e0492588fa1c5a20bd964e6ab5ac52f6ff54e2c3d6f6a84502d395d8792fe9a9c5391300dbf91c9a13ba77f2d181ce7e47fab67cd96bc8f062e9c5bb4b9b8fbfbdd5487e8c3eb50232fd5db02e5c3d24e7b6de8d1c24c38c44d1b783a4b17950615dd3aff36df8af574d3e8714ee859995c2195d72a53a925a0ba5ebc1879f287ad9a2f5feaacd394d7bc5e0ea87347efb54c5dbf74b7d3f936566192b4a62aaa4ba0c4afab271d5281cdaecfbb80ee6a6faa707b516935fd675067a73b89458aba9eef6e60802a546610f443467d81f419b26bf3fb83b1d2e20d855804a1ff5b4085cd4b19b20ea6c38d07f6ab749f581fe73f5dad67696440c8541cbc5c0a9d625d870bd2d91e3658be13118dba0b8ffdf74fc7569839eb94127a48425274443d1d90a7c64368d697d9e347a05d62ab7e30ab7ad1d018e759a72d2ca516fde8c9ae5814363110fdd59b1d095e29353a0e57b60badcf59e3e07d4752dfa9ffddc3bbde093274cb65fb92eead74dce5059811c95c0ff3ad73f87690369cdbabae831fb4f39edb906bffdc084342d3e4e309e7bad00dec7a77f79351d60d843152424ee6f4178b0f2f5e0a9a58d3280440a9050ac51d7d8d3e787a0fc10af60ff465f1d66fc8bbf3332389289fa69791da2d7b620605f596b2ec949da0b7b7ea8929d7016d7af98dbf01db1882141c842cca7ddfab0f268839f0f65e276bdb7ef1cadcd62d219b576e8968091cfceff259f7c58335a0430523aa5de8385fe8960148913d1393a2de76c04e28186435fd86a73a474c88d8b1e80b3bae45b08ce590d2e6df8a5f667c61b01df8436ba6636c840b10c3afd83e90c1f87a651e097749dc66d757d14fdb2358c72892180f09f51beff93d73b6d4f8af491a719c0f794896d82f88edd994d92b6793b85374b01b49faed5bb01de1cef84b80c1fc3edfc24791d08ecb6e1faa4dc2964799efd2acc02b20b930505f4c4ac634e570682e1a1dd40441a4a863020250eb4ea9648f5c15fbc900c361e193ed82353109992f4f744ccb4cb2d98a7e7f3aa336140fa7afc5778686154ef2b415636ddd283eb6dfcd9f2d8ac21c8909f7afc609a85a35de9c3b5837865788cebef10f44a6426aacf8e733e3c5caa77b34ae912eb5e1ecbfb3b49528a74575b08455a63cba63913e0c747550fe877f8575132249ca4fe5058802447cf1b8cabd2a042ab4af7643d5ba0b16f3acbe1e875ee50a082f199965411c2e3de00b2b7f45c30f6af49c434702bc97bf70dc9d6cd28290cacf0ebae7793253016906b0fe80489438df416d89c9a20f238cc11bc75a1554eefb3178ee19fdad7e4e1551f017852565e199bda6589e34532e0bc64aef3973a9b2556dc63be7300435421c5b88a297882a5513127bdaff57ec63cdd17ff5c58814fe8c39373f1cd9392d418201d100b0ca4561e9febc6bae01147e40beafcc41053c7f5fd4d8543af85f4b01740760d10fb84eabc072ab10e3898abc47e790b5ec382c88185aed39e96c7d841fc24f58d6906b0686c51200122504878bacd7ba493e905bbbec1f748776c1607bc33a9e153941afd25e2f6618491754153321279491c03bab4d40b746b1e1b8d5371d69f0b51ae2067e3fc1d0be81fbbd6ddb73a0e212fa7149f9108832c4989870d84157b49f8dde58cca267d568610c789c0fef42ade184ea75aefbcb51ddbfd48a62f8627b5544f1557ece2938aab730274d64fb8ed99651cbb81a02f46593f9ab1fa93bae049e6b701dedda2b37c32c5aeafcea706d0d5926af65ce22c62cf0b7b1c6f4c0d3cb07bdd83748d79f449818aa90ace222151f65ac0e6060c906e3853ca933569d33e91a08d35b615d526f561a358f14549799736e82d51d783e8d189a5f0b8790d4e3a7a01373dafcbeb30863588e40307e1d4b375f04e919faf97a0fe9000e5dfad976e1911070c91041cce2e85b07ddeb3a95b5cd9117d6452477c76a0f4eb922df210671ee2d26577665d34bdd64de969b96e707567f0641539a95e732202f6ef69af7a7f7b839bbcaca92913cba278012c5ce5b32929275273d3b76231867ecabee126d0a42b0b2c9eca98c81d7bc71732f4579f9987e6dc6ab1bd9b83281862e114c84a76fc6f824c47a1e54131736e16ce9249ec8ab8067553a2c5a643a0f1c7ca37081958cdb81efb2e34fe2dad168760bfd8938ef147a0dfa345e434ac0496293b7c4ab5ff28a9d479216f9828463fd4f4aefb6ea0ff9e7706f58a1803f86e16fd240b68d6e04053d98eb34becff1ccd0dd54f5eccdcf63d2a8ba683efce9cb5c5bdd5597b9b73a8f3c686fe3265f146f30ec11f4c07112cc9b36f6d850864b893f585d5fcdd5da640f8697570400191a62ff623cf8a6df4c73b6d3eb93b8abb90c1bedfab3190de3d4779dec1b7e7b226e696833fce668efdbd2ec9c85bf88ee176286b7c5a64ed1dd466ec3a52d5324c45eb327e7d033dd5e9763de2aa14500040be545ec494a4c0dfca2b3db7f3ea98f49400847c0761c2ebde1f1700383c4ce8d0fc5241c77447cda4be92474cb786ed25f455155f4d8156e9537dc26d744253623f02f4bb772f5c327e99c9bf18c96bc3a3f59ad9a3673301b87ee0481db1966278a066ad4e45aefb5aee95636573df516d38e25b5dc3259bf0fb68dd9f419a4f44a84d67a047f9aec7d4e5295c9bccc966c8b4ef3e3b2830593dc4057e7caa2397454169b585baf8b9e61d3f4de5e5cc09bdcd670396f97176c4abbb02c8e4dec20f0010a37cab3f75208defffacdf525d8f42d28f6e3e2d598c582500c32ef327885c9c9514ae3b0c7d71b65467f2f48dbdc4d7da8d11bff81a2d633d502f1751aae4da38fbac3760a79c1885c66731226a986df218e3e1c11ba7666e6914782fbd312630748e8d5621445c1df07511f74fc5147ed678542288502972872b183121f4e0f7159fd1b16aafb7c513dbda491c6ca57912b2854ae07bdd88624068322641e17a89a965752795aeda669e201a7e16b95014ebf19c4cb6609a6d8c371f2656dd8a91c153480683c89c78d528408b492c0ae52c2e5acc6b0e65d8e681c98e7289685faac1589f7c98f92d7818c396e4b870aa0fd3fbb155333c72f04ea2e9fe2141914a445e76e078c8d81843aa9e053d3a2f222e2e43bc43b4bd8139cdf902eac556f43c60be7d9f190f844d3f2f99896548841bc014e1294a4aecc7f06b1b6a18d3f68730391bbf096c4653e6db17d8a17369ebf09c3157a9468447dc54fb77aa3a92c1a27802598d550098b8fe24bf24eda25855b11ad23d9418e08e52b3b231533d658f755e8275b7735e96af2532b5e18cddb45b7f00b706d130390db0116658dddec202d465757df741ecaf2da2a46567c97c765fd1fac2369a735b458b001eb8aa83e3986de78793818d3585a35fe07b14d00b74f70befdb142a3447c05b6617aac8238c83d8d09c8a76636715f09b61634038e7994a9090f0b92a4433fd1ea56ac19114baa61bc35e8685455be4672d3a40c65380ba62275debf706a68534ddea03146d18de8187e80182e84026ee864e7a24c3fc1cc3321c9381994f0e20413d01de532e0f2f16f585bed31e0011456d4cdcf41d87ee4a0862e6ebba544db3de0b7e8b31038898e1d61f268ae5e867eb4dfb9e031cbb482820149ab9d4d228aed5c7686e393089a69e52298e404312357fbdd89bd2a4cfc4087b8a5d2d6218ed84507404c61f37f49ad27aa329493a9ef96a6943cf89f527ff1ed65d1732f3beeac0d37dc16fd42eea3870c4627972db33d30c0af5129fc5a282157db9feb22c7e80c23a0be7ca253197dac0d30eeb618b430114e61938ceb0b744e29f9a01d78ad5e6c100e8b1ab6fd0e39447e90f41b678f1ae283353e384dd62d0eda5ba7641c48ff0f98f8b67e93424108bb16238b76e22d2f1c4025076730b50a0d0afdeedf6bdbd2a94dcf6b2783909f91ef33dee561290a0ff7eb9df83e015b04b56a3e32c54bcf5a031f5a7682426e9777be122c7c140ee85c166dad909ece1da25c8aacb9ab812a1098858b99d000158eee9c3b7f0b3b926f77a12babd416237cb436f9a7ce20718f7b5a01f542cd1964d0989b6a71e4a4b661348954925debc0bdc17fcc3f698cf21ad2523ddfa4bb98b486f04921111da5063809eeba2179fde0251915682c268703675c7b4cb5e45dc6688fe817a40dd170332e1a84118b1ecae6460a87792de5a257ddd5ae94807637d4deaa7e18436832406b45be4b2009393254ee6d836bcb4e1180a81c2b068b98b81b5bc9adfd4a4b69c30f58077a25c2a5c43f2fba28d4e79b4de89fcec0234ef17d590074eba859520f6ab37279f89b5ce0311b9ac645e043e24dfc47cdd85966a37ad0e1f1cfd1dedad0ea95bc7627ef58fe0a0c2756dc3e8c31a30da67289fec6dc7b67c45bd9d09f109ac214295f0c817e6ffe2cf1c7c38e6d8bd53a7a4171f64b804d152215a9c8cdaa8798475588715e7aba6e32d3d326f202f0e46a759d7b6ffe0b2e1f842c2c0dcb1cd7468610fd873cc419a81efb5aa2d2b"}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYRES8, @ANYRES32, @ANYBLOB="0000000000000000400012800c0001"], 0x68}}, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'}) write$tun(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72) 3.986446018s ago: executing program 3 (id=2816): syz_usb_connect(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000220edf104c05c10687c20102030109022400010000000009040000024f69960009050f02000000000009058202"], 0x0) syz_usb_connect$cdc_ecm(0x1, 0x6b, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x59, 0x1, 0x1, 0x9, 0x0, 0x6, [{{0x9, 0x4, 0x0, 0x79, 0x3, 0x2, 0x6, 0x0, 0x0, {{0x8, 0x24, 0x6, 0x0, 0x0, "8c56be"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x7, 0x5, 0x0, 0xb}, [@mbim={0xc, 0x24, 0x1b, 0x9, 0xff, 0x1, 0x0, 0x2, 0x5}, @network_terminal={0x7, 0x24, 0xa, 0x8, 0x0, 0x7f, 0xe}, @mbim_extended={0x8, 0x24, 0x1c, 0x9, 0xaa, 0x1ff}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x20, 0xf, 0xe1, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0x1, 0xff, 0x8}}}}}]}}]}}, &(0x7f00000005c0)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x310, 0x95, 0x1, 0x4, 0x10, 0x2}, 0x65, &(0x7f00000000c0)={0x5, 0xf, 0x65, 0x4, [@generic={0x36, 0x10, 0x1, "7da6e51567a61e1742c4b21ee2e254ee47efac7e517cc4726f76f925974a5bb62a9230f99f80f677f3c8a294bf26319eaada62"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x1, 0x1, 0x3, 0xfffa, 0x3}, @wireless={0xb, 0x10, 0x1, 0x2, 0x1, 0x5, 0x9, 0xa7, 0x5}, @ss_container_id={0x14, 0x10, 0x4, 0x9, "3e49fed82fd161e6ff87338a860b9bfc"}]}, 0x9, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x2001}}, {0x93, &(0x7f0000000200)=@string={0x93, 0x3, "0219c36d81ea0c536262ecc0b8fedada073bb1da0376516b2e440614cdbc42c2aaf7581ff4a92871b3dfc510e95d4b89a31e6af0d9355309fbaa7228202d267fa2bf80ef5b4aa764e7969cd20621ae6827fafa9e2a4b38d4f7c956fc887120f8f6e354f9258498908a233f027af88e8c778e6069479b8a11f36d5b1a3803b68a4e87df3992d57333b76b6ea4896dd19627"}}, {0xdb, &(0x7f00000002c0)=@string={0xdb, 0x3, "c5d76a147020f6a6fed3e165a649dd0a23f2c58d7e1dfa23b23aebb64ad02ec0be0ee1bb8385768746eb650eac38b91c7942f783cb3e70e67710147eba2280213d022d964c6c830a8336052588a16fbcf40e56d8a8b119a6be555fbe1a208b9b22d0dbff6bc176fba5cce38f2f9b20dad714bbdf226c103d152e1ac1d05f08ad8a92a9264727784bb6f4af5d4ce6cc6e3a40ab08c1d0f8a9680b65435559ad01e531bc0cd1f90606c81c3e0205d96df9fefb9fec73385d6c59e220de19585eb93bffc630ad1a18a3db12d8cd739e8796af3e6eaa4acdf894e3"}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x423}}, {0x27, &(0x7f00000003c0)=@string={0x27, 0x3, "3cb2a777c693e1516f8abbfbc7166f1770b677d8afbf1556fb2702ed240c70d062b3f0ae96"}}, {0x29, &(0x7f0000000400)=@string={0x29, 0x3, "ba96f392e1faf4392282790924505d4726a230a0a0148b248f03a8dcb3a4c363898e3e64f4f722"}}, {0xf8, &(0x7f0000000440)=@string={0xf8, 0x3, "9d83f08f8ca76368ef76d54803e356ee0a3a15047d364bd0322636cc62fafe4bd99ae5afd30d67cf715d02933eeac294b98fe52b105d5c695cebad353bceef26bb0972007e5681c13c382cb552065aa2fb3bd60bd8f496cc98e985d1376ebb517c3045967c4fcfa5018c692fedc5d2f546752794a2acda14031ef3d0803a914f28dafec3390b7a034f841892dbff305cfbe44b9b426a0d9d62b2f16519f27de24e89a77614d802de8275be17893b578e99da9050a05e1cb70357ab2510f2006ab14b4148bf0f05c3c1e13f90e49d57527e95455772aa510ca30da269d59f17bd96a37a66dff36aeb5c38f77dab437b70ec784982ccbe"}}, {0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0x300a}}, {0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x100a}}]}) 3.958851668s ago: executing program 4 (id=2817): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3b071, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x13, &(0x7f00000005c0)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="0000000000000020660800002ab91a00180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000001000000850000000600000095000000000000009ab30e81bcd85a9a83b805fdeb2147e3f870681826a1a628b6b306424ebb29"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222}, 0x78) 2.827264936s ago: executing program 2 (id=2818): bpf$MAP_CREATE(0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000040)=0x3, 0x3) r0 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000b28000)=0x3) fcntl$setsig(r1, 0xa, 0x12) dup2(r1, r2) fcntl$setown(r1, 0x8, r0) tkill(r0, 0x13) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x15, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000006000000000000000000008500000041000000850000007d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x8, 0x145, 0x0, &(0x7f0000000240)="e02742e8680285ff9782762f280db189721d23b4050abcec76a4a97718fb291ecc8b02276ec9cdef5c9ef1a5b72438a5c0ba2c885e64e225dbe692f4550000b832e68356010000000008e4831154ec48a5572802349463fc0bdadf6cf640015e34a2b2332129c8c8ac386a3416c189a0472c09c36b07fab8aab3d0debb4d654ea16e17aaf5cb608db61c69abc8b15971d7f95df7071b88344e66409c2fd3712d72a9fb47ba51a6643b15d4efc678d914f8ad7827d66a02c5141c531bc24581e39255f91501d9411365e831e378dbcb55dbebb9eb61484b8ad4d232c65db17051ef32ffa6ab78c1a766393c905673949028a2b7189c45e470529aa004a0d018302c53cedd1162be64b10587063c7b690528363b6cb583a49f1fe49436a586080f5f649145b6f3a3b352ce9ff0b986e66d38058fdbe75da35d9151bce5330198401ab2a485a0", 0x0, 0x81, 0x0, 0x0, 0x64, 0x0, 0x0}, 0x50) 2.611723105s ago: executing program 4 (id=2819): socket(0x200000000000011, 0x2, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='hugetlbfs\x00', 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000180)=0x6) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000040)) read$dsp(r2, &(0x7f0000000440)=""/171, 0xab) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x89, 0xf6, 0x57, 0x40, 0x403, 0xbcd9, 0x9433, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x7d, 0x0, 0x0, 0xd9, 0x22, 0x99}}]}}]}}, 0x0) 2.419988077s ago: executing program 1 (id=2820): read$FUSE(0xffffffffffffffff, &(0x7f0000002600)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) syz_clone3(&(0x7f0000000580)={0x0, 0x0, &(0x7f0000000040), 0x0, {0x4000002a}, 0x0, 0x0, 0x0, &(0x7f0000004800)=[0x0, r0, r0, r0, 0x0], 0x5}, 0x58) socket$netlink(0x10, 0x3, 0x8) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$vim2m_VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058560f, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000280)={@in6={{0xa, 0x0, 0x0, @private2, 0x5}}, 0x0, 0x0, 0x20, 0x0, "98d3340600c7aa11897ecaab876eab79576839c5656be841ee2702e944af80373be266bd1883a68f0000070000000000000000000000000000000000000000000000000000000000000043be94ef00"}, 0xd8) bind$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x8200, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102376, 0x18fe8}], 0x1, 0x0, 0x0) r2 = socket$kcm(0x29, 0x5, 0x0) write$cgroup_pressure(r2, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0xc63b9e35) read$FUSE(r1, &(0x7f00000005c0)={0x2020}, 0x2020) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000001c0)) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) lseek(r4, 0x851, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xc, 0x0, 0xffffffffffffffc4) socket(0x3, 0xa, 0x8) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan0\x00'}) socket(0x2a, 0x2, 0x0) 2.228821723s ago: executing program 0 (id=2718): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x1, 0x0, @pic={0x0, 0x3f, 0x3}}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @ioapic={0x0, 0x7fffffff}}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[], 0x0, 0x2c2710}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000000)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) openat(r3, &(0x7f0000000080)='./file0\x00', 0xde81e04200c08f20, 0xa5) 2.03756236s ago: executing program 1 (id=2821): syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f22"], 0x22) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x2, 0x0, 0x3, 0x1, 0x1d48, 0xffffffffffffffff, 0x5fff, '\x00', 0x0, r0, 0x0, 0x1, 0x4}, 0x48) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000003c0)="057e30aae10df4f97559054b9a301ecfe91b645115e1421774006df60cb393573839b0078ce169ec2fde0afea66b5bbefa9d4f3cd8c2458336ceb1f0efe647d6d7b1cdbd12c9b8e3a822cbd51494bf79a1dbe5c22338ce37ed467a1d3d616564cbb81faa2e935b2697c12efb0ed141fa2eaad4747725c4bf20f8975e402b03eb77d1aa3f10f512397b5037b1b4cd4b7c08c03dc5e52a066e5982969fa044125ae251f46c26e2536cc8b77e8edb251378be4beedfb8dca0d449123f57677ca3da5bdebf91b195f1a5d49d7c292f20f58d490de36d8ee0e8a86bd04c3165549465cbee7891fc747d7def370ce644db894b56bd53af0d0e261bcfa6bf72a684dafc5bcafe07ece74cbd1d5fa32716dd03f7acd4f32d935438c91e033beaf49e3963e13d05e7a8334a858639636799f04a9033193e7d18a2a4b20bcc96811bb5efe476db70a76b7456ac4e71f3e89c00da0c7761c188570c7902bf2fee1be273be8a9f7a2d7508ef2188d3ba1db4fa9d1533d2f2a288cdfe3b0c50908d56ba69e81386e7e979e9d7ff78685ffb8de6baea2451762736a2bbafa11d541790b0564aef9b0b80fa24832090b84341a9fdf712d3296f911020f8021eda8130befaaab01cbe91dfc5768e6ff31ec50dd88596832a9f5fd4f558d367f40e454d3c97ad16a7f30b93629ee2def77b99f8a17c157529b0782fd847a4c75a2302ca96bbdcff660c2cca753e1a8c60dbcfb319a1594565a2e15bb6124316e196e3cafaf1a29eef84a0908d1dc80af7e333c65736699f1254addf2ab582f5c87c4f6ca234d7ca9673dc29444044b95abdaea958274e39aeb163ee2d05bc2ade5c33a0466e14fbdf8aa70ca2964c06ee5bc57b894b0143a7a503cc43574a07958940b029678df44d6c82fa2e6937ea6aeb5b8f33c21628e3b0d623c23c2e5a3546194fea742d90c1d61f343a005b9e58c3e8292b256fd0ecca81cda433f3bb0ed633607f0b635cdd8b4919bfa37c1e99df087d3f8f3ba5dec7930657eb3a4d8febb5234e048881fbfc499fe5eb6a0ce34546f7010ae2291e6731d0798ca451387a123998e68f6f577ba4e556bb9a119011a191a6bbcf55beb1fb0b8252deeed5721b271b964534a04462720c4c03e8ea7f120cfa1be630e7fc680d1f6e067075c72f642babcacf6b00cd3fdb9f3200e4ff8935b17ebe222053c78c3752666088017c2150dd014b9578af6adb15527a483eff5bb623710ca7b37ed49ff7cf1525f296af6f27846524e4aaea7476a2d08dceeca84a1ab11e2767abff12d10deaf63681dcabe9b1fb9ebe207d8e3793dba9a73a02ebea4e3a072397a88c47795d5e88b2040c9fe3f96f66f8f7d593547c8fc8f4e75a1c20962ecf2dd1e7bddf896f2a6c5f37a8784e2bc5b10cef2feab3b6eee7430908eeadd372248041a09b0c29385cd7a75754d2c429e72bf5fdac34097bbbbb3790f86399c60cb5054fbeb8eb1241608b506beb135091c18110c1d10d9a80f4adb11a6fd3001957cae0b4f8f730cc4fa4a7328e23f390caab014cfeec0ebfd0e14021f47fe330a68680678d23e7ca1ff18e7e242f4c1e3cca51dec73c58b596c2a92267ee76d3657c1e2b34102b09fa4c59c2619148440bf26802c6f858b8eee6d8c697bad2c4d5a0f76c6a4cdd3b8fdc21e447920491ef40578b68a7a5dfda04fa235fac01ad4e824b627137dc48807100e52ec5ae2f3a3fd84d68b824033b4f0ee28a9e72333b4e209ae905d0781e4fe8116e03b1ca5c3b1ea84974cabaa0214ed15bfe01e974491e8a20f9d03ed1b73799b083f3a65e809c3ff3cf126288fc1627409d46f78b5fe8b8ba0b3ddc3ac79aecd6eee2e0cc59826e5798f48f80f0c7f549b3a656e9acbc5e51bdc3becef93533166c1d9ffe4335ec973d3d27ce5987d150f554c4095650528578fe4858b670b0786f23c886612191f89ec57970dbc0e33cd62b57a08fa940b339577fd12d07dec2ac50e9e0b27f0716b3233803153389a95df956637af8d9778e27bce49ab0a832978712a074d3f7516ad512ed0d9b43049b5990c841a7b7146a24c62fb70645b8d85b6c8863d5c6aab03638ffa4e30c8de24383cf320eee735a4fd37262d473076f495da8b2f0f028b8f178c238010738d6afb1dc2e48089e80f6a7658ad3496f1a1f7f78abdcf934c733d22abb0671a0d41b9b33a5faf99d7b82166e27df0f97a7953dcc1fb364478200253757e8311ba61cb4c78a380cdd820553c7296816210f64b34619966f1540a407c8d6e8e30788909de19ede4116d09a14ce26ad59957add80b90602855c0134ba7fe8afd4493f7cd9ced61fda7d0ae02505c046acf68d68ecd9b1507a4d4eba4c2c834777b2c3c5a8b3c06677fe468072dcab48c1ac9deec30265c7f6c5864df89e25bba52715c82e9921db601b3935f5047b8cc07351b9965b1a1f6ef36c1fba89d9d96e332eacc1e8a78e09d7d6ba30845866449ed5264f763735d4e7cc133dba4b296b2dd9331efea01e5b3d05f38055e41c49993d679ef133b9b1af435fd0ac5fad33f571c76d02c40d4e301110b4442aa134364f0456da0cf362b2c27ebd667c0969ae09dad18becba9d6918fb1e741f685735cc7078f0e6328181a83da67516fac31522f9d9fc64a4b769e57e76bfff6f9867fa2fee1e7dddd11128322210e44eeef6db7269dfa1bfbd9099dd6f8219d585c22c20483251447772719a6115ccb690609de352989610a138110c884562b65de3cf63c3ebe9adfeb53c6e4ecc637c98b60161f71952b84c6fc4cea6af0ed533144bde4f8fbab2d3ffe0b2a5d0c55ec9979ea85a25045ad3a84becf0e891b89c1a83178d7368aea4bdfa0ebd46b8e110a2972c8ac96e10ac630e89f8d76bf35b03b5ecd393d1986fc61318e08ef02721e5f2cd2fe098ebcd1bd30a8f87b2a5650b51dd50d0d78ab7fe66490f5827372f1779d3d389e9fa66bd0296f0203af010d8f76783837cdde2555a90be577626a12de47d4da638efd0017750a230485f6ade34a27284d85dd87f9db8a832c571106d8296629418777b4d933fa049f0f4e5958c193e889305074091be14c66a4bf02cdfe1e8d26a5d21fa78c5628a7ee3d7a0c550296b2f0625e2dd18d45f2d45bee6746d4462c92bc3cf50503c7479bd121393821afe1cd7144ea37f4e8e5ee21f739024ad25af9430dee006b76617725556ff8a820b767fa821629819732f086a5fdf2ccb4edae0aceb3d6dea698e798ead905a2eef9065d633b007271e93101a71cbe385f56e32b3a8fb081c5c1ab09b729f89294a0007df3a3b8e93686020d993b812c6f85fe1618db897cd67be6cd5053dc8490bbebee133d140503c4aa51eea0c156523a1d81ae849dbe5a273bfc0de94836f8160ea9f146147fc02dd7b55dca6a2a43692268ee98f51fcd2d3faa76071d9716e877b2a3dcb51a51d5359a2ee705da52b43306f1f3caf33342fc281bc9c58d1ce05ecdeca371e3a788542f8fa999e4d8e10e66f0b6053d7d4cfc6acb815628bc2409b3dec01726121c267b3ee85fd61bbbdda68ae2c13026863e4a54b93d956fe692707a179411c841ca7d2f33a5223181b18b7ba2eebdd7c2a8dec3ac2a317b5fbd996e8598c394ee627308f0e887480a8dcd59b0256b636f4c62566501a733fa74232945ba1d9e2bae347391bf9ae2da4d3af2b262b772421fd3a5cab46862ea6049f5c9c76dd8549ce0e6c31c792b81b6b21f0bcca18bb2fa6a9d4d6e0a837bb119e2e002a69d6ca95a4b2acc463076c2e05731ef0cfaea84387a6baf6737cc14a25f5329ea924090311213344625a69ee382dd4bc72e00e63329956f3e021092585c9affa06a95bd0ef653ae9ff0abed5ee561ada4f83d8ef202d9c0b2225ebe8660cc408859d45e0332f4f78f6a339bce9d12ca2bc5116a8fd4007c485f5c1c41af96c41d96db35411842d7babc05c8b228066dccb9b67f348974363be521e41fa94d2034a0bc1e87360a80606e1e1bfa8e6399601b30bf93ac41129869158bc2b791b50e51519133ab58afd4023d4d721129b1307f054103a47c49e0524ac4df511c3409fa62d8b5c1a897794600f53efdcc987e06bffd77c9fc75fb7221ef29ed2f7e3e8abcb4a1875b85bd5176a6fba9a361d8684876508443bd50e630f4c684002b15930cf81d740b880eed25d22d8de8c00066790df084fea7c5021184a210a6d24f9bc862c4e3eafbb1782fa240ecfa5959d7a681bae84e8a96a5ff45dea4f9e16dd2cff2dccc6cf4042b44b7ad1f55dc1db5998ed40a409c0e67e1e64fab423d2c00fabb8976d9dacf0c82530e356a99f75082f3411adddfe4ab1ad3b55599fa15450dd5feee23591f1ce398e4c5ae8aad71ad26ea189c333c8467d1eaba9589bb8c41bbfe8c0c173e5446bc06b578c1db849fabe5fcd8fe0fca94bdc799b53b897249826037499e8b6213d640724fda1bcc9341ac61fbea02c8f39a53c496902d5c7922f678a273cdf5ffff38ea028ae19dc72f0b0688f2b9b7d5a9c04153c10ff4168cf9f243dea03b336be778f6c79d67a2d0ade82863eaf95d6fc7f745569864f369f4b39177c356c8c393bded485df28622f01251e58f3d39498520ff90e6c670f0dce5b494cb1d78dfad108406dc5857086d386bd42bd03fe716f049407e5e55caa0e73e96c1a4f6d5791ce7195b2ce72de52ed617ecefaeeabfa9350af49d1d91f9a4b97dc0808869b916f34ee242c40fe8c8aee57b6ddb69f9a10636e481dfa059ef001bad7020266f0d74b14edce6c18ffef854768a60885bad798658a6b9d0b438c483ba159346d5ce0771f53ff18e0bd47d8583bd56237f8da2747ac7eb2a87b6e26c4820d4fe18b76e06bb6e0c0cdf478b4aecd381c2a6ca9f10ec433f0aca63a66d04f70557baf9f2844005351a21664c2430fb0002cd03bcf0b2004068a2567f91a9fbee8c6d948fb35d48527b23e1398ce9f535e2b0b33c2bc31ab737ba4b980f46f5d424e33892c8093f3cd18510a3157afc023f63ad3ba999e950747c78c06ab141a26d74ffc049a6f76c465f9f9f03a8d339a8e61fef26a5239fbc11c01a87800c81efd7b9f28ee2ab2ed88a383f5013bfd6671ea3086121b235a0cc45ccb300c02588895f8d13ec7e00a3aaaa8b0e739f666fd1b13a90b23998704859c9c76108ed7ecdc63770e6ebaa0aeb9208b92ec4e948ac7fc81cc6f305f06c2f2d8c9267463af92e185ff627eed54313fa2ee0bff2cfa8be411982fd19fa88db5ec99f238f88782f8c7a957bef14f79351b63799a4cce160357c068987a5516b04c79644c140850cddc8bd5541fcca9e30826aad864240f434bd1fc67b58e3d664f782e9e46edcb34e2db98a39c23e334e51c71c9fa466470992cc1fbc36c3c8ff4340be67f9b85a74c9114cb9fe5ca4dcbb641ea17a54ba4658aeaa515109e117625a6196dd66d3584d293b468fce63b5a9c4b9461700c74ae955539bfbbe3eccfa7d9c9f737792a9d4b978baa2e92819e88340b73c88c2900b723248b18ae9414cb37a64ef8cb8ca85cda9677d9f1e71a6b70fe3ad17f2d13c1df48d93bfa50fd939a72ea26f9fbeaa6f8af2eec91b04a8fa7dc14fec0f54fcd1c5c848b4432f979f10e661cd2d7f8ff669ce99f9813fc5440fbbeb35f1a5e5115f5ca35dcc270bdbcae07a9ae8e22aabf8178379dee08874ec7840de27815890a88fc9a3bcfa88a33f9baef9af0ae01b2bd34a907f1151cb14bc8b396bc43a60f884f425e4a04348cc645aae68db49980139ddad0fed303e40b124fd654b36c961a56c44cc3686a7529b1f1ee47da3a0f1158542337df15780444790a2ff1b57e062f0db66730c9f98de395f939f44188225211c514447f67fcbf320a34c43ce09ed272bb992db3a35ae2c3c491c36f2de88984129fcea1ffd235aff7bef7fa95d65894db9a5f1b348efcb571a81b3d73ccd07cbef052389001e4d456800e05ca53bcf3485ce05791ff65a9f7913416ae26972f34f51a3270580b81307ce31c98eda06f3b35890ce317e79a16d728cd0bb6a3835667555c0c5138cfa5305a91db1f873b2a75b82ffcb27616ee67777708f7dc2ed9ddbeb38a60f446d3ac88ded25265c25ef38b0755a9d34bab5e669b6501d8c9787aae7eced9945cad3d4d1c32fa68b48a1d773750f814631db3e088c1b5e7ffa854ea1343d94ec1343918d7a1c5a095bb72b00eb3bff210aeec0b8a581a2a13429b83a193f4d447059265b63c4b8f8ea1b9494f65e79844d956c5d80780849dc086506e9eba002e682a1bae1543f8289588c574bb6ca9a2e57b908aaffed23ecf3536abaf96fe08291f3d70773288b4698e972b0187385dfff4cba59175814e75e7e5146205c7f2d2f749583b393f46c448c152d8be50d60ed8d8bdb30fc7925656a0f90b1de967c729980815e5f19ed453fbefcff67832cb90d753410a0b18eb7504600b11b0360c3d3594d48d832160d357afc1f17dc71dccabef7bbcf1fdd55b48cb02135c32650ab07b902f36b48be9376b2dd68343eacfe80d9dab3205a393a4c6ffd405f6db323dea11be4f22ce50df1e0cfec9e9b1e23acb94d66ea787d08f615a7c7288cdf1921a13a85d885e47cf1067d89ebad5b92ce5000000008d74bd2d5b78366f998cc35bf35e45d06128f1c5984fabee7542642bbf6d981b60759d3e7900e5b3d1d7310f90df0c88a600ff2f39932bf7411e61c692c9444dc9ae0dff28c0b94292c430ac4464e83ce8a29b886f45c98b8396667740c5be51e592eac0250d6e479505d36e930ca3a32cb671d58707d25b10e2660cd5e661b08e268c8bf1b3cbceb2d995a2a6fdfe5475cccc965f71baa7c84054e3bb6cbcb7167b06c708cd72ad4301e943dd1b2b2c325f682be3eaae730a8ed8bc3134b28d1ce04543bc66a529744561c42d25e65c7b5cc2a17875ebf35e53aa46e1edec29ff8d046a7e01459d9639c10d1df998cd9a12d7e50b2dc71ee7338cf71beb72d5020dc69eeafc354bf822d65ee0328eb07d04ac0d266fdb53227a158411da5ded254b3c359ee710e0278e1a06f06002538e108450fd6b11949fdc618a29baf34f232aa192230ddb318aa6d59d122257e50713fe73e6c0059399589c382dc901a8c3381139436f7331b69f457bbb38ed54daaa07a52cceb053c32690836c664b73d86261216b8610fc7b4d53dd3e5d9bcb3e25528e132911cac37e7f2618274c733b5ae02f9c27638d9e11988f1dfbb281ffd8cddf8558a481861cbe9d53a4ad8282d3587449cd51759ca397eda122d286e117d01539359870b94c98a3ce383ed1d280bcceb228acf73193e87fd3650e4dfd563cc55bfbc8626a41293cc90ef76e28e2dedaf968602d2997ae1c2752a0febe3a78f3756d40201ae13074091238324422caabe22c66b7866065264261fc2c3e0569493468d1c1c36259aedd5f078a231e72decd70f4de8532f6753287435296f33a096bc1c8b0ebb68c9f783881e45ac54159ec1c2f9e1f5cb48f96729a62d1b4fdaa89ef5de8741bca04e953534dc977e881a61281812af435206378eff173d7929ab4967e511bdc14e6d49cba517b0563c14fcd6ba38ef32bc48a00643416d7e34f7465b3e6240589d854db4d9714e998f2edf3a03986598a52aaf647d938f4a8e07c1c29615803af6cd403d261ad6da3c1c804034b4a4eef3ea1cc8db39d9e171b3f6dd074388577a4eb901c25c8031e4592cea80b6354850657f53b2acd910ec2c5a7db6abb0153e051dadfbcdf047e35591b96b5657ca55d99ef6fb48e07c34321cd20c40b30a646132f8afcb9426fe84a790567fb847076a8762ca29cfb037e0c948edc12122a1160a55d465f5c912406a10dc0d3c1156cd207e9ffe906d267c9c870521934e1c56af460c0ad0dea9c929acf85768e22bb65eca6e25e4ec8e6edb7a6215e8c7e5fdb56c7131b156ab6a78fc808f8f17a2708ff68b37778c00b3b546004fb2b2c588d8ca8276d281026bfe896698569814410422f27421b8fc5c09d47635f17ddf6b9f56a203c991514678c18a4afabe1eeca6fce1187fffcb6ebdacfc6cac9750766ed40c80e7eceb342a3fa6f86d014949f9d111bfd96e2a39d364f2e2722f2d9ab0577befe26055890161d780e52eff4022461c1d3b019b86af28c4f02fd1f7496d8c141344ad5756bcdc45158f3af7aac227c8853f607cae412db6fa924c039859fe455857bd5fde66cc1b773c12f516401a31c80d750079247c128a103361e7f0a392d21b4b1b594307ff6b37e5a242666209ec517561e04645b92e7cf3cff1a6c76c900d12d9556e2962c535401b1e61fa85e06551ed678703fb3bf8590f2608ae3c278b8d1ac286af38061afbbc3cb27ee7adc6ad299151cd00a84506e6a97648ff99f2a9d35d8421e71589437406fa8e6def8ce34c9abe5de3481c492887176d4485dac794b84567d5ebaf68d0007cb2256a0f1ce4318f6891f750fa9696fed3525059688cf973e70d688b1759cd0f3dfb0b2a7078174b978767cbdbfc3f7d5850e2f7772e2bd6e3ed69ef13cc141238b5ee04b6615e33c42fcd6cf979a0ac848458b713b9a988c1e3fc32f2a182fc0cab2e6933e9aa5c2d77db8c6a1802b43bd8220ff0ca92229fc26a44761d00eeebec834e5f7d382b4f58a2759c56e53b163dae034ffa1970acc57165746e575470e13c4044f392ae4bea93e7d666256436507bb987a247785301274d4f262f94989cdc94b209b7499bd0cb4437525b72be79c87c6076533e4a14799a60bd3563d46ee4767108bed7e637cfed6f3139637bb01f36385dc5873eed726fbec9a87da294cc11db8b49fe45b798ae74e1a8cb0f2907eb0178d2baf5f0f88f654baab9f147741945c496ddea1cfed65a82e913a131c4ac7bb6f0d8d5d28225dab8a33c6e60c0d2b2d5dbd8c35089f13f9a2ae81ec9addaefea9b8ddabc8cdeb6437381ce346db6e14d9d1e8bb4662b508d61da77fc8d9ebebceb1c23be5d0a7bba4a48c0591333ab7779bae78ff23c4bbf8a8cf30f3120a5b63a047064d7ed7d37191cf39b6d1e8ffe3b47379767bd691cb855a9c938e9a0235a5ec9c316a6dceca63fa5fe6df0b9f0d6b38add216aaf2726d3377ab827b00b4cbf490708a0f679b8cd7caadb3dee40cc98f778917d6a6263fcc0747bf75fd676d84abb7d10087da323f95c2571139fd4c9826ad5db6ee4c246b9da20592cae11f9264bd2945aa1a427b2acefb514a2daafbbae35ff761eb1e3b98b4a1dfca348b8c4ff96325a618d677180ceb7e916654ecc2deecb4e61d01080f44b98776b1b43aebeffe2c14006dd1d78c8babf1179f42fd20d87654d3246d41e9dc633eac1741be44f8d751d8c9fd57316fe06d60872939b7a2906bb27a299a3408a51d74e5d98417f05f85fc1b332e103e79203e9fe344dc1d1572de39d914c5270c839870d2b33da5a6efc08c4f0c8227cc35a7f77c6a55f80ceef90e217c80e5ecb4c236685f5219787b01612cfbac90794e8269c07fb7ca4f7dba4defb2aae2b37f7b1696e78de15dbb1b6d4ee0cc4c0fae274b2c2de9343862de1d9847515ad235b1837daa9b814f19e895ae3966ed262e3e7add9f19009e6b61462917b29502b67e124c43538a6bcab7296529e01bb26ab8b3ef094ed057383c4f92790b6f705ae9d943c4e8dad84f6ef82b54d062713c16960fb475d74d46a1b16062563da3391cc6ff5185162c31ff7339e4837e38adab8ab911abaaa006e313dd19a1f92b4f7bede4525b154e1b9f796136a85f3602da011ae2232be902347e08ce0bbf3d23d91c4aac11c8824caafa1d1ff0343ce655802c1915f3ae7c0c670b18e56e139be66a33613afcb3b1928613b3afba9d635070af678216d57023d1911f0eb7ebddefc96f0efd8e9dc10e8a87a68393e19733ef900c6264722940750ae16f664e445414e85e98570303c6d87d7f265cfae0a1e9314fc14674c2871c0d59bbe2eddaf9330a4e2a28673af73910d6cb90790f800e89d55a2930910a8430ade9551819d83d5ea6da4e58326b7ce555d01da86ea78200f0219ec92473da95cd5a632c525ca9fbcddebb8168881cdb2f5da787d0e31881e2b17d78184f3a0bed8662486d3937dab275d050b9dd5a2ce904208a91a467afc33e10fb6c1ca788a5ef30d6e8b615ec0ae1503fea7006569559b7b155c31b196b85881c5671173c06fc5373e9fd973e7111ed45874609bf3c88c6db732210a3ea04cb68662bbc2048bb55d811482af5c658e29bd18c57ffa25e88d7297cd20d4c2b13007cfae89f4dcd90177a0806a2ceb2095333b58f828c093b9bf63cd07e3d56a446fd12e755fd651211bc160948836939c17623b317b9e935307044bab2c11879a62288e7ecbbb97f10f52516f517b7b8e44cff5964fdfaf8044065056b48db13b1365004c336afa3535af1242c9b7271b8b1ba2213fcbb80926bcd394815cd7c27e3aeb2348dc45f5e06e32f5bd56d1c472f41b564ec0939cd012028412883cc098d086fd43858747b746be72b979d175f6a6447fc5908616dec7fc6c962e12e96e09bd068acd2fcf0ce1cc26d9f82b2b91bc9aafcbf8435011f73b6a8ea1bb2f3289b23236136b31656600762feff53e607df8cf3c9a7f257b212630c19f142e4cf5094250b629cabb145c77f1f14ad60ab7617078f810a766cfa341fb7c16086609bc0a768fb1cd782606f32b83a0a55d883269a05b80275612dc571cb993ea9e447b4d32570d412203ab4c8b050b63bb5ac0f8d6f4e9a1644e4b622587b2ae125c2093bd363493d58544d6303a0de17780fcd83e993aa83f4432274eee1e6333fcdc77bcfdea95b8b9ed787723e35b71f1dbe89ff1e3e6fde146c05b6fe9eae52b472624e412253a63e7fcf1b77dbff7509eec5a55501e222f66bd84d36663cd244fa1556bd34b4c9957a93a71e63961ffc7700c5545acdd3e79da41e1cfaca0956d4978222cda23a574d691dbb6c6bd083c70c2782c045bbbe0fcaa10efbc002af6832e3fa7dda0ec8ff6ded69302d55d5a62a7ec213f16ecc5e3304a83103d1c2b21e04e3f5f3730339a630a407e8cc6a5afd2f2ed78ff992035a3783a2708195a46e565a9113be8c228ccaae3510363b475732ad48fe8ff34801f4c35132359d4c5c5bff65141f4a8684d462cf5d97b44496440fff3f7a28d28bbaa8e6db2a6064cbe9fca4679afe8ca6dd27a25c56f3e58165040f19a0455199a0ece4583f060979427f2f3495f40a83bc6ee3eaadab18705d464662b8aba9c7aa2f29114f7acc247548a85bd44723064abeee18f7f558f6d0d74fa08103dd906124454745d23005c425b260b0034372123b642a0cbebbc1a0bcf0cfc3639876eceac5f9734057ff659cfd35b1a3eaa768b86d66244aabc23a45676a59d492614f1c0011c9253e53fc7bb3e20d303afdb5b6614dcc7bbf72a339e414672aac23c2e2983083f08dbc34e3452def00f402598b6aaa4f0d896d1648b1442621993b7d0c930560cb6152b9ce59f94356726816a224fca84da5dbde6675d20f546a3e4635e82ff9575cac9160e6819f", 0xfffffffffffffd8a, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_SET(r1, 0x4b72, &(0x7f00000023c0)={0x0, 0x0, 0xe, 0x1e, 0x15d, &(0x7f0000000100)="446fc663446b56e2e2d54fdca9bc6c277be78dc858795e7da44afc40ea401dcc226147741ee8fa5867cc2551538b80251003b42f7397fc90dc5ea5500d0b2bfea0d8e9338361b0cbe6bf30903c1fa3fa3c9aadfb0603c707e7868bf9c404e7cc52d5fca2808808c4ced4db4601cbeb74b3e877ef54334142c4005c4513f1dacfc2d1ae0b229cab1e4a026c7a3a9ba51fee4f544508090b54941cb27d0a899c58ccb0586f86a2bcd78dc315ad4b52b60fb5b76a310252711785bc2e00022a853a20932b5c2905380148d700149c3bbfe872a512f445ef80dd8153d4e2d047a089ed1a00acc5dd7aca8bef5ab26286889cab9a695968820ce9358ec304b330e3fd0a6e0da254ae1e04125b1159bb8cbf13865f2c565c01b34d515dd5f744d6cddcee84dc90f29a37c4cd4affe1364b520157fa7123ed2237acea09d02094146e6b3ff2a0910cb403c532a5ecacd3d26f5658884af39b575b4045e15d9e7fc2cba4eb63662ec8303caab487746cd4d8c8f9426bb2a4fc6cd94715192eb4ecfa5561e9f2b19d0aceb4df2613b424e573aea9f6cbd1ace28f27578bad99bb7e2f26e063c48945f9ee4900c61c63de280a72719a2ac4459588a2b467520117eb86b559c756eb12f8dceff3643cc2c804eee8560c041b8c1dcd798b723ac54ce515403b99d13b2eb3534c258e46979dc20a4772997ca8553abcad135e46e0834d317320a158d530a62b87c34d2dfef23d965cc9cce45234c9eaae2ec3a6be787569e9e267df2cb5d5c53a620f12065f9aa8920f71afa121b0164a694542a7ba36fc7a13738065fd4f8dae40e8a920f2dfecb3429b71affa50e1ffd21591c0d06fc36cb4c51eeb8f5ef1393e1694bd065bebe9468c792bbfa826aee0f4b0c75facf1a4ea5a89dfd08cf6c541133b6b81406c1f66649e212535065e913dcc64c12f10714f81dffe550d925b0e17bb3dd5da212a627b11c09049c0f63087511628e210d6c54696cc45ce9d4c7188429802e2d6fa68423e453f46391eb3f3c181d6badfbeab28bb103e28c8ebc38edeb400e88b352f8aee174337bfa8e14240c3a2275f631323f1eb2ef7f7933ad673f32cd6034128d70c8ad78218420c7f7c2e011cc2d07d5cf8407c3a02ecf605c3bb5bb335525c8779d372a555a3bbb5e4f5d6a73b31802a725b66ff2ae0d659a0f50a41be9925adddd9cd7f5b77e4cfabadd422c2e9bdb1a81403a96ee6112d26eb7b5d2fd6f213f2744890123e8b9ceb8c02dd29c7d8cb68091e5adfeb7b2bf492feaafff3fce4ccaccdf2c4a3af4be35bff96afd85f58052f2ed939cc90372a7937949e67c9d7ccd399ac69d3a0ef755abc98a5c515c6e23f88c0856babb8fbbeea00ab091930f93bc9b2a8e4628bb6f784fd3838e35bf4db500efb1945c7a7e567496888b476fa68f2cd501f7771279933300e6c98"}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c00128009000100626f6e64000000001c00028005001d008b0000000500010004"], 0x4c}}, 0x0) r3 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$PIO_UNIMAP(r3, 0x4b66, &(0x7f0000000000)={0x0, 0x0}) ioctl$PIO_UNIMAP(r1, 0x4b67, &(0x7f0000000580)={0x2, &(0x7f0000000540)=[{0x1000, 0x1}, {0xa5, 0x3}]}) ioctl$GIO_UNIMAP(r1, 0x4b66, &(0x7f00000000c0)={0x3, &(0x7f0000000080)=[{}, {}, {}]}) openat$ttynull(0xffffffffffffff9c, &(0x7f0000000500), 0x311001, 0x0) ioctl$GIO_FONT(r1, 0x4b60, &(0x7f0000000640)=""/27) ioctl$TIOCL_SETSEL(r3, 0x541c, &(0x7f0000000040)={0x2, {0x2, 0x5, 0x7, 0x75, 0x6, 0xd8e1b3a8d0d53565}}) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f00000001c0)={'filter\x00', 0x5, 0x4, 0x3f0, 0x110, 0x0, 0x0, 0x308, 0x308, 0x220, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @private, @empty}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @local, @private}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440) ioctl$KDMKTONE(0xffffffffffffffff, 0x4b30, 0x1d) r4 = socket(0x840000000002, 0x3, 0x100) connect$inet(r4, &(0x7f0000000000)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) 1.975958962s ago: executing program 0 (id=2822): r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000380)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r1, &(0x7f00000005c0)={0x0, 0x300, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000002700000008000300", @ANYRES32=r2, @ANYBLOB="30002f80"], 0x4c}}, 0x0) 1.71995258s ago: executing program 0 (id=2823): socket$inet_mptcp(0x2, 0x1, 0x106) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bind$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x1b, 0x0, 0x1, 0x5}, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000040)={0x0, @sdr}) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) futex(0x0, 0xd, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000000b40), 0x2b842ac, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x4, &(0x7f0000000240)=[{0x0, 0xe, 0x40, 0x40000}, {0x4, 0xf, 0x1}, {0x7, 0x4, 0x7, 0x5}, {0x6, 0x1, 0xcb, 0xba}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0x50}}, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000580)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r2, 0xc0182101, &(0x7f0000000100)={r4, 0x0, 0x2}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000480)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000180)={r5, 0x3, r2}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') 974.370786ms ago: executing program 1 (id=2824): socket$inet6_sctp(0xa, 0x5, 0x84) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, &(0x7f0000000340)='syzkaller\x00'}, 0x90) preadv(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000600)=""/172, 0xac}], 0x1, 0x0, 0x0) r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x20) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0xc9) ioctl$VHOST_VDPA_GET_STATUS(r1, 0x8001af71, &(0x7f00000000c0)) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x90) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r5, r6}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xe72, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x12, 0x0, @opaque='\x00'/10}}}}}, 0x0) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x7, 0x1, 0x301}, 0x14}}, 0x0) syz_open_dev$ndb(0x0, 0x0, 0x202001) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000001ec0)={0x0, 0x0, &(0x7f0000001e80)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c0000000d06010200000000000000000000000015ec6cd6000300686173683a69702c706f72742c6e65740000000005000100070000000500050000000000"], 0x3c}, 0x1, 0x0, 0x0, 0x40010}, 0x0) close(r2) r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xd, 0x1c, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000018110000808a2f76f7058b1776bdfbb6dfb86ca3ef9b589bc3ffdcfbe17f35ccc4072c700b7cf880f665510d270fb8", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000b7020000000000007b9af8ff00000000b5090800000000007baaf0ff00000000bf9800000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018280000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7050000080000004600000076000000bf9100000000000056080000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r8, 0xc08c5336, &(0x7f0000000300)={0x0, 0x2, 0x0, 'queue1\x00', 0x3}) mmap$dsp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x8, 0x110, r1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) 859.123192ms ago: executing program 4 (id=2825): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r1 = dup(r0) write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r2, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c) socket$inet6(0xa, 0x3, 0x88) socket$packet(0x11, 0x3, 0x300) write$proc_mixer(0xffffffffffffffff, 0x0, 0xb8) openat$proc_mixer(0xffffffffffffff9c, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x4e24, @multicast2}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000003a80)=[{{&(0x7f00000000c0)=@in={0x2, 0x4e24, @loopback}, 0x80, 0x0}}], 0x1, 0x20040051) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000340)={'#! ', './file0'}, 0xb) setsockopt$inet_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0xc, &(0x7f0000000040)=@gcm_256={{}, "a2879a2323b8254e", "86dd270f98c60203791922c5acce09cc4c1afd8c02f79131becff587e9572ef9", "770c937d", "5590a6b25e516d6a"}, 0x38) socket$inet(0x2, 0x80000, 0x0) listen(0xffffffffffffffff, 0x0) ioctl$EXT4_IOC_GETFSUUID(0xffffffffffffffff, 0x8008662c, 0x0) setsockopt$MRT6_DONE(0xffffffffffffffff, 0x29, 0xc9, 0x0, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r4, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) 464.367815ms ago: executing program 3 (id=2826): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@ipv6_newaddr={0x18, 0x14, 0x9535393fea6295b5}, 0x18}, 0x306}, 0x0) (fail_nth: 4) 463.484977ms ago: executing program 0 (id=2827): bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000100), 0x81040, &(0x7f0000002140)=ANY=[@ANYRESHEX, @ANYBLOB]) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x10, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040), 0xe) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c8000c00080002"], 0x11) r1 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) unshare(0x68020280) dup(0xffffffffffffffff) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) capset(0x0, 0x0) faccessat2(r1, &(0x7f0000000480)='./file0\x00', 0x0, 0x0) 0s ago: executing program 1 (id=2828): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x58, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}]}, 0x58}}, 0x0) kernel console output (not intermixed with test programs): dv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1068.377706][T14243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1068.389525][T14243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1068.400240][T14243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1068.421590][T14243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1068.454516][T14243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1068.487803][T14243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1068.500611][T14243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1068.529406][T14243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1068.567372][T14243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1068.593034][T14243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1068.607865][T14243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1068.628871][T14243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1068.654335][T14243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1068.703150][T14243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1068.740323][T14243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1068.768416][T14243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1068.783634][T14353] FAULT_INJECTION: forcing a failure. [ 1068.783634][T14353] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1068.802985][T14243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1068.818669][T14243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1068.830996][T14353] CPU: 0 UID: 0 PID: 14353 Comm: syz.1.2255 Not tainted 6.11.0-rc1-syzkaller-00334-ga5dbd76a8942 #0 [ 1068.841791][T14353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1068.851855][T14353] Call Trace: [ 1068.855135][T14353] [ 1068.858064][T14353] dump_stack_lvl+0x241/0x360 [ 1068.862744][T14353] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1068.868030][T14353] ? __pfx__printk+0x10/0x10 [ 1068.872620][T14353] should_fail_ex+0x3b0/0x4e0 [ 1068.877300][T14353] _copy_from_user+0x2f/0xe0 [ 1068.881901][T14353] vmemdup_user+0x149/0x1c0 [ 1068.886441][T14353] map_lookup_elem+0x28e/0x7c0 [ 1068.891237][T14353] ? bpf_lsm_bpf+0x9/0x10 [ 1068.895592][T14353] __sys_bpf+0x429/0x810 [ 1068.899870][T14353] ? __pfx___sys_bpf+0x10/0x10 [ 1068.904676][T14353] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1068.910691][T14353] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1068.917058][T14353] ? do_syscall_64+0x100/0x230 [ 1068.921030][T14243] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1068.921839][T14353] __x64_sys_bpf+0x7c/0x90 [ 1068.933460][T14353] do_syscall_64+0xf3/0x230 [ 1068.937991][T14353] ? clear_bhb_loop+0x35/0x90 [ 1068.942691][T14353] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1068.948614][T14353] RIP: 0033:0x7f4c1af779f9 [ 1068.952021][T14243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1068.953027][T14353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1068.953045][T14353] RSP: 002b:00007f4c1bcaa048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1068.953068][T14353] RAX: ffffffffffffffda RBX: 00007f4c1b105f80 RCX: 00007f4c1af779f9 [ 1068.953083][T14353] RDX: 0000000000000020 RSI: 0000000020000780 RDI: 0000000000000001 [ 1068.953094][T14353] RBP: 00007f4c1bcaa0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1068.953106][T14353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1068.965081][T14243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1068.983080][T14353] R13: 000000000000000b R14: 00007f4c1b105f80 R15: 00007ffe5c6a0858 [ 1068.983121][T14353] [ 1068.983310][ C0] vkms_vblank_simulate: vblank timer overrun [ 1069.022787][T14243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1069.023844][ C0] vkms_vblank_simulate: vblank timer overrun [ 1069.054860][T14243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1069.061015][ C0] vkms_vblank_simulate: vblank timer overrun [ 1069.123599][T14243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1069.135075][ T5225] Bluetooth: hci4: command 0x0419 tx timeout [ 1069.175902][T14243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1069.210535][T14243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1069.225982][T14243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1069.236785][T14243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1069.247812][T14243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1069.258107][ T9448] usb 5-1: new high-speed USB device number 55 using dummy_hcd [ 1069.268654][T14243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1069.280229][T14243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1069.290845][T14243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1069.306087][T14243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1069.319743][T14243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1069.338364][T14243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1069.350191][T14243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1069.361204][T14243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1069.371567][T14243] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1069.383031][T14243] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1069.422263][T14243] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1069.446444][ T9448] usb 5-1: config 1 interface 0 altsetting 231 bulk endpoint 0x1 has invalid maxpacket 32 [ 1069.460400][ T9448] usb 5-1: config 1 interface 0 has no altsetting 0 [ 1069.470868][ T9448] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1069.483526][ T9448] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1069.511163][ T9448] usb 5-1: Product: ࠌ [ 1069.528013][ T9448] usb 5-1: Manufacturer: ȗ⩪㞄밽屠莅㩁齟୾ᗞ洫뜠ඓ睗ǽ馊䚭讇㕁㣸ꗌ㓛Ὃ楄銹ꋥ껗⊻矤ك琮褟ᄆ言晔飧쳾慧핀匥忋呑듄쯮ဈ톉薓䆻翳켊ﹰ杈 [ 1069.579131][ T9448] usb 5-1: SerialNumber: ц [ 1069.613211][T14345] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1069.728508][T14355] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1069.888118][T14243] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1069.903054][ T9] usb 1-1: new high-speed USB device number 58 using dummy_hcd [ 1069.922900][T14243] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1069.939184][T14243] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1069.952290][T14243] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1069.971851][ T9448] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 55 if 0 alt 231 proto 1 vid 0x0525 pid 0xA4A8 [ 1070.009650][ T9448] usb 5-1: USB disconnect, device number 55 [ 1070.033478][ T9448] usblp0: removed [ 1070.082369][T14355] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.113839][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 1070.123608][ T9] usb 1-1: config 228 has an invalid interface number: 148 but max is 1 [ 1070.136354][ T9] usb 1-1: config 228 contains an unexpected descriptor of type 0x2, skipping [ 1070.193399][ T9] usb 1-1: config 228 contains an unexpected descriptor of type 0x2, skipping [ 1070.206283][ T9] usb 1-1: config 228 has an invalid interface number: 193 but max is 1 [ 1070.216043][ T9] usb 1-1: config 228 has no interface number 0 [ 1070.226529][ T9] usb 1-1: config 228 has no interface number 1 [ 1070.240648][ T9] usb 1-1: config 228 interface 148 altsetting 249 has an invalid descriptor for endpoint zero, skipping [ 1070.269808][ T9] usb 1-1: config 228 interface 148 altsetting 249 endpoint 0x8 has an invalid bInterval 151, changing to 11 [ 1070.284291][ T9] usb 1-1: config 228 interface 148 altsetting 249 has a duplicate endpoint with address 0xE, skipping [ 1070.295697][ T9] usb 1-1: config 228 interface 148 altsetting 249 bulk endpoint 0x3 has invalid maxpacket 1023 [ 1070.308287][T14355] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.328988][ T9] usb 1-1: config 228 interface 148 altsetting 249 has an invalid descriptor for endpoint zero, skipping [ 1070.342441][ T9] usb 1-1: config 228 interface 193 altsetting 4 has a duplicate endpoint with address 0xD, skipping [ 1070.360133][ T9] usb 1-1: config 228 interface 193 altsetting 4 endpoint 0xF has an invalid bInterval 49, changing to 7 [ 1070.371637][ T9] usb 1-1: config 228 interface 193 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 1070.400245][ T9] usb 1-1: config 228 interface 193 altsetting 4 has a duplicate endpoint with address 0x6, skipping [ 1070.419487][ T9] usb 1-1: config 228 interface 193 altsetting 4 has a duplicate endpoint with address 0xE, skipping [ 1070.462918][ T9] usb 1-1: config 228 interface 148 has no altsetting 0 [ 1070.481509][ T9] usb 1-1: config 228 interface 193 has no altsetting 0 [ 1070.500714][ T9] usb 1-1: New USB device found, idVendor=04da, idProduct=2500, bcdDevice=c1.f6 [ 1070.515792][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1070.524633][ T9] usb 1-1: Product: syz [ 1070.532319][ T9] usb 1-1: Manufacturer: ࠔ [ 1070.537514][ T9] usb 1-1: SerialNumber: syz [ 1070.559445][T14364] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 1070.741068][T14355] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.803668][ T9] usb 1-1: USB disconnect, device number 58 [ 1070.968121][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1070.994618][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1071.222754][ T5236] Bluetooth: hci4: command 0x0419 tx timeout [ 1071.672271][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1071.812827][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1071.992487][T14355] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1072.168402][T14355] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1072.517492][T14355] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1072.764558][T14355] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1073.266453][T14409] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2269'. [ 1073.291841][T14409] rdma_rxe: rxe_newlink: failed to add lo [ 1074.037671][T14412] FAULT_INJECTION: forcing a failure. [ 1074.037671][T14412] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1074.088385][T14412] CPU: 1 UID: 0 PID: 14412 Comm: syz.2.2268 Not tainted 6.11.0-rc1-syzkaller-00334-ga5dbd76a8942 #0 [ 1074.099193][T14412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1074.109426][T14412] Call Trace: [ 1074.112718][T14412] [ 1074.115647][T14412] dump_stack_lvl+0x241/0x360 [ 1074.120328][T14412] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1074.125515][T14412] ? __pfx__printk+0x10/0x10 [ 1074.130092][T14412] ? __pfx_lock_release+0x10/0x10 [ 1074.135102][T14412] ? smack_log+0x123/0x540 [ 1074.139502][T14412] should_fail_ex+0x3b0/0x4e0 [ 1074.144165][T14412] _copy_from_user+0x2f/0xe0 [ 1074.148738][T14412] drm_ioctl+0x577/0xad0 [ 1074.152968][T14412] ? __pfx_drm_mode_getconnector+0x10/0x10 [ 1074.158763][T14412] ? __pfx_drm_ioctl+0x10/0x10 [ 1074.163544][T14412] ? bpf_lsm_file_ioctl+0x9/0x10 [ 1074.168463][T14412] ? security_file_ioctl+0x87/0xb0 [ 1074.173561][T14412] ? __pfx_drm_ioctl+0x10/0x10 [ 1074.178750][T14412] __se_sys_ioctl+0xfc/0x170 [ 1074.183334][T14412] do_syscall_64+0xf3/0x230 [ 1074.187827][T14412] ? clear_bhb_loop+0x35/0x90 [ 1074.192485][T14412] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1074.198366][T14412] RIP: 0033:0x7ff487f779f9 [ 1074.202764][T14412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1074.222353][T14412] RSP: 002b:00007ff488cac048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1074.230754][T14412] RAX: ffffffffffffffda RBX: 00007ff488106058 RCX: 00007ff487f779f9 [ 1074.238711][T14412] RDX: 0000000020000540 RSI: 00000000c05064a7 RDI: 0000000000000005 [ 1074.246667][T14412] RBP: 00007ff488cac0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1074.254622][T14412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1074.262575][T14412] R13: 000000000000006e R14: 00007ff488106058 R15: 00007fff31615948 [ 1074.270538][T14412] [ 1075.222761][ T5269] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 1075.424311][ T5269] usb 5-1: config 0 has an invalid interface number: 125 but max is 0 [ 1075.513012][ T5269] usb 5-1: config 0 has no interface number 0 [ 1075.519171][ T5269] usb 5-1: New USB device found, idVendor=0403, idProduct=bcd9, bcdDevice=94.33 [ 1075.614496][ T5269] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1075.698768][ T5269] usb 5-1: config 0 descriptor?? [ 1075.750689][ T5269] ftdi_sio 5-1:0.125: FTDI USB Serial Device converter detected [ 1075.785767][ T5269] ftdi_sio ttyUSB0: unknown device type: 0x9433 [ 1076.027213][ T943] usb 5-1: USB disconnect, device number 56 [ 1076.079475][ T943] ftdi_sio 5-1:0.125: device disconnected [ 1076.741919][T14463] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2283'. [ 1076.767950][T14463] rdma_rxe: rxe_newlink: failed to add lo [ 1077.833307][T14476] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2284'. [ 1077.833453][T14476] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 1078.021062][T14480] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2286'. [ 1078.059071][T14480] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 1078.413135][ T5232] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 1078.487832][T14493] 9pnet_virtio: no channels available for device 127.0.0.1 [ 1078.752830][ T5232] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 65535, setting to 1024 [ 1079.489090][ T5232] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024 [ 1079.597624][ T5232] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 1079.634040][ T5232] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 1079.950452][T14506] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2295'. [ 1079.975960][T14506] rdma_rxe: rxe_newlink: failed to add lo [ 1080.630461][ T5232] usb 4-1: New USB device found, idVendor=1949, idProduct=85a5, bcdDevice=a3.3a [ 1080.658081][ T5232] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1080.718295][ T5232] usb 4-1: Product: syz [ 1080.734648][ T5232] usb 4-1: Manufacturer: syz [ 1080.759308][ T5232] usb 4-1: SerialNumber: syz [ 1080.782066][ T5232] usb 4-1: config 0 descriptor?? [ 1080.826664][T14489] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1081.004669][ T943] usb 4-1: USB disconnect, device number 49 [ 1082.296821][ T5493] IPVS: starting estimator thread 0... [ 1082.355134][T14558] 9pnet_virtio: no channels available for device 127.0.0.1 [ 1082.433805][T14557] IPVS: using max 33 ests per chain, 79200 per kthread [ 1082.940348][T14568] rdma_rxe: rxe_newlink: failed to add lo [ 1086.256121][T14617] lo speed is unknown, defaulting to 1000 [ 1086.668360][T14617] lo speed is unknown, defaulting to 1000 [ 1087.133513][ T5493] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 1087.159040][T14636] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2329'. [ 1087.168570][T14636] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 1087.298196][T14636] x_tables: unsorted underflow at hook 2 [ 1087.333863][ T5493] usb 3-1: too many configurations: 248, using maximum allowed: 8 [ 1087.441633][ T5493] usb 3-1: New USB device found, idVendor=19d2, idProduct=75bc, bcdDevice=9b.81 [ 1087.492402][ T5493] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=197 [ 1087.538777][ T5493] usb 3-1: Product: syz [ 1087.558068][ T5493] usb 3-1: Manufacturer: syz [ 1087.576865][ T5493] usb 3-1: SerialNumber: syz [ 1087.675132][ T5493] usb 3-1: config 0 descriptor?? [ 1087.696013][ T5493] cdc_acm 3-1:0.0: Zero length descriptor references [ 1087.731625][ T5493] cdc_acm 3-1:0.0: probe with driver cdc_acm failed with error -22 [ 1087.926963][T14632] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1088.707336][T14632] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1088.800186][ T5493] usb 3-1: USB disconnect, device number 70 [ 1088.823531][T14647] syz.0.2337: attempt to access beyond end of device [ 1088.823531][T14647] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 1089.874560][T14670] netlink: 'syz.3.2342': attribute type 3 has an invalid length. [ 1089.885120][T14670] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2342'. [ 1094.704600][ T29] audit: type=1326 audit(1722811460.820:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14673 comm="syz.0.2344" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd99bb779f9 code=0x0 [ 1095.658597][T14686] lo speed is unknown, defaulting to 1000 [ 1095.825716][T14689] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2348'. [ 1095.841850][T14689] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 1095.956841][T14689] x_tables: unsorted underflow at hook 2 [ 1096.224503][T14686] lo speed is unknown, defaulting to 1000 [ 1096.770766][T14701] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2353'. [ 1096.835990][T14703] syz.2.2354: attempt to access beyond end of device [ 1096.835990][T14703] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 1096.954480][ T5232] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 1097.186450][ T5232] usb 4-1: too many configurations: 248, using maximum allowed: 8 [ 1097.283688][ T5232] usb 4-1: New USB device found, idVendor=19d2, idProduct=75bc, bcdDevice=9b.81 [ 1097.409324][ T5232] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=197 [ 1097.495210][ T5232] usb 4-1: Product: syz [ 1097.518663][ T5232] usb 4-1: Manufacturer: syz [ 1097.550038][ T5232] usb 4-1: SerialNumber: syz [ 1097.695296][ T5232] usb 4-1: config 0 descriptor?? [ 1097.706313][ T5236] Bluetooth: hci7: command 0x0406 tx timeout [ 1097.837649][ T5232] cdc_acm 4-1:0.0: Zero length descriptor references [ 1097.857379][ T5232] cdc_acm 4-1:0.0: probe with driver cdc_acm failed with error -22 [ 1097.960099][T14698] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1097.973047][T14716] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2355'. [ 1098.094227][T14720] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2356'. [ 1098.112238][T14698] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1098.172341][T14716] mkiss: ax0: crc mode is auto. [ 1098.286108][ T5232] usb 4-1: USB disconnect, device number 50 [ 1098.332249][T14722] syz.0.2357: attempt to access beyond end of device [ 1098.332249][T14722] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 1098.460817][ T9] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 1098.765864][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 1098.822831][ T29] audit: type=1326 audit(1722811464.930:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=14730 comm="syz.2.2358" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff487f779f9 code=0x0 [ 1098.827235][ T9] usb 5-1: New USB device found, idVendor=046d, idProduct=0990, bcdDevice=7f.01 [ 1098.904733][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1098.949869][ T9] usb 5-1: config 0 descriptor?? [ 1098.977914][ T9] usb 5-1: unknown interface protocol 0x3f, assuming v1 [ 1099.009954][ T9] usb 5-1: cannot find UAC_HEADER [ 1099.049648][ T9] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 1099.216028][T14720] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1099.304084][T14738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1099.313160][T14738] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1100.073600][ T5493] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 1100.282781][ T5493] usb 3-1: Using ep0 maxpacket: 16 [ 1100.327620][ T5493] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 1100.336282][T14753] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2364'. [ 1100.355675][ T5493] usb 3-1: can't read configurations, error -61 [ 1100.459638][ T5236] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 1100.476331][ T5236] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 1100.488144][ T5236] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 1100.502819][ T5236] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 1100.511753][ T5236] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 1100.522073][ T5236] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 1100.601200][ T5493] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 1100.664719][T14755] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1100.672673][T14755] IPv6: NLM_F_CREATE should be set when creating new route [ 1100.862826][ T5493] usb 3-1: Using ep0 maxpacket: 16 [ 1100.899497][T14754] lo speed is unknown, defaulting to 1000 [ 1100.926411][ T5493] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 1100.972240][ T5493] usb 3-1: can't read configurations, error -61 [ 1100.999759][ T5493] usb usb3-port1: attempt power cycle [ 1101.176558][ T9] usb 5-1: USB disconnect, device number 57 [ 1101.527145][ T5493] usb 3-1: new high-speed USB device number 73 using dummy_hcd [ 1101.593475][ T5493] usb 3-1: Using ep0 maxpacket: 16 [ 1101.665598][T14773] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2369'. [ 1101.699967][T14773] syz0: rxe_newlink: already configured on lo [ 1101.713587][T14773] infiniband syz0: set active [ 1101.900470][ T9] lo speed is unknown, defaulting to 1000 [ 1102.383183][ T5232] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 1102.391961][ T5493] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 1102.400005][ T5493] usb 3-1: can't read configurations, error -61 [ 1102.562914][ T5493] usb 3-1: new high-speed USB device number 74 using dummy_hcd [ 1102.571400][T14754] lo speed is unknown, defaulting to 1000 [ 1102.622178][T14776] syz.0.2370: attempt to access beyond end of device [ 1102.622178][T14776] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 1102.644825][ T5493] usb 3-1: Using ep0 maxpacket: 16 [ 1102.661715][ T5236] Bluetooth: hci9: command tx timeout [ 1102.661733][ T5493] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 1102.676993][ T5493] usb 3-1: can't read configurations, error -61 [ 1102.693313][ T5493] usb usb3-port1: unable to enumerate USB device [ 1102.733053][ T5232] usb 4-1: Using ep0 maxpacket: 8 [ 1102.867439][T14777] fuse: Unknown parameter '0x000000000000000a' [ 1102.921965][ T5232] usb 4-1: New USB device found, idVendor=04e6, idProduct=000a, bcdDevice= 2.00 [ 1103.029689][ T5232] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1103.092871][ T5232] usb 4-1: Product: syz [ 1103.156209][ T5232] usb 4-1: Manufacturer: syz [ 1103.179638][ T5493] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 1103.250322][ T5232] usb 4-1: SerialNumber: syz [ 1103.314507][ T5232] usb 4-1: config 0 descriptor?? [ 1103.414421][ T5493] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 1103.437272][ T5232] usb-storage 4-1:0.0: USB Mass Storage device detected [ 1103.446308][ T5493] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1103.483617][T14754] chnl_net:caif_netlink_parms(): no params data found [ 1103.494635][ T5493] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1103.543823][ T5493] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 1103.658670][ T5493] usb 5-1: New USB device found, idVendor=044f, idProduct=b653, bcdDevice= 0.00 [ 1103.726900][ T5493] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1103.865265][ T5493] usb 5-1: config 0 descriptor?? [ 1104.240382][ T943] usb 4-1: USB disconnect, device number 51 [ 1104.254535][T14754] bridge0: port 1(bridge_slave_0) entered blocking state [ 1104.261711][T14754] bridge0: port 1(bridge_slave_0) entered disabled state [ 1104.311406][T14754] bridge_slave_0: entered allmulticast mode [ 1104.334248][T14754] bridge_slave_0: entered promiscuous mode [ 1104.357650][T14754] bridge0: port 2(bridge_slave_1) entered blocking state [ 1104.382294][T14754] bridge0: port 2(bridge_slave_1) entered disabled state [ 1104.400881][T14754] bridge_slave_1: entered allmulticast mode [ 1104.433536][T14754] bridge_slave_1: entered promiscuous mode [ 1104.443318][ T5493] thrustmaster 0003:044F:B653.000E: unknown main item tag 0x0 [ 1104.461087][ T5493] thrustmaster 0003:044F:B653.000E: unknown main item tag 0x0 [ 1104.473422][ T5493] thrustmaster 0003:044F:B653.000E: unknown main item tag 0x0 [ 1104.484168][ T5493] thrustmaster 0003:044F:B653.000E: unknown main item tag 0x0 [ 1104.502119][ T5493] thrustmaster 0003:044F:B653.000E: unknown main item tag 0x0 [ 1104.534741][ T5493] thrustmaster 0003:044F:B653.000E: unknown main item tag 0x0 [ 1104.555480][ T5493] thrustmaster 0003:044F:B653.000E: unknown main item tag 0x0 [ 1104.576134][ T5493] thrustmaster 0003:044F:B653.000E: hidraw0: USB HID v0.00 Device [HID 044f:b653] on usb-dummy_hcd.4-1/input0 [ 1104.599277][ T5493] thrustmaster 0003:044F:B653.000E: no inputs found [ 1104.641729][T14777] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1104.663837][T14754] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1104.673111][T14777] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1104.733435][ T5236] Bluetooth: hci9: command tx timeout [ 1104.774423][T14754] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1104.822536][T14817] 9pnet_fd: Insufficient options for proto=fd [ 1104.841117][T14815] overlay: ./bus is not a directory [ 1105.684211][T14754] team0: Port device team_slave_0 added [ 1105.742252][T14754] team0: Port device team_slave_1 added [ 1105.966067][T14754] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1106.088488][T14754] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1106.635262][ T5232] usb 5-1: USB disconnect, device number 58 [ 1106.653393][T14754] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1106.737521][T14754] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1106.787940][T14754] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1106.823029][ T5236] Bluetooth: hci9: command tx timeout [ 1106.901472][T14754] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1108.074019][T14847] 9pnet_virtio: no channels available for device 127.0.0.1 [ 1108.337238][T14754] hsr_slave_0: entered promiscuous mode [ 1108.391987][T14754] hsr_slave_1: entered promiscuous mode [ 1108.472893][T14754] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1108.546481][T14754] Cannot create hsr debugfs directory [ 1108.902796][ T5236] Bluetooth: hci9: command tx timeout [ 1109.520303][T14867] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2394'. [ 1109.979536][T14874] FAULT_INJECTION: forcing a failure. [ 1109.979536][T14874] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1110.193893][T14874] CPU: 0 UID: 0 PID: 14874 Comm: syz.0.2396 Not tainted 6.11.0-rc1-syzkaller-00334-ga5dbd76a8942 #0 [ 1110.205285][T14874] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1110.215326][T14874] Call Trace: [ 1110.218588][T14874] [ 1110.221499][T14874] dump_stack_lvl+0x241/0x360 [ 1110.226166][T14874] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1110.231352][T14874] ? __pfx__printk+0x10/0x10 [ 1110.235938][T14874] should_fail_ex+0x3b0/0x4e0 [ 1110.240599][T14874] prepare_alloc_pages+0x1da/0x5d0 [ 1110.245699][T14874] __alloc_pages_noprof+0x166/0x6c0 [ 1110.250882][T14874] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 1110.256596][T14874] ? validate_chain+0x11e/0x5900 [ 1110.261540][T14874] ? __pfx_validate_chain+0x10/0x10 [ 1110.266728][T14874] alloc_pages_mpol_noprof+0x3e8/0x680 [ 1110.272174][T14874] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 1110.278143][T14874] vma_alloc_folio_noprof+0x12e/0x230 [ 1110.283501][T14874] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 1110.289381][T14874] folio_prealloc+0x31/0x170 [ 1110.293953][T14874] handle_pte_fault+0x2530/0x6eb0 [ 1110.298972][T14874] ? mark_lock+0x9a/0x350 [ 1110.303288][T14874] ? __pfx_handle_pte_fault+0x10/0x10 [ 1110.308648][T14874] ? reacquire_held_locks+0x3eb/0x690 [ 1110.313998][T14874] ? lock_vma_under_rcu+0x2f9/0x6e0 [ 1110.319186][T14874] ? __pfx_reacquire_held_locks+0x10/0x10 [ 1110.324911][T14874] handle_mm_fault+0xf70/0x1880 [ 1110.329801][T14874] ? __pfx_handle_mm_fault+0x10/0x10 [ 1110.335103][T14874] ? lock_vma_under_rcu+0x592/0x6e0 [ 1110.340333][T14874] ? exc_page_fault+0x113/0x8c0 [ 1110.345212][T14874] exc_page_fault+0x459/0x8c0 [ 1110.349914][T14874] asm_exc_page_fault+0x26/0x30 [ 1110.354767][T14874] RIP: 0033:0x7fd99ba430bb [ 1110.359188][T14874] Code: 00 00 00 48 8d 3d cd 2a 19 00 48 89 c1 31 c0 e8 4b 5d ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d 01 2b 19 00 48 89 34 24 48 8b 14 24 48 8b [ 1110.378800][T14874] RSP: 002b:00007fd99ca0afc0 EFLAGS: 00010206 [ 1110.384865][T14874] RAX: 0000000000000000 RBX: 00007fd99bd06058 RCX: 0000000000000000 [ 1110.392825][T14874] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000020000100 [ 1110.400786][T14874] RBP: 00007fd99ca0c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1110.408741][T14874] R10: 0000000020000100 R11: 0000000000000000 R12: 0000000000000001 [ 1110.416699][T14874] R13: 000000000000006e R14: 00007fd99bd06058 R15: 00007ffe3749f858 [ 1110.424670][T14874] [ 1110.470701][T14874] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 1110.505178][T14754] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1111.646509][T14754] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1112.348420][T14902] syz.0.2405: attempt to access beyond end of device [ 1112.348420][T14902] nbd0: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 1112.414637][T14915] No control pipe specified [ 1113.166839][T14754] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1113.352768][ T5232] usb 4-1: new full-speed USB device number 52 using dummy_hcd [ 1113.479038][T14754] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1113.624670][ T5232] usb 4-1: config 0 has an invalid interface number: 179 but max is 0 [ 1113.692905][ T5232] usb 4-1: config 0 has no interface number 0 [ 1113.750592][ T5232] usb 4-1: config 0 interface 179 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1113.845605][ T5232] usb 4-1: New USB device found, idVendor=19d2, idProduct=1021, bcdDevice=ec.0d [ 1113.884270][ T5232] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1113.945983][T14754] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1113.978956][T14754] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1114.005249][ T5232] usb 4-1: Product: syz [ 1114.009434][ T5232] usb 4-1: Manufacturer: syz [ 1114.168494][T14754] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1114.200676][T14754] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1114.208840][ T5232] usb 4-1: SerialNumber: syz [ 1115.014807][ T5232] usb 4-1: config 0 descriptor?? [ 1115.063503][ T5232] option 4-1:0.179: GSM modem (1-port) converter detected [ 1115.278480][ T5232] usb 4-1: USB disconnect, device number 52 [ 1115.305914][ T5232] option 4-1:0.179: device disconnected [ 1115.333581][ T943] usb 1-1: new high-speed USB device number 59 using dummy_hcd [ 1115.390833][T14754] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1115.448305][T14754] 8021q: adding VLAN 0 to HW filter on device team0 [ 1115.528871][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 1115.536033][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1115.546546][T14951] syz.4.2416: attempt to access beyond end of device [ 1115.546546][T14951] nbd4: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 1115.561820][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 1115.568967][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1115.579393][ T943] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1115.608758][ T943] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1115.646804][T14955] 9pnet_virtio: no channels available for device 127.0.0.1 [ 1115.704286][ T943] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1115.736609][ T943] usb 1-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 1115.862461][T14754] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1115.882133][ T943] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1115.913767][T14754] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1115.930154][ T943] usb 1-1: config 0 descriptor?? [ 1115.956633][ T943] gspca_main: abcd:cdee too many config [ 1115.996693][ T943] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 1116.022300][ T943] usb 1-1: MIDIStreaming interface descriptor not found [ 1116.100185][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.113369][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.514883][ T5304] usb 1-1: USB disconnect, device number 59 [ 1116.839851][T14976] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2419'. [ 1117.028280][T14754] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1117.105085][T14754] veth0_vlan: entered promiscuous mode [ 1117.134637][T14754] veth1_vlan: entered promiscuous mode [ 1117.177317][T14754] veth0_macvtap: entered promiscuous mode [ 1117.197657][T14754] veth1_macvtap: entered promiscuous mode [ 1117.238212][T14754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1117.290683][T14754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1117.328177][T14754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1117.505672][T14754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1117.562991][T14754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1117.704483][T14754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1117.721434][T14754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1117.761756][T14754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1117.773172][T14754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1117.784000][T14754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1117.796371][T14754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1117.811891][T14754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1117.824733][T14754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1117.852002][T14754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1117.881203][T14754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1117.902440][ T9] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 1117.919611][T14754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1117.962746][T14754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1117.975197][T14754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.009170][T14754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1118.032166][T14754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.099565][ T9] usb 5-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e [ 1118.113122][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1118.119370][T14754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1118.131536][ T9] usb 5-1: Product: syz [ 1118.131561][ T9] usb 5-1: Manufacturer: syz [ 1118.131576][ T9] usb 5-1: SerialNumber: syz [ 1118.160921][ T9] usb 5-1: config 0 descriptor?? [ 1118.173083][T14754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.204769][T14754] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1118.284046][T14754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1118.329403][T14754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.381428][T14754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1118.405415][ T9] mos7840 5-1:0.0: required endpoints missing [ 1118.422403][T14754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.437058][T14754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1118.468085][T14754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.488750][T14754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1118.528916][T14754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1118.555693][T14754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1118.643125][T14754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.326262][T14989] syz.2.2424: attempt to access beyond end of device [ 1119.326262][T14989] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 1119.417240][ T29] audit: type=1804 audit(1722811485.530:220): pid=14983 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.2423" name="/newroot/160/bus/file0" dev="overlay" ino=877 res=1 errno=0 [ 1119.481414][T14754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1119.523638][T14754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.544462][ T5269] usb 5-1: USB disconnect, device number 59 [ 1119.553505][T14754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1119.599574][T14754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.642873][T14754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1119.672440][T14754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.711264][T14754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1119.778366][T14754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.827640][T14754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1119.879431][T14754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.895163][T14754] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1119.913858][T14754] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1119.994795][T14754] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1120.100522][T14754] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1120.128137][T14754] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1120.145071][T14754] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1120.155529][T14754] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1120.794718][ T5522] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1120.998701][ T5522] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1121.130411][ T5521] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1121.575192][ T5521] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1122.350255][ T29] audit: type=1326 audit(1722811488.460:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15022 comm="syz.2.2432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff487f779f9 code=0x7fc00000 [ 1122.663731][T12220] IPVS: starting estimator thread 0... [ 1122.752806][T15055] IPVS: using max 33 ests per chain, 79200 per kthread [ 1124.410304][T15075] No control pipe specified [ 1125.093351][ T9] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 1125.153985][ T5236] Bluetooth: hci4: unexpected event for opcode 0x1003 [ 1127.091371][T15096] FAULT_INJECTION: forcing a failure. [ 1127.091371][T15096] name failslab, interval 1, probability 0, space 0, times 0 [ 1127.105231][T15096] CPU: 0 UID: 0 PID: 15096 Comm: syz.2.2448 Not tainted 6.11.0-rc1-syzkaller-00334-ga5dbd76a8942 #0 [ 1127.116039][T15096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1127.126111][T15096] Call Trace: [ 1127.129417][T15096] [ 1127.132357][T15096] dump_stack_lvl+0x241/0x360 [ 1127.137056][T15096] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1127.142274][T15096] ? __pfx__printk+0x10/0x10 [ 1127.146889][T15096] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 1127.152901][T15096] ? __pfx___might_resched+0x10/0x10 [ 1127.158215][T15096] should_fail_ex+0x3b0/0x4e0 [ 1127.162922][T15096] should_failslab+0xac/0x100 [ 1127.167614][T15096] ? __alloc_skb+0x1c3/0x440 [ 1127.172222][T15096] kmem_cache_alloc_node_noprof+0x71/0x320 [ 1127.178055][T15096] __alloc_skb+0x1c3/0x440 [ 1127.182489][T15096] ? __pfx___alloc_skb+0x10/0x10 [ 1127.187439][T15096] ? __pfx___might_resched+0x10/0x10 [ 1127.192743][T15096] alloc_skb_with_frags+0xc3/0x770 [ 1127.197868][T15096] ? validate_chain+0x11e/0x5900 [ 1127.202834][T15096] sock_alloc_send_pskb+0x91a/0xa60 [ 1127.208067][T15096] ? __lock_acquire+0x137a/0x2040 [ 1127.213106][T15096] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 1127.218841][T15096] ? iov_iter_advance+0x8f/0x1b0 [ 1127.223775][T15096] tun_get_user+0xcf3/0x4720 [ 1127.228357][T15096] ? __lock_acquire+0x137a/0x2040 [ 1127.233372][T15096] ? __pfx_tun_get_user+0x10/0x10 [ 1127.238388][T15096] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1127.243834][T15096] ? tun_get+0x1e/0x2f0 [ 1127.247978][T15096] ? __pfx_lock_release+0x10/0x10 [ 1127.252995][T15096] ? tun_get+0x1e/0x2f0 [ 1127.257138][T15096] ? tun_get+0x27d/0x2f0 [ 1127.261368][T15096] tun_chr_write_iter+0x113/0x1f0 [ 1127.266381][T15096] vfs_write+0xa72/0xc90 [ 1127.270632][T15096] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 1127.276163][T15096] ? __pfx_vfs_write+0x10/0x10 [ 1127.280920][T15096] ksys_write+0x1a0/0x2c0 [ 1127.285233][T15096] ? __pfx_ksys_write+0x10/0x10 [ 1127.290065][T15096] ? do_syscall_64+0x100/0x230 [ 1127.294816][T15096] ? do_syscall_64+0xb6/0x230 [ 1127.299480][T15096] do_syscall_64+0xf3/0x230 [ 1127.303971][T15096] ? clear_bhb_loop+0x35/0x90 [ 1127.308660][T15096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1127.314550][T15096] RIP: 0033:0x7ff487f779f9 [ 1127.318951][T15096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1127.338545][T15096] RSP: 002b:00007ff488ccd048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1127.346949][T15096] RAX: ffffffffffffffda RBX: 00007ff488105f80 RCX: 00007ff487f779f9 [ 1127.354905][T15096] RDX: 000000000000fdef RSI: 0000000020000380 RDI: 0000000000000003 [ 1127.362880][T15096] RBP: 00007ff488ccd0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1127.370846][T15096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1127.378808][T15096] R13: 000000000000000b R14: 00007ff488105f80 R15: 00007fff31615948 [ 1127.386772][T15096] [ 1128.113117][ T9] usb 4-1: device descriptor read/all, error -71 [ 1128.210416][T15115] syz.2.2456 (15115): /proc/15114/oom_adj is deprecated, please use /proc/15114/oom_score_adj instead. [ 1129.212905][ T5236] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 1129.223309][ T5236] Bluetooth: hci4: Injecting HCI hardware error event [ 1129.233783][ T5236] Bluetooth: hci4: hardware error 0x00 [ 1129.589953][T15131] FAULT_INJECTION: forcing a failure. [ 1129.589953][T15131] name failslab, interval 1, probability 0, space 0, times 0 [ 1129.670575][T15133] No control pipe specified [ 1130.412710][T15131] CPU: 1 UID: 0 PID: 15131 Comm: syz.0.2461 Not tainted 6.11.0-rc1-syzkaller-00334-ga5dbd76a8942 #0 [ 1130.423516][T15131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1130.433598][T15131] Call Trace: [ 1130.436888][T15131] [ 1130.439806][T15131] dump_stack_lvl+0x241/0x360 [ 1130.444496][T15131] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1130.449747][T15131] ? __pfx__printk+0x10/0x10 [ 1130.454336][T15131] ? __kmalloc_noprof+0xb0/0x400 [ 1130.459269][T15131] ? __pfx___might_resched+0x10/0x10 [ 1130.464575][T15131] should_fail_ex+0x3b0/0x4e0 [ 1130.469257][T15131] ? security_prepare_creds+0x4c/0x140 [ 1130.474715][T15131] should_failslab+0xac/0x100 [ 1130.479385][T15131] ? security_prepare_creds+0x4c/0x140 [ 1130.484838][T15131] __kmalloc_noprof+0xd8/0x400 [ 1130.489636][T15131] ? prepare_creds+0x31/0x640 [ 1130.494315][T15131] security_prepare_creds+0x4c/0x140 [ 1130.499608][T15131] prepare_creds+0x467/0x640 [ 1130.504201][T15131] do_faccessat+0x339/0xb80 [ 1130.508705][T15131] ? __pfx_do_faccessat+0x10/0x10 [ 1130.513811][T15131] ? do_syscall_64+0x100/0x230 [ 1130.518579][T15131] ? do_syscall_64+0xb6/0x230 [ 1130.523251][T15131] do_syscall_64+0xf3/0x230 [ 1130.527750][T15131] ? clear_bhb_loop+0x35/0x90 [ 1130.532433][T15131] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1130.538344][T15131] RIP: 0033:0x7fd99bb779f9 [ 1130.542762][T15131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1130.562378][T15131] RSP: 002b:00007fd99ca2d048 EFLAGS: 00000246 ORIG_RAX: 00000000000001b7 [ 1130.570794][T15131] RAX: ffffffffffffffda RBX: 00007fd99bd05f80 RCX: 00007fd99bb779f9 [ 1130.578763][T15131] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000004 [ 1130.586724][T15131] RBP: 00007fd99ca2d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1130.594686][T15131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1130.602652][T15131] R13: 000000000000000b R14: 00007fd99bd05f80 R15: 00007ffe3749f858 [ 1130.610629][T15131] [ 1130.613759][ C1] vkms_vblank_simulate: vblank timer overrun [ 1130.613882][ T5493] usb 3-1: new high-speed USB device number 75 using dummy_hcd [ 1130.815943][ T5493] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1130.831534][ T5493] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1130.842828][ T5232] usb 2-1: new full-speed USB device number 40 using dummy_hcd [ 1130.854196][T15132] netlink: 'syz.3.2458': attribute type 3 has an invalid length. [ 1130.895976][ T5493] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1130.920793][T15132] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2458'. [ 1130.936139][ T29] audit: type=1326 audit(1722811497.030:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15138 comm="syz.0.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd99bb779f9 code=0x7ffc0000 [ 1130.978802][ T5493] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1130.980453][ T29] audit: type=1326 audit(1722811497.030:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15138 comm="syz.0.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd99bb779f9 code=0x7ffc0000 [ 1130.998266][ T5493] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1131.039709][ T29] audit: type=1326 audit(1722811497.030:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15138 comm="syz.0.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7fd99bb779f9 code=0x7ffc0000 [ 1131.065121][ T5232] usb 2-1: config 0 has an invalid interface number: 179 but max is 0 [ 1131.081718][ T29] audit: type=1326 audit(1722811497.030:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15138 comm="syz.0.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd99bb779f9 code=0x7ffc0000 [ 1131.092941][ T5232] usb 2-1: config 0 has no interface number 0 [ 1131.104850][ T5493] usb 3-1: config 0 descriptor?? [ 1131.183510][ T5232] usb 2-1: config 0 interface 179 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1131.210708][ T29] audit: type=1326 audit(1722811497.050:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15138 comm="syz.0.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd99bb779f9 code=0x7ffc0000 [ 1131.284757][ T29] audit: type=1326 audit(1722811497.050:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15138 comm="syz.0.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd99bb779f9 code=0x7ffc0000 [ 1131.316652][ T29] audit: type=1326 audit(1722811497.050:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15138 comm="syz.0.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd99bb779f9 code=0x7ffc0000 [ 1131.377252][ T5236] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1131.382811][ T29] audit: type=1326 audit(1722811497.070:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15138 comm="syz.0.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=113 compat=0 ip=0x7fd99bb779f9 code=0x7ffc0000 [ 1131.413312][ T5232] usb 2-1: New USB device found, idVendor=19d2, idProduct=1021, bcdDevice=ec.0d [ 1131.459682][ T5232] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1131.478416][ T5232] usb 2-1: Product: syz [ 1131.531755][ T5232] usb 2-1: Manufacturer: syz [ 1131.561280][ T5493] plantronics 0003:047F:FFFF.000F: ignoring exceeding usage max [ 1131.572096][ T5493] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving [ 1131.603405][ T5493] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1131.616062][ T29] audit: type=1326 audit(1722811497.070:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15138 comm="syz.0.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd99bb779f9 code=0x7ffc0000 [ 1131.649234][ T5232] usb 2-1: SerialNumber: syz [ 1131.702882][ T29] audit: type=1326 audit(1722811497.070:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15138 comm="syz.0.2462" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd99bb779f9 code=0x7ffc0000 [ 1131.762896][ T5232] usb 2-1: config 0 descriptor?? [ 1131.806711][ T5232] option 2-1:0.179: GSM modem (1-port) converter detected [ 1132.140551][T15160] netlink: 'syz.3.2467': attribute type 3 has an invalid length. [ 1132.148574][T15160] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2467'. [ 1132.662600][ C0] hrtimer: interrupt took 46914 ns [ 1132.973288][ T5269] usb 1-1: new high-speed USB device number 61 using dummy_hcd [ 1133.110795][ T5232] usb 2-1: USB disconnect, device number 40 [ 1133.124571][T15169] rdma_rxe: rxe_newlink: failed to add lo [ 1133.186684][ T5232] option 2-1:0.179: device disconnected [ 1133.306886][ T5269] usb 1-1: config 0 has an invalid interface number: 125 but max is 0 [ 1133.397807][ T5269] usb 1-1: config 0 has no interface number 0 [ 1133.477242][ T5269] usb 1-1: New USB device found, idVendor=0403, idProduct=bcd9, bcdDevice=94.33 [ 1133.517955][ T5269] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1133.556797][T15174] 9pnet_fd: Insufficient options for proto=fd [ 1133.569600][ T5269] usb 1-1: config 0 descriptor?? [ 1133.597317][ T5269] ftdi_sio 1-1:0.125: FTDI USB Serial Device converter detected [ 1133.627699][ T5269] ftdi_sio ttyUSB0: unknown device type: 0x9433 [ 1133.828028][ T5269] usb 1-1: USB disconnect, device number 61 [ 1133.839060][ T9448] usb 3-1: USB disconnect, device number 75 [ 1133.866284][ T5269] ftdi_sio 1-1:0.125: device disconnected [ 1135.486620][T15207] No control pipe specified [ 1136.375962][ T5268] usb 1-1: new full-speed USB device number 62 using dummy_hcd [ 1136.656624][ T5268] usb 1-1: config 0 has an invalid interface number: 179 but max is 0 [ 1136.690600][ T5268] usb 1-1: config 0 has no interface number 0 [ 1136.726011][ T5268] usb 1-1: config 0 interface 179 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1136.744873][T15227] Invalid/unusable pipe [ 1136.827019][ T5268] usb 1-1: New USB device found, idVendor=19d2, idProduct=1021, bcdDevice=ec.0d [ 1136.852775][ T5267] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 1136.892486][T15230] 9pnet_fd: Insufficient options for proto=fd [ 1136.930342][ T5268] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1136.974708][ T5268] usb 1-1: Product: syz [ 1137.000376][ T5268] usb 1-1: Manufacturer: syz [ 1137.024142][ T5268] usb 1-1: SerialNumber: syz [ 1137.045009][ T5268] usb 1-1: config 0 descriptor?? [ 1137.081624][T15232] sg_read: process 582 (syz.4.2489) changed security contexts after opening file descriptor, this is not allowed. [ 1137.102260][ T5268] option 1-1:0.179: GSM modem (1-port) converter detected [ 1137.142853][ T5267] usb 4-1: Using ep0 maxpacket: 8 [ 1137.252715][ T5269] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 1137.268956][ T5267] usb 4-1: New USB device found, idVendor=04e6, idProduct=000a, bcdDevice= 2.00 [ 1137.315020][ T5267] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1137.341361][ T5267] usb 4-1: Product: syz [ 1137.367812][ T5267] usb 4-1: Manufacturer: syz [ 1137.372450][ T5267] usb 4-1: SerialNumber: syz [ 1137.440331][ T5267] usb 4-1: config 0 descriptor?? [ 1137.462851][ T5269] usb 2-1: config 0 has an invalid interface number: 125 but max is 0 [ 1137.560819][ T5267] usb-storage 4-1:0.0: USB Mass Storage device detected [ 1137.586432][ T5269] usb 2-1: config 0 has no interface number 0 [ 1137.630587][ T5269] usb 2-1: New USB device found, idVendor=0403, idProduct=bcd9, bcdDevice=94.33 [ 1137.719947][ T5269] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1137.811570][ T5269] usb 2-1: config 0 descriptor?? [ 1137.878612][ T5269] ftdi_sio 2-1:0.125: FTDI USB Serial Device converter detected [ 1137.885075][ T5493] usb 4-1: USB disconnect, device number 55 [ 1137.916938][ T5269] ftdi_sio ttyUSB1: unknown device type: 0x9433 [ 1138.103308][ T943] usb 2-1: USB disconnect, device number 41 [ 1138.124584][ T943] ftdi_sio 2-1:0.125: device disconnected [ 1138.312966][ T9448] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 1138.397467][ T943] usb 1-1: USB disconnect, device number 62 [ 1138.414153][ T943] option 1-1:0.179: device disconnected [ 1138.579640][ T29] kauditd_printk_skb: 18 callbacks suppressed [ 1138.579651][ T29] audit: type=1326 audit(1722811504.690:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15252 comm="syz.2.2496" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff487f779f9 code=0x0 [ 1138.609944][ T9448] usb 5-1: Using ep0 maxpacket: 32 [ 1138.633098][ T9448] usb 5-1: config 0 has no interfaces? [ 1138.664342][ T9448] usb 5-1: New USB device found, idVendor=0cf3, idProduct=1002, bcdDevice=fe.9c [ 1138.685794][ T9448] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1138.705630][ T9448] usb 5-1: Product: syz [ 1138.711217][ T9448] usb 5-1: Manufacturer: syz [ 1138.719898][ T9448] usb 5-1: SerialNumber: syz [ 1138.737252][ T9448] usb 5-1: config 0 descriptor?? [ 1138.800613][T15263] syz.3.2497: attempt to access beyond end of device [ 1138.800613][T15263] nbd3: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 1138.949931][T15250] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1138.959058][T15250] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1141.690473][ T9448] usb 5-1: USB disconnect, device number 60 [ 1147.200823][T15313] syz.2.2509: attempt to access beyond end of device [ 1147.200823][T15313] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 1147.482781][ T5493] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 1147.693012][ T5493] usb 4-1: Using ep0 maxpacket: 8 [ 1147.706457][ T5493] usb 4-1: New USB device found, idVendor=04e6, idProduct=000a, bcdDevice= 2.00 [ 1147.725321][T15330] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2511'. [ 1147.736543][ T5493] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1147.773739][ T5493] usb 4-1: Product: syz [ 1147.923721][ T29] audit: type=1326 audit(1722811514.010:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15336 comm="syz.4.2513" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd135b779f9 code=0x0 [ 1147.953040][ T5493] usb 4-1: Manufacturer: syz [ 1147.963615][ T5493] usb 4-1: SerialNumber: syz [ 1147.972125][ T5493] usb 4-1: config 0 descriptor?? [ 1147.984923][ T5493] usb-storage 4-1:0.0: USB Mass Storage device detected [ 1148.268252][ T5493] usb 4-1: USB disconnect, device number 56 [ 1148.568008][T15348] rdma_rxe: rxe_newlink: failed to add lo [ 1151.126821][T15386] FAULT_INJECTION: forcing a failure. [ 1151.126821][T15386] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1151.152802][T15386] CPU: 1 UID: 0 PID: 15386 Comm: syz.0.2528 Not tainted 6.11.0-rc1-syzkaller-00334-ga5dbd76a8942 #0 [ 1151.163580][T15386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1151.173635][T15386] Call Trace: [ 1151.176900][T15386] [ 1151.179816][T15386] dump_stack_lvl+0x241/0x360 [ 1151.184491][T15386] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1151.189678][T15386] ? __pfx__printk+0x10/0x10 [ 1151.194268][T15386] should_fail_ex+0x3b0/0x4e0 [ 1151.198931][T15386] _copy_from_user+0x2f/0xe0 [ 1151.203512][T15386] bpf_test_init+0x11f/0x180 [ 1151.208090][T15386] bpf_prog_test_run_xdp+0x48e/0x11b0 [ 1151.213450][T15386] ? __pfx_lock_acquire+0x10/0x10 [ 1151.218481][T15386] ? __pfx_lock_release+0x10/0x10 [ 1151.223523][T15386] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 1151.229320][T15386] ? __fget_files+0x29/0x470 [ 1151.233899][T15386] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 1151.239692][T15386] bpf_prog_test_run+0x33a/0x3b0 [ 1151.244622][T15386] __sys_bpf+0x48d/0x810 [ 1151.248849][T15386] ? __pfx___sys_bpf+0x10/0x10 [ 1151.253602][T15386] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1151.259567][T15386] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1151.265878][T15386] ? do_syscall_64+0x100/0x230 [ 1151.270631][T15386] __x64_sys_bpf+0x7c/0x90 [ 1151.275033][T15386] do_syscall_64+0xf3/0x230 [ 1151.279522][T15386] ? clear_bhb_loop+0x35/0x90 [ 1151.284187][T15386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1151.290074][T15386] RIP: 0033:0x7fd99bb779f9 [ 1151.294482][T15386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1151.314078][T15386] RSP: 002b:00007fd99ca2d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1151.322487][T15386] RAX: ffffffffffffffda RBX: 00007fd99bd05f80 RCX: 00007fd99bb779f9 [ 1151.330447][T15386] RDX: 0000000000000050 RSI: 0000000020000240 RDI: 000000000000000a [ 1151.338402][T15386] RBP: 00007fd99ca2d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1151.346357][T15386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1151.354333][T15386] R13: 000000000000000b R14: 00007fd99bd05f80 R15: 00007ffe3749f858 [ 1151.362296][T15386] [ 1151.365327][ C1] vkms_vblank_simulate: vblank timer overrun [ 1151.425829][T15387] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2526'. [ 1151.439189][T15387] rdma_rxe: rxe_newlink: failed to add lo [ 1152.356555][T15389] 9pnet_fd: Insufficient options for proto=fd [ 1152.414651][T15394] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2525'. [ 1152.440763][T15394] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 1152.625362][T15394] x_tables: unsorted underflow at hook 2 [ 1152.789744][ T5493] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 1152.819706][T15402] syz0: rxe_newlink: already configured on lo [ 1152.982826][ T5493] usb 5-1: Using ep0 maxpacket: 8 [ 1153.035162][ T5493] usb 5-1: New USB device found, idVendor=04e6, idProduct=000a, bcdDevice= 2.00 [ 1153.070267][ T5493] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1153.121980][ T5493] usb 5-1: Product: syz [ 1153.141709][ T5493] usb 5-1: Manufacturer: syz [ 1153.158191][ T5493] usb 5-1: SerialNumber: syz [ 1153.181378][ T5493] usb 5-1: config 0 descriptor?? [ 1153.240459][ T5493] usb-storage 5-1:0.0: USB Mass Storage device detected [ 1153.483158][ T29] audit: type=1326 audit(1722811519.590:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15406 comm="syz.1.2532" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff332f779f9 code=0x0 [ 1153.612784][ T9448] usb 3-1: new high-speed USB device number 76 using dummy_hcd [ 1153.809077][T15416] 9pnet_fd: Insufficient options for proto=fd [ 1153.830133][ T9448] usb 3-1: config 0 has an invalid interface number: 125 but max is 0 [ 1153.863690][ T9448] usb 3-1: config 0 has no interface number 0 [ 1153.908350][ T9448] usb 3-1: New USB device found, idVendor=0403, idProduct=bcd9, bcdDevice=94.33 [ 1153.958772][ T5493] usb 5-1: USB disconnect, device number 61 [ 1153.975265][ T9448] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1154.029727][ T9448] usb 3-1: config 0 descriptor?? [ 1154.061585][ T9448] ftdi_sio 3-1:0.125: FTDI USB Serial Device converter detected [ 1154.089643][ T9448] ftdi_sio ttyUSB0: unknown device type: 0x9433 [ 1155.468687][ T9448] usb 3-1: USB disconnect, device number 76 [ 1155.580542][ T9448] ftdi_sio 3-1:0.125: device disconnected [ 1155.724066][T15439] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2543'. [ 1155.733467][T15439] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 1155.800740][T15439] x_tables: unsorted underflow at hook 2 [ 1156.243211][T15448] rdma_rxe: rxe_newlink: failed to add lo [ 1156.332843][ T9448] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 1156.536010][T15450] 9pnet_virtio: no channels available for device 127.0.0.1 [ 1156.552808][ T9448] usb 2-1: Using ep0 maxpacket: 16 [ 1156.609422][ T9448] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1156.662748][ T9448] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1156.693649][ T9448] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1156.744042][ T9448] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1156.773320][ T9448] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1156.801810][ T9448] usb 2-1: config 0 descriptor?? [ 1157.106670][T15460] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2548'. [ 1157.148955][T15460] syz0: rxe_newlink: already configured on lo [ 1157.169849][T15460] infiniband syz0: set active [ 1157.799452][ T29] audit: type=1326 audit(1722811523.910:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15451 comm="syz.4.2547" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd135b779f9 code=0x0 [ 1157.838054][ T9] lo speed is unknown, defaulting to 1000 [ 1157.923911][T15463] 9pnet_fd: Insufficient options for proto=fd [ 1159.135914][T15469] sctp: [Deprecated]: syz.3.2550 (pid 15469) Use of int in maxseg socket option. [ 1159.135914][T15469] Use struct sctp_assoc_value instead [ 1159.159156][T15442] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1159.223345][T15442] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1159.308499][ T9448] microsoft 0003:045E:07DA.0010: unknown main item tag 0x0 [ 1159.329759][ T9448] microsoft 0003:045E:07DA.0010: unknown main item tag 0x0 [ 1159.344873][ T9448] microsoft 0003:045E:07DA.0010: unknown main item tag 0x0 [ 1159.366888][ T9448] microsoft 0003:045E:07DA.0010: unknown main item tag 0x0 [ 1159.377404][ T9448] microsoft 0003:045E:07DA.0010: unknown main item tag 0x0 [ 1159.387671][ T9448] microsoft 0003:045E:07DA.0010: unknown main item tag 0x0 [ 1159.441230][ T9448] microsoft 0003:045E:07DA.0010: unknown main item tag 0x0 [ 1159.464144][T15469] FAULT_INJECTION: forcing a failure. [ 1159.464144][T15469] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1159.480303][ T9448] microsoft 0003:045E:07DA.0010: unknown main item tag 0x0 [ 1159.500485][T15482] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2553'. [ 1159.513255][ T9448] microsoft 0003:045E:07DA.0010: unknown main item tag 0x0 [ 1159.532487][ T9448] microsoft 0003:045E:07DA.0010: unknown main item tag 0x0 [ 1159.599986][T15469] CPU: 1 UID: 0 PID: 15469 Comm: syz.3.2550 Not tainted 6.11.0-rc1-syzkaller-00334-ga5dbd76a8942 #0 [ 1159.610777][T15469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1159.620826][T15469] Call Trace: [ 1159.624103][T15469] [ 1159.627033][T15469] dump_stack_lvl+0x241/0x360 [ 1159.631704][T15469] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1159.636895][T15469] ? __pfx__printk+0x10/0x10 [ 1159.641475][T15469] ? snprintf+0xda/0x120 [ 1159.645706][T15469] should_fail_ex+0x3b0/0x4e0 [ 1159.650368][T15469] _copy_to_user+0x2f/0xb0 [ 1159.654772][T15469] simple_read_from_buffer+0xca/0x150 [ 1159.660134][T15469] proc_fail_nth_read+0x1e9/0x250 [ 1159.665149][T15469] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1159.670684][T15469] ? rw_verify_area+0x520/0x6b0 [ 1159.675522][T15469] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1159.681052][T15469] vfs_read+0x204/0xbc0 [ 1159.685188][T15469] ? __pfx_lock_release+0x10/0x10 [ 1159.690199][T15469] ? __pfx_vfs_read+0x10/0x10 [ 1159.694859][T15469] ? __fget_files+0x29/0x470 [ 1159.699432][T15469] ? __fget_files+0x3f6/0x470 [ 1159.704100][T15469] ksys_read+0x1a0/0x2c0 [ 1159.708326][T15469] ? __pfx_ksys_read+0x10/0x10 [ 1159.713072][T15469] ? do_syscall_64+0x100/0x230 [ 1159.717840][T15469] ? do_syscall_64+0xb6/0x230 [ 1159.722526][T15469] do_syscall_64+0xf3/0x230 [ 1159.727017][T15469] ? clear_bhb_loop+0x35/0x90 [ 1159.731675][T15469] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1159.737557][T15469] RIP: 0033:0x7f3e06d7643c [ 1159.741954][T15469] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 1159.761546][T15469] RSP: 002b:00007f3e07b23040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1159.770119][T15469] RAX: ffffffffffffffda RBX: 00007f3e06f06058 RCX: 00007f3e06d7643c [ 1159.778073][T15469] RDX: 000000000000000f RSI: 00007f3e07b230b0 RDI: 000000000000000b [ 1159.786028][T15469] RBP: 00007f3e07b230a0 R08: 0000000000000000 R09: 0000000000000000 [ 1159.793982][T15469] R10: 0000000020000380 R11: 0000000000000246 R12: 0000000000000001 [ 1159.802018][T15469] R13: 000000000000006e R14: 00007f3e06f06058 R15: 00007ffd8c4b5018 [ 1159.809982][T15469] [ 1159.826387][ T9448] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0010/input/input22 [ 1159.850379][ T9448] microsoft 0003:045E:07DA.0010: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 1159.890698][ T9448] usb 2-1: USB disconnect, device number 42 [ 1160.258394][ T29] audit: type=1326 audit(1722811526.370:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15484 comm="syz.0.2556" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd99bb779f9 code=0x0 [ 1161.865219][ T5493] usb 1-1: new high-speed USB device number 63 using dummy_hcd [ 1161.885946][T15511] lo speed is unknown, defaulting to 1000 [ 1162.086127][ T5493] usb 1-1: Using ep0 maxpacket: 8 [ 1162.105401][ T5493] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 1162.128406][ T5493] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1162.206064][ T5493] usb 1-1: config 0 descriptor?? [ 1164.972909][ T5493] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 1165.015509][ T5493] asix 1-1:0.0: probe with driver asix failed with error -71 [ 1165.048498][ T5493] usb 1-1: USB disconnect, device number 63 [ 1165.180578][T15525] 9pnet_fd: Insufficient options for proto=fd [ 1165.720714][ T5268] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 1165.887519][T15511] lo speed is unknown, defaulting to 1000 [ 1166.002782][ T5268] usb 5-1: Using ep0 maxpacket: 32 [ 1166.026600][ T5268] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 52, changing to 7 [ 1166.147048][ T5268] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid maxpacket 9272, setting to 1024 [ 1166.190223][ T5268] usb 5-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=cb.c8 [ 1166.214422][ T5268] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1166.267547][ T5268] usb 5-1: Product: syz [ 1166.302800][ T5268] usb 5-1: Manufacturer: syz [ 1166.310204][ T5268] usb 5-1: SerialNumber: syz [ 1166.349455][ T5268] usb 5-1: config 0 descriptor?? [ 1167.714837][T15546] lo speed is unknown, defaulting to 1000 [ 1167.857555][T15546] lo speed is unknown, defaulting to 1000 [ 1168.098692][ T5493] usb 5-1: USB disconnect, device number 62 [ 1169.152083][ T29] audit: type=1326 audit(1722811535.260:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15574 comm="syz.4.2578" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd135b779f9 code=0x0 [ 1169.889020][T15588] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2581'. [ 1169.902060][T15588] syz0: rxe_newlink: already configured on lo [ 1169.909773][T15588] infiniband syz0: set active [ 1171.363040][ T943] lo speed is unknown, defaulting to 1000 [ 1172.084157][T15605] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2584'. [ 1172.120361][T15605] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2584'. [ 1172.464856][T15615] FAULT_INJECTION: forcing a failure. [ 1172.464856][T15615] name failslab, interval 1, probability 0, space 0, times 0 [ 1172.509197][T15615] CPU: 0 UID: 0 PID: 15615 Comm: syz.0.2588 Not tainted 6.11.0-rc1-syzkaller-00334-ga5dbd76a8942 #0 [ 1172.520022][T15615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1172.530071][T15615] Call Trace: [ 1172.533338][T15615] [ 1172.536253][T15615] dump_stack_lvl+0x241/0x360 [ 1172.540923][T15615] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1172.546107][T15615] ? __pfx__printk+0x10/0x10 [ 1172.550682][T15615] ? __kmalloc_noprof+0xb0/0x400 [ 1172.555603][T15615] ? __pfx___might_resched+0x10/0x10 [ 1172.560876][T15615] should_fail_ex+0x3b0/0x4e0 [ 1172.565543][T15615] ? sctp_auth_asoc_create_secret+0xba/0xa80 [ 1172.571506][T15615] should_failslab+0xac/0x100 [ 1172.576166][T15615] ? sctp_auth_asoc_create_secret+0xba/0xa80 [ 1172.582127][T15615] __kmalloc_noprof+0xd8/0x400 [ 1172.586878][T15615] sctp_auth_asoc_create_secret+0xba/0xa80 [ 1172.592673][T15615] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1172.598988][T15615] sctp_auth_asoc_init_active_key+0x160/0x730 [ 1172.605041][T15615] ? sctp_setsockopt+0x203/0x11c0 [ 1172.610050][T15615] sctp_auth_set_active_key+0x1cf/0x310 [ 1172.615608][T15615] sctp_setsockopt+0x721/0x11c0 [ 1172.620457][T15615] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 1172.626341][T15615] do_sock_setsockopt+0x3af/0x720 [ 1172.631354][T15615] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 1172.636884][T15615] ? __fget_files+0x29/0x470 [ 1172.641457][T15615] ? __fget_files+0x3f6/0x470 [ 1172.646122][T15615] __sys_setsockopt+0x1ae/0x250 [ 1172.650956][T15615] __x64_sys_setsockopt+0xb5/0xd0 [ 1172.655963][T15615] do_syscall_64+0xf3/0x230 [ 1172.660450][T15615] ? clear_bhb_loop+0x35/0x90 [ 1172.665113][T15615] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1172.670995][T15615] RIP: 0033:0x7fd99bb779f9 [ 1172.675394][T15615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1172.694983][T15615] RSP: 002b:00007fd99ca2d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1172.703379][T15615] RAX: ffffffffffffffda RBX: 00007fd99bd05f80 RCX: 00007fd99bb779f9 [ 1172.711329][T15615] RDX: 0000000000000018 RSI: 0000000000000084 RDI: 0000000000000003 [ 1172.719285][T15615] RBP: 00007fd99ca2d0a0 R08: 0000000000000008 R09: 0000000000000000 [ 1172.727245][T15615] R10: 0000000020000340 R11: 0000000000000246 R12: 0000000000000001 [ 1172.735208][T15615] R13: 000000000000000b R14: 00007fd99bd05f80 R15: 00007ffe3749f858 [ 1172.743174][T15615] [ 1173.327470][ T29] audit: type=1326 audit(1722811539.440:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15628 comm="syz.4.2595" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd135b779f9 code=0x0 [ 1173.422782][ T9] usb 1-1: new high-speed USB device number 64 using dummy_hcd [ 1173.594545][ T943] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 1173.632887][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 1173.661626][ T9] usb 1-1: New USB device found, idVendor=04e6, idProduct=000a, bcdDevice= 2.00 [ 1173.833207][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1173.917321][ T9] usb 1-1: Product: syz [ 1173.935750][ T943] usb 3-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=a0.b5 [ 1173.951891][ T9] usb 1-1: Manufacturer: syz [ 1173.964933][ T9] usb 1-1: SerialNumber: syz [ 1173.974563][ T943] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1174.063209][ T9] usb 1-1: config 0 descriptor?? [ 1174.082035][ T943] usb 3-1: config 0 descriptor?? [ 1174.090152][ T9] usb-storage 1-1:0.0: USB Mass Storage device detected [ 1174.174364][T15643] 9pnet_virtio: no channels available for device 127.0.0.1 [ 1174.493121][T11750] Bluetooth: hci8: command 0x0405 tx timeout [ 1174.525748][ T943] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 1174.540795][ T943] asix 3-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 1174.558920][ T943] asix 3-1:0.0: probe with driver asix failed with error -71 [ 1174.605351][ T943] usb 3-1: USB disconnect, device number 77 [ 1174.807798][T15652] xt_limit: Overflow, try lower: 4294967295/4294966784 [ 1174.821397][ T9] usb 1-1: USB disconnect, device number 64 [ 1176.670876][T15671] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2605'. [ 1177.459824][T15685] 9pnet_virtio: no channels available for device 127.0.0.1 [ 1177.544360][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.550696][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 1178.530205][T15698] No control pipe specified [ 1178.907543][T15689] netlink: 'syz.2.2611': attribute type 3 has an invalid length. [ 1178.916208][T15689] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2611'. [ 1178.989655][T15704] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2614'. [ 1179.072773][ T47] usb 4-1: new full-speed USB device number 57 using dummy_hcd [ 1179.232871][ T9] usb 1-1: new high-speed USB device number 65 using dummy_hcd [ 1179.314027][ T47] usb 4-1: config 0 has an invalid interface number: 179 but max is 0 [ 1179.322412][ T47] usb 4-1: config 0 has no interface number 0 [ 1179.433105][ T47] usb 4-1: config 0 interface 179 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1179.448501][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 1179.498721][ T9] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 1179.522783][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1179.529999][ T47] usb 4-1: New USB device found, idVendor=19d2, idProduct=1021, bcdDevice=ec.0d [ 1179.543978][ T9] usb 1-1: Product: syz [ 1179.567427][ T9] usb 1-1: Manufacturer: syz [ 1179.571854][ T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1179.580571][ T9] usb 1-1: SerialNumber: syz [ 1179.600240][ T9] usb 1-1: config 0 descriptor?? [ 1179.620733][ T9] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 1179.639002][ T47] usb 4-1: Product: syz [ 1179.672118][ T47] usb 4-1: Manufacturer: syz [ 1179.682984][ T47] usb 4-1: SerialNumber: syz [ 1179.741189][ T47] usb 4-1: config 0 descriptor?? [ 1179.922311][ T9] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1179.926789][ T47] option 4-1:0.179: GSM modem (1-port) converter detected [ 1180.241251][T15726] 9pnet_virtio: no channels available for device 127.0.0.1 [ 1180.318163][ T9] usb 1-1: USB disconnect, device number 65 [ 1180.992874][ T943] usb 3-1: new high-speed USB device number 78 using dummy_hcd [ 1181.205193][ T943] usb 3-1: device descriptor read/64, error -71 [ 1181.273761][T12220] usb 4-1: USB disconnect, device number 57 [ 1181.294464][T12220] option 4-1:0.179: device disconnected [ 1181.461811][T15745] netem: incorrect ge model size [ 1181.469377][T15745] netem: change failed [ 1181.542723][ T943] usb 3-1: new high-speed USB device number 79 using dummy_hcd [ 1181.712941][ T943] usb 3-1: device descriptor read/64, error -71 [ 1181.855040][ T943] usb usb3-port1: attempt power cycle [ 1182.293775][ T943] usb 3-1: new high-speed USB device number 80 using dummy_hcd [ 1182.353341][ T943] usb 3-1: device descriptor read/8, error -71 [ 1182.665291][ T943] usb 3-1: new high-speed USB device number 81 using dummy_hcd [ 1182.735617][ T943] usb 3-1: device descriptor read/8, error -71 [ 1182.863134][ T943] usb usb3-port1: unable to enumerate USB device [ 1183.448403][T15775] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2637'. [ 1183.477837][T15775] rdma_rxe: rxe_newlink: failed to add lo [ 1184.067398][ T5268] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 1184.362698][ T5268] usb 5-1: device descriptor read/64, error -71 [ 1184.605538][T15784] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2641'. [ 1184.618513][T15784] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 1184.759953][T12220] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 1184.965156][ T5268] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 1185.762732][T12220] usb 2-1: Using ep0 maxpacket: 8 [ 1185.783201][T12220] usb 2-1: New USB device found, idVendor=04e6, idProduct=000a, bcdDevice= 2.00 [ 1185.807800][T12220] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1185.839128][T12220] usb 2-1: Product: syz [ 1185.843434][T12220] usb 2-1: Manufacturer: syz [ 1185.848042][T12220] usb 2-1: SerialNumber: syz [ 1185.862754][ T5268] usb 5-1: device descriptor read/64, error -71 [ 1185.869074][T12220] usb 2-1: config 0 descriptor?? [ 1185.902312][T12220] usb-storage 2-1:0.0: USB Mass Storage device detected [ 1186.083128][ T5268] usb usb5-port1: attempt power cycle [ 1186.323388][ T29] audit: type=1326 audit(1722811552.400:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15796 comm="syz.0.2644" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd99bb779f9 code=0x0 [ 1186.499410][ T47] usb 2-1: USB disconnect, device number 43 [ 1186.652902][T15807] vivid-004: ================= START STATUS ================= [ 1186.661281][T15807] vivid-004: Radio HW Seek Mode: Bounded [ 1186.668937][T15807] vivid-004: Radio Programmable HW Seek: false [ 1186.675404][T15807] vivid-004: RDS Rx I/O Mode: Block I/O [ 1186.681093][T15807] vivid-004: Generate RBDS Instead of RDS: false [ 1186.687657][T15807] vivid-004: RDS Reception: true [ 1186.692809][T15807] vivid-004: RDS Program Type: 0 inactive [ 1186.698703][T15807] vivid-004: RDS PS Name: inactive [ 1186.704116][T15807] vivid-004: RDS Radio Text: inactive [ 1186.709743][T15807] vivid-004: RDS Traffic Announcement: false inactive [ 1186.716732][T15807] vivid-004: RDS Traffic Program: false inactive [ 1186.723288][T15807] vivid-004: RDS Music: false inactive [ 1186.728904][T15807] vivid-004: ================== END STATUS ================== [ 1188.561787][T15834] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2653'. [ 1188.579322][T15834] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 1189.248717][T15844] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2654'. [ 1189.277622][T15844] rdma_rxe: rxe_newlink: failed to add lo [ 1192.334889][ T29] audit: type=1326 audit(1722811558.450:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=15870 comm="syz.2.2663" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff487f779f9 code=0x0 [ 1192.518895][T15882] FAULT_INJECTION: forcing a failure. [ 1192.518895][T15882] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1192.555336][T15882] CPU: 0 UID: 0 PID: 15882 Comm: syz.1.2666 Not tainted 6.11.0-rc1-syzkaller-00334-ga5dbd76a8942 #0 [ 1192.566219][T15882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1192.576355][T15882] Call Trace: [ 1192.579638][T15882] [ 1192.582609][T15882] dump_stack_lvl+0x241/0x360 [ 1192.587334][T15882] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1192.592528][T15882] ? __pfx__printk+0x10/0x10 [ 1192.597114][T15882] ? snprintf+0xda/0x120 [ 1192.601341][T15882] should_fail_ex+0x3b0/0x4e0 [ 1192.606014][T15882] _copy_to_user+0x2f/0xb0 [ 1192.610421][T15882] simple_read_from_buffer+0xca/0x150 [ 1192.615785][T15882] proc_fail_nth_read+0x1e9/0x250 [ 1192.620798][T15882] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1192.626338][T15882] ? rw_verify_area+0x520/0x6b0 [ 1192.631176][T15882] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1192.636708][T15882] vfs_read+0x204/0xbc0 [ 1192.640844][T15882] ? __pfx_lock_release+0x10/0x10 [ 1192.645857][T15882] ? __pfx_vfs_read+0x10/0x10 [ 1192.650528][T15882] ? __fget_files+0x29/0x470 [ 1192.655110][T15882] ? __fget_files+0x3f6/0x470 [ 1192.659786][T15882] ksys_read+0x1a0/0x2c0 [ 1192.664015][T15882] ? __pfx_ksys_read+0x10/0x10 [ 1192.668760][T15882] ? do_syscall_64+0x100/0x230 [ 1192.673514][T15882] ? do_syscall_64+0xb6/0x230 [ 1192.678178][T15882] do_syscall_64+0xf3/0x230 [ 1192.682669][T15882] ? clear_bhb_loop+0x35/0x90 [ 1192.687331][T15882] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1192.693231][T15882] RIP: 0033:0x7ff332f7643c [ 1192.697641][T15882] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 1192.717230][T15882] RSP: 002b:00007ff333c95040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1192.725715][T15882] RAX: ffffffffffffffda RBX: 00007ff333105f80 RCX: 00007ff332f7643c [ 1192.733670][T15882] RDX: 000000000000000f RSI: 00007ff333c950b0 RDI: 0000000000000004 [ 1192.741622][T15882] RBP: 00007ff333c950a0 R08: 0000000000000000 R09: 0000000000000000 [ 1192.749572][T15882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1192.757525][T15882] R13: 000000000000000b R14: 00007ff333105f80 R15: 00007fff0805bd78 [ 1192.765489][T15882] [ 1194.300643][T15905] trusted_key: encrypted_key: insufficient parameters specified [ 1195.070337][T15905] trusted_key: encrypted_key: insufficient parameters specified [ 1195.078545][T15905] trusted_key: encrypted_key: insufficient parameters specified [ 1195.086750][T15905] trusted_key: encrypted_key: insufficient parameters specified [ 1195.104840][T15905] trusted_key: encrypted_key: insufficient parameters specified [ 1195.373122][T15905] trusted_key: encrypted_key: insufficient parameters specified [ 1196.160848][T15905] trusted_key: encrypted_key: insufficient parameters specified [ 1196.208866][T15919] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1196.226281][T15919] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1196.304319][T15904] trusted_key: encrypted_key: insufficient parameters specified [ 1196.790741][T15933] rdma_rxe: rxe_newlink: failed to add lo [ 1201.753396][T15943] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2683'. [ 1201.776385][T15943] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 1202.003088][T15943] x_tables: unsorted underflow at hook 2 [ 1203.465959][T15964] 9pnet_fd: Insufficient options for proto=fd [ 1203.839810][T15963] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2688'. [ 1204.299474][T15980] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2693'. [ 1204.321749][T15980] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 1204.810432][ T5236] block nbd0: Receive control failed (result -32) [ 1204.826421][T15974] block nbd0: shutting down sockets [ 1208.706240][T11750] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 1208.721071][T11750] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 1208.730343][T16007] syz0: rxe_newlink: already configured on lo [ 1208.736947][T11750] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 1208.748368][T11750] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 1208.756124][T11750] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 1208.764383][T11750] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 1209.206050][T16010] lo speed is unknown, defaulting to 1000 [ 1209.545151][T16028] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2705'. [ 1210.914527][ T5236] Bluetooth: hci11: command tx timeout [ 1211.600467][T16038] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2709'. [ 1211.610087][T16038] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 1211.631136][T16041] 9pnet_fd: Insufficient options for proto=fd [ 1211.681043][T16010] lo speed is unknown, defaulting to 1000 [ 1212.443709][T16028] rdma_rxe: rxe_newlink: failed to add lo [ 1213.343150][ T5236] Bluetooth: hci11: command tx timeout [ 1213.828127][T16055] rdma_rxe: rxe_newlink: failed to add lo [ 1214.134817][ T5522] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1214.369534][T16054] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2711'. [ 1219.029109][T11750] Bluetooth: hci11: command tx timeout [ 1219.318569][ T5522] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1219.392213][ T5522] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1219.499870][T16010] chnl_net:caif_netlink_parms(): no params data found [ 1219.514470][T16067] FAULT_INJECTION: forcing a failure. [ 1219.514470][T16067] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1219.594003][T16067] CPU: 0 UID: 0 PID: 16067 Comm: syz.4.2716 Not tainted 6.11.0-rc1-syzkaller-00334-ga5dbd76a8942 #0 [ 1219.604820][T16067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1219.614890][T16067] Call Trace: [ 1219.618165][T16067] [ 1219.621091][T16067] dump_stack_lvl+0x241/0x360 [ 1219.625765][T16067] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1219.630947][T16067] ? __pfx__printk+0x10/0x10 [ 1219.635525][T16067] should_fail_ex+0x3b0/0x4e0 [ 1219.640185][T16067] _copy_from_user+0x2f/0xe0 [ 1219.644759][T16067] bpf_test_init+0x11f/0x180 [ 1219.649334][T16067] bpf_prog_test_run_xdp+0x48e/0x11b0 [ 1219.654693][T16067] ? __pfx_lock_acquire+0x10/0x10 [ 1219.659702][T16067] ? __pfx_lock_release+0x10/0x10 [ 1219.664715][T16067] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 1219.670505][T16067] ? __fget_files+0x29/0x470 [ 1219.675079][T16067] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 1219.680869][T16067] bpf_prog_test_run+0x33a/0x3b0 [ 1219.685795][T16067] __sys_bpf+0x48d/0x810 [ 1219.690039][T16067] ? __pfx___sys_bpf+0x10/0x10 [ 1219.694819][T16067] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1219.700790][T16067] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1219.707108][T16067] ? do_syscall_64+0x100/0x230 [ 1219.711862][T16067] __x64_sys_bpf+0x7c/0x90 [ 1219.716262][T16067] do_syscall_64+0xf3/0x230 [ 1219.720754][T16067] ? clear_bhb_loop+0x35/0x90 [ 1219.725426][T16067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1219.731310][T16067] RIP: 0033:0x7fd135b779f9 [ 1219.735714][T16067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1219.755301][T16067] RSP: 002b:00007fd13688a048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1219.763783][T16067] RAX: ffffffffffffffda RBX: 00007fd135d05f80 RCX: 00007fd135b779f9 [ 1219.771733][T16067] RDX: 0000000000000050 RSI: 0000000020000600 RDI: 000000000000000a [ 1219.779682][T16067] RBP: 00007fd13688a0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1219.787718][T16067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1219.795666][T16067] R13: 000000000000000b R14: 00007fd135d05f80 R15: 00007ffe5d52cde8 [ 1219.803627][T16067] [ 1219.806741][ C0] vkms_vblank_simulate: vblank timer overrun [ 1219.931243][T16070] No control pipe specified [ 1220.315805][ T5522] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1220.372869][T13273] usb 3-1: new full-speed USB device number 82 using dummy_hcd [ 1221.402974][T11750] Bluetooth: hci11: command tx timeout [ 1221.438437][T13273] usb 3-1: config 0 has an invalid interface number: 179 but max is 0 [ 1221.477569][T13273] usb 3-1: config 0 has no interface number 0 [ 1221.503508][T13273] usb 3-1: config 0 interface 179 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1221.527909][T13273] usb 3-1: New USB device found, idVendor=19d2, idProduct=1021, bcdDevice=ec.0d [ 1221.547943][T13273] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1221.562673][T13273] usb 3-1: Product: syz [ 1221.609701][T13273] usb 3-1: Manufacturer: syz [ 1221.633696][T13273] usb 3-1: SerialNumber: syz [ 1221.684648][T13273] usb 3-1: config 0 descriptor?? [ 1221.730504][T13273] option 3-1:0.179: GSM modem (1-port) converter detected [ 1221.760831][T16010] bridge0: port 1(bridge_slave_0) entered blocking state [ 1221.792570][T16010] bridge0: port 1(bridge_slave_0) entered disabled state [ 1221.831089][T16010] bridge_slave_0: entered allmulticast mode [ 1221.843962][T16010] bridge_slave_0: entered promiscuous mode [ 1221.866655][T16010] bridge0: port 2(bridge_slave_1) entered blocking state [ 1221.900803][T16010] bridge0: port 2(bridge_slave_1) entered disabled state [ 1221.922202][T16010] bridge_slave_1: entered allmulticast mode [ 1221.945472][T16010] bridge_slave_1: entered promiscuous mode [ 1221.953000][ T5267] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 1222.142737][ T5267] usb 5-1: Using ep0 maxpacket: 8 [ 1222.154906][ T5267] usb 5-1: New USB device found, idVendor=04e6, idProduct=000a, bcdDevice= 2.00 [ 1222.175324][ T5267] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1222.206638][ T5267] usb 5-1: Product: syz [ 1222.229516][ T5267] usb 5-1: Manufacturer: syz [ 1222.235470][ T5267] usb 5-1: SerialNumber: syz [ 1222.263552][ T5267] usb 5-1: config 0 descriptor?? [ 1222.285279][ T5267] usb-storage 5-1:0.0: USB Mass Storage device detected [ 1222.331376][T16010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1222.401305][T16010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1222.446028][ T5236] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1222.456766][ T5236] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1222.464728][ T5236] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1222.473273][ T5236] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1222.480975][ T5236] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1222.491687][ T5236] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1222.974003][ T5493] usb 3-1: USB disconnect, device number 82 [ 1222.982054][ T5493] option 3-1:0.179: device disconnected [ 1223.110226][ T5232] usb 5-1: USB disconnect, device number 66 [ 1223.141925][T16010] team0: Port device team_slave_0 added [ 1223.164111][T16010] team0: Port device team_slave_1 added [ 1223.197581][T16090] lo speed is unknown, defaulting to 1000 [ 1223.336837][T16010] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1223.363684][T16010] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1223.390502][ C0] vkms_vblank_simulate: vblank timer overrun [ 1224.595119][T13273] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 1229.101525][ T5236] Bluetooth: hci5: command tx timeout [ 1229.124160][T16010] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1229.224819][ T5522] bridge_slave_1: left allmulticast mode [ 1229.233050][T13273] usb 2-1: Using ep0 maxpacket: 32 [ 1229.240558][ T5522] bridge_slave_1: left promiscuous mode [ 1229.256022][T13273] usb 2-1: config index 0 descriptor too short (expected 35577, got 27) [ 1229.264740][T13273] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1229.277860][T13273] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1229.313297][T13273] usb 2-1: config 1 has no interface number 0 [ 1229.319577][T13273] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1229.322854][ T5522] bridge0: port 2(bridge_slave_1) entered disabled state [ 1229.330630][T13273] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1229.350621][T13273] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 1229.379011][T13273] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1229.418095][T13273] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1229.480712][ T5522] bridge_slave_0: left allmulticast mode [ 1229.518784][ T5522] bridge_slave_0: left promiscuous mode [ 1229.543486][ T5522] bridge0: port 1(bridge_slave_0) entered disabled state [ 1231.142885][ T5236] Bluetooth: hci5: command tx timeout [ 1231.304519][ T5522] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1231.325918][ T5522] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1231.344833][ T5522] bond0 (unregistering): Released all slaves [ 1231.448667][T13273] usb 2-1: can't set config #1, error -71 [ 1231.458657][T16090] lo speed is unknown, defaulting to 1000 [ 1231.470230][T16010] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1231.485231][T13273] usb 2-1: USB disconnect, device number 44 [ 1231.522717][T16010] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1231.624082][T16010] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1231.662284][T16111] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2725'. [ 1231.743668][T16111] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 1231.857617][T16118] rdma_rxe: rxe_newlink: failed to add lo [ 1233.213263][ T5236] Bluetooth: hci5: command tx timeout [ 1233.233649][T16010] hsr_slave_0: entered promiscuous mode [ 1233.309172][T16010] hsr_slave_1: entered promiscuous mode [ 1233.388292][T16010] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1233.442961][T16010] Cannot create hsr debugfs directory [ 1233.562081][T16133] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2731'. [ 1233.583308][T16133] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 1233.827115][T16142] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2733'. [ 1233.845572][T16142] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2733'. [ 1235.302423][ T5236] Bluetooth: hci5: command tx timeout [ 1235.548979][ T5522] hsr_slave_0: left promiscuous mode [ 1235.565392][ T5522] hsr_slave_1: left promiscuous mode [ 1235.582567][ T5522] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1235.597359][ T5522] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1235.614123][ T5522] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1235.630431][ T5522] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1235.691656][ T5522] veth1_macvtap: left promiscuous mode [ 1235.713221][ T5522] veth0_macvtap: left promiscuous mode [ 1235.718866][ T5522] veth1_vlan: left promiscuous mode [ 1235.725420][ T5522] veth0_vlan: left promiscuous mode [ 1236.601314][T16174] ebt_among: dst integrity fail: 200 [ 1237.486971][ T5522] team0 (unregistering): Port device team_slave_1 removed [ 1237.606384][ T5522] team0 (unregistering): Port device team_slave_0 removed [ 1239.054512][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 1239.061128][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 1240.748258][T16166] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 1240.928037][T16090] chnl_net:caif_netlink_parms(): no params data found [ 1241.326220][T16090] bridge0: port 1(bridge_slave_0) entered blocking state [ 1242.183679][T16090] bridge0: port 1(bridge_slave_0) entered disabled state [ 1242.213281][T16090] bridge_slave_0: entered allmulticast mode [ 1242.365252][T16090] bridge_slave_0: entered promiscuous mode [ 1242.412062][T16090] bridge0: port 2(bridge_slave_1) entered blocking state [ 1242.441468][T16090] bridge0: port 2(bridge_slave_1) entered disabled state [ 1242.467794][T16090] bridge_slave_1: entered allmulticast mode [ 1242.490166][T16090] bridge_slave_1: entered promiscuous mode [ 1242.922829][T16228] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2757'. [ 1242.933146][T16228] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 1243.103602][T16234] rdma_rxe: rxe_newlink: failed to add lo [ 1243.656745][T16090] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1243.706613][T16090] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1243.746881][T16233] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2758'. [ 1243.778967][T16010] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1243.891390][T16010] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1243.911261][T16010] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1244.029255][ T5522] IPVS: stop unused estimator thread 0... [ 1244.255091][T16010] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1245.162323][T16243] syz.1.2762: attempt to access beyond end of device [ 1245.162323][T16243] nbd1: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 1245.262705][ T943] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 1245.275341][T16090] team0: Port device team_slave_0 added [ 1245.398598][T16090] team0: Port device team_slave_1 added [ 1245.482957][ T943] usb 5-1: Using ep0 maxpacket: 8 [ 1245.503270][ T943] usb 5-1: New USB device found, idVendor=04e6, idProduct=000a, bcdDevice= 2.00 [ 1245.543722][ T943] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1245.563290][T16257] syz.2.2764: attempt to access beyond end of device [ 1245.563290][T16257] nbd2: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 1245.584838][ T943] usb 5-1: Product: syz [ 1245.600859][ T943] usb 5-1: Manufacturer: syz [ 1245.632399][ T943] usb 5-1: SerialNumber: syz [ 1245.648211][ T943] usb 5-1: config 0 descriptor?? [ 1245.667844][ T943] usb-storage 5-1:0.0: USB Mass Storage device detected [ 1245.885475][ T5522] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1246.080706][T16090] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1246.094389][T16090] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1246.175311][T16090] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1246.217811][T16090] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1246.270291][T16090] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1246.328731][ T5267] usb 5-1: USB disconnect, device number 67 [ 1246.391973][T16090] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1246.650175][ T5522] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1246.667224][T16269] netlink: 'syz.1.2765': attribute type 3 has an invalid length. [ 1246.963909][ T5522] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1247.104464][ T5522] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1247.586606][T16281] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2769'. [ 1247.605696][T16281] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 1247.620999][T16090] hsr_slave_0: entered promiscuous mode [ 1247.655757][T16090] hsr_slave_1: entered promiscuous mode [ 1247.720237][T16090] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1247.746326][T16090] Cannot create hsr debugfs directory [ 1247.903151][T16010] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1248.760796][T16010] 8021q: adding VLAN 0 to HW filter on device team0 [ 1249.120680][ T5522] team0: left allmulticast mode [ 1249.152214][ T5522] team_slave_0: left allmulticast mode [ 1249.168947][ T5522] team_slave_1: left allmulticast mode [ 1249.181885][ T5522] team0: left promiscuous mode [ 1249.192188][ T5522] team_slave_0: left promiscuous mode [ 1249.200650][ T5522] team_slave_1: left promiscuous mode [ 1249.243498][ T5522] bridge0: port 3(team0) entered disabled state [ 1249.294109][ T5522] bridge_slave_1: left allmulticast mode [ 1249.301303][ T5522] bridge_slave_1: left promiscuous mode [ 1249.319537][ T5522] bridge0: port 2(bridge_slave_1) entered disabled state [ 1249.335652][ T5522] bridge_slave_0: left allmulticast mode [ 1249.347518][ T5522] bridge_slave_0: left promiscuous mode [ 1249.378541][ T5522] bridge0: port 1(bridge_slave_0) entered disabled state [ 1249.683045][T16293] syz.4.2773: attempt to access beyond end of device [ 1249.683045][T16293] nbd4: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 1252.028947][ T5522] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1252.087624][ T5522] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1252.136849][ T5522] bond0 (unregistering): Released all slaves [ 1252.198204][ T9448] bridge0: port 1(bridge_slave_0) entered blocking state [ 1252.207124][ T9448] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1252.512556][T16326] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2779'. [ 1252.524979][T16326] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 1252.753334][T16333] x_tables: ip6_tables: sctp match: only valid for protocol 132 [ 1253.636817][T13273] bridge0: port 2(bridge_slave_1) entered blocking state [ 1253.643958][T13273] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1255.873249][T16353] syz.4.2788: attempt to access beyond end of device [ 1255.873249][T16353] nbd4: rw=4096, sector=0, nr_sectors = 1 limit=0 [ 1256.178136][ T5269] usb 3-1: new high-speed USB device number 83 using dummy_hcd [ 1256.413152][ T5269] usb 3-1: Using ep0 maxpacket: 8 [ 1256.457390][ T5269] usb 3-1: New USB device found, idVendor=04e6, idProduct=000a, bcdDevice= 2.00 [ 1256.544449][ T5269] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1256.562868][ T5269] usb 3-1: Product: syz [ 1256.585236][ T5269] usb 3-1: Manufacturer: syz [ 1256.629744][ T5269] usb 3-1: SerialNumber: syz [ 1256.732237][ T5269] usb 3-1: config 0 descriptor?? [ 1256.763572][T16010] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1256.821117][ T5522] hsr_slave_0: left promiscuous mode [ 1256.842111][ T5522] hsr_slave_1: left promiscuous mode [ 1256.850556][ T5522] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1256.873805][ T5522] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1256.891557][ T5522] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1256.921250][ T5522] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1256.968917][ T5522] veth1_macvtap: left promiscuous mode [ 1256.985540][ T5522] veth0_macvtap: left promiscuous mode [ 1257.005781][ T5522] veth1_vlan: left promiscuous mode [ 1257.020590][ T5522] veth0_vlan: left promiscuous mode [ 1257.061018][ T5269] usb-storage 3-1:0.0: USB Mass Storage device detected [ 1257.269581][ T5522] infiniband syz0: set down [ 1257.500379][ T5269] usb 3-1: USB disconnect, device number 83 [ 1258.317485][ T29] audit: type=1326 audit(1722811624.430:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16383 comm="syz.2.2792" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff487f779f9 code=0x0 [ 1258.387375][ T5522] team0 (unregistering): Port device team_slave_1 removed [ 1258.486856][ T5522] team0 (unregistering): Port device team_slave_0 removed [ 1259.409267][ T62] smc: removing ib device syz0 [ 1259.488094][T16392] No control pipe specified [ 1260.231683][T13273] lo speed is unknown, defaulting to 1000 [ 1260.586820][T16090] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1261.613479][T16090] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1261.732362][T16090] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1261.909015][T16010] veth0_vlan: entered promiscuous mode [ 1261.968818][T16090] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1262.196269][T16410] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2799'. [ 1262.392405][T16010] veth1_vlan: entered promiscuous mode [ 1263.366926][T16010] veth0_macvtap: entered promiscuous mode [ 1263.383960][T16420] x_tables: ip6_tables: sctp match: only valid for protocol 132 [ 1263.426182][T16010] veth1_macvtap: entered promiscuous mode [ 1263.469470][T16010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1263.494105][T16010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1263.511910][T16010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1263.571887][T16010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1263.603303][T16010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1263.675340][T16010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1263.729564][T16010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1263.752435][T16010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1263.786864][T16010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1263.817885][T16010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1263.883259][T16010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1263.929612][T16010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1263.971378][T16010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1264.020968][T16010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1264.051439][T16010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1264.106416][T16010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1264.116361][T16010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1264.128673][T16010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1264.138815][T16010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1264.149364][T16010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1264.221600][T16010] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1264.239399][ T5493] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 1264.297423][T16010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1264.349297][T16010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1264.403001][T16010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1264.447573][T16010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1264.453197][ T5493] usb 5-1: config 0 has an invalid interface number: 125 but max is 0 [ 1264.525926][ T5493] usb 5-1: config 0 has no interface number 0 [ 1264.526683][T16010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1264.532322][ T5493] usb 5-1: New USB device found, idVendor=0403, idProduct=bcd9, bcdDevice=94.33 [ 1264.623033][ T5493] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1264.668898][ T5493] usb 5-1: config 0 descriptor?? [ 1264.695727][T16010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1264.713611][ T5493] ftdi_sio 5-1:0.125: FTDI USB Serial Device converter detected [ 1264.742433][T16010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1264.771473][ T5493] ftdi_sio ttyUSB0: unknown device type: 0x9433 [ 1264.839826][T16436] rdma_rxe: rxe_newlink: failed to add lo [ 1264.915981][T16010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1264.959461][T16010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1265.027931][T16010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1265.062086][T16010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1265.097993][T16010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1265.139020][T16010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1265.157689][T16010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1265.192539][T16010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1265.242091][T16010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1265.281611][T16010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1265.305673][T16010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1265.346109][T16010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1265.388900][T16010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1265.483723][T16010] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1265.648260][T16090] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1265.859703][T16010] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1265.890085][T16010] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1265.903285][T16010] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1265.935172][T16010] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1266.001993][T16090] 8021q: adding VLAN 0 to HW filter on device team0 [ 1266.112288][T13273] bridge0: port 1(bridge_slave_0) entered blocking state [ 1266.119444][T13273] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1266.178649][T13273] bridge0: port 2(bridge_slave_1) entered blocking state [ 1266.185914][T13273] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1266.474720][ T9250] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1266.521906][ T9250] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1266.626994][T16090] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1266.749000][T16449] netlink: 129384 bytes leftover after parsing attributes in process `syz.1.2806'. [ 1266.792094][ T2921] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1266.828019][T16451] fuse: Unknown parameter '0000000000000000000000401777777777777777777777' [ 1266.837771][ T2921] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1267.169408][ T5269] usb 5-1: USB disconnect, device number 68 [ 1267.220078][ T5269] ftdi_sio 5-1:0.125: device disconnected [ 1267.424283][T16090] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1267.549748][T16468] cgroup: noprefix used incorrectly [ 1267.594164][T16090] veth0_vlan: entered promiscuous mode [ 1267.675615][T16471] rdma_rxe: rxe_newlink: failed to add lo [ 1267.746403][T16090] veth1_vlan: entered promiscuous mode [ 1267.868222][T16090] veth0_macvtap: entered promiscuous mode [ 1267.966290][T16473] can0: slcan on ttyS3. [ 1267.969250][T16090] veth1_macvtap: entered promiscuous mode [ 1268.094892][T16475] can0 (unregistered): slcan off ttyS3. [ 1268.170014][T16090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1268.250128][T16090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1268.289894][T16090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1268.486872][T16090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.230986][T16090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1270.287672][T16090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.317172][T16090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1270.363995][T16090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.384613][T16090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1270.397227][T16090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.412507][T16090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1270.431553][T16090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.446175][T16090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1270.470629][T16090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.484858][T16090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1270.527856][T16090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.563998][T16090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1270.605749][T16090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.651907][T16090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1270.682149][T16090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.704234][T16090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1270.720654][T16090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.742129][T16090] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1270.881396][T16090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1270.901924][T16090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1270.939557][T16090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1271.009778][T16090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1271.181884][T16090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1271.200918][T16090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1271.986211][T16090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1272.019919][T16090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1272.062765][T16090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1272.082782][T16090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1272.171967][T16090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1272.213033][T16090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1272.265948][T16090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1272.326911][T16090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1272.378108][T16090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1272.406640][T16090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1272.422257][T16090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1272.442994][T16090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1272.467649][T16090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1272.492464][T16090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1272.514663][T16090] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1272.539929][T16090] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1272.573802][T16090] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1272.600561][T16492] lo speed is unknown, defaulting to 1000 [ 1272.630439][T16492] lo speed is unknown, defaulting to 1000 [ 1272.637007][T16492] lo speed is unknown, defaulting to 1000 [ 1272.718157][T16492] infiniband syz0: set active [ 1272.722920][T16492] infiniband syz0: added lo [ 1272.727742][T16492] syz0: rxe_create_cq: returned err = -12 [ 1272.733540][T16492] infiniband syz0: Couldn't create ib_mad CQ [ 1272.739579][T16492] infiniband syz0: Couldn't open port 1 [ 1272.773596][T16492] RDS/IB: syz0: added [ 1272.777611][T16492] smc: adding ib device syz0 with port count 1 [ 1272.783796][T16492] smc: ib device syz0 port 1 has pnetid [ 1272.859365][ T5270] lo speed is unknown, defaulting to 1000 [ 1272.871759][T16492] lo speed is unknown, defaulting to 1000 [ 1272.956161][T16492] lo speed is unknown, defaulting to 1000 [ 1273.042413][T16492] lo speed is unknown, defaulting to 1000 [ 1273.126773][T16492] lo speed is unknown, defaulting to 1000 [ 1273.212515][T16492] lo speed is unknown, defaulting to 1000 [ 1273.296015][T16492] lo speed is unknown, defaulting to 1000 [ 1273.377598][T16492] lo speed is unknown, defaulting to 1000 [ 1273.460653][T16492] lo speed is unknown, defaulting to 1000 [ 1273.544445][T16492] lo speed is unknown, defaulting to 1000 [ 1273.628003][T16492] lo speed is unknown, defaulting to 1000 [ 1273.711502][T16492] lo speed is unknown, defaulting to 1000 [ 1273.796052][T16492] lo speed is unknown, defaulting to 1000 [ 1273.938453][ T9448] lo speed is unknown, defaulting to 1000 [ 1273.955124][T16090] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1273.964311][T16090] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1273.973076][T16090] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1273.981775][T16090] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1274.418508][ T5521] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1274.434387][ T5521] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1274.466048][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1274.485067][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1274.505386][ T943] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 1274.713884][ T943] usb 4-1: Using ep0 maxpacket: 16 [ 1274.741706][ T943] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 1274.751763][ T5270] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 1274.781870][ T943] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 0 [ 1274.797636][ T943] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1274.833149][ T943] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 1274.895133][ T943] usb 4-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87 [ 1274.913231][ T943] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1274.964856][ T5270] usb 5-1: config 0 has an invalid interface number: 125 but max is 0 [ 1274.983164][ T943] usb 4-1: Product: syz [ 1274.992435][ T5270] usb 5-1: config 0 has no interface number 0 [ 1274.999927][ T943] usb 4-1: Manufacturer: syz [ 1275.011029][ T943] usb 4-1: SerialNumber: syz [ 1275.014693][T16520] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2821'. [ 1275.026630][ T5270] usb 5-1: New USB device found, idVendor=0403, idProduct=bcd9, bcdDevice=94.33 [ 1275.038570][T16520] (unnamed net_device) (uninitialized): option lacp_active: invalid value (139) [ 1275.056163][ T5270] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1275.069161][ T943] usb 4-1: config 0 descriptor?? [ 1275.079104][ T943] port100 4-1:0.0: NFC: Could not get supported command types [ 1275.094695][ T5270] usb 5-1: config 0 descriptor?? [ 1275.107430][ T5270] ftdi_sio 5-1:0.125: FTDI USB Serial Device converter detected [ 1275.108335][ T5270] ftdi_sio ttyUSB0: unknown device type: 0x9433 [ 1275.344598][ T5267] usb 5-1: USB disconnect, device number 69 [ 1275.351104][ T5267] ftdi_sio 5-1:0.125: device disconnected [ 1275.409274][T16509] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1275.435834][ T29] audit: type=1326 audit(1722811641.550:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=16521 comm="syz.0.2823" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb4a33779f9 code=0x0 [ 1275.440188][T16509] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1275.536913][ T47] usb 4-1: USB disconnect, device number 58 [ 1276.802016][T11750] BUG: workqueue leaked atomic, lock or RCU: kworker/u9:1[11750] [ 1276.802016][T11750] preempt=0x00000000 lock=0->1 RCU=0->0 workfn=hci_rx_work [ 1276.818210][T11750] 1 lock held by kworker/u9:1/11750: [ 1276.823617][T11750] #0: ffff88807ae1a518 (&chan->lock/1){+.+.}-{3:3}, at: l2cap_recv_frame+0x7ce/0x10840 [ 1276.835744][T11750] CPU: 0 UID: 0 PID: 11750 Comm: kworker/u9:1 Not tainted 6.11.0-rc1-syzkaller-00334-ga5dbd76a8942 #0 [ 1276.846669][T11750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1276.856712][T11750] Workqueue: hci5 hci_rx_work [ 1276.861654][T11750] Call Trace: [ 1276.864930][T11750] [ 1276.867858][T11750] dump_stack_lvl+0x241/0x360 [ 1276.872542][T11750] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1276.877727][T11750] ? skb_dequeue+0x113/0x150 [ 1276.882328][T11750] process_scheduled_works+0x1121/0x1830 [ 1276.888002][T11750] ? __pfx_process_scheduled_works+0x10/0x10 [ 1276.894004][T11750] ? assign_work+0x364/0x3d0 [ 1276.898591][T11750] worker_thread+0x86d/0xd40 [ 1276.903180][T11750] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1276.909074][T11750] ? __kthread_parkme+0x169/0x1d0 [ 1276.914102][T11750] ? __pfx_worker_thread+0x10/0x10 [ 1276.919210][T11750] kthread+0x2f0/0x390 [ 1276.923273][T11750] ? __pfx_worker_thread+0x10/0x10 [ 1276.928373][T11750] ? __pfx_kthread+0x10/0x10 [ 1276.932950][T11750] ret_from_fork+0x4b/0x80 [ 1276.937354][T11750] ? __pfx_kthread+0x10/0x10 [ 1276.941930][T11750] ret_from_fork_asm+0x1a/0x30 [ 1276.946693][T11750] [ 1277.157165][T16535] lo speed is unknown, defaulting to 1000 [ 1277.163917][T16540] FAULT_INJECTION: forcing a failure. [ 1277.163917][T16540] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1277.211788][T16540] CPU: 0 UID: 0 PID: 16540 Comm: syz.3.2826 Not tainted 6.11.0-rc1-syzkaller-00334-ga5dbd76a8942 #0 [ 1277.222550][T16540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1277.232587][T16540] Call Trace: [ 1277.235859][T16540] [ 1277.238771][T16540] dump_stack_lvl+0x241/0x360 [ 1277.243457][T16540] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1277.248646][T16540] ? __pfx__printk+0x10/0x10 [ 1277.253251][T16540] ? snprintf+0xda/0x120 [ 1277.257502][T16540] should_fail_ex+0x3b0/0x4e0 [ 1277.262174][T16540] _copy_to_user+0x2f/0xb0 [ 1277.266583][T16540] simple_read_from_buffer+0xca/0x150 [ 1277.271954][T16540] proc_fail_nth_read+0x1e9/0x250 [ 1277.276982][T16540] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1277.282527][T16540] ? rw_verify_area+0x520/0x6b0 [ 1277.287371][T16540] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1277.292911][T16540] vfs_read+0x204/0xbc0 [ 1277.297052][T16540] ? __pfx_lock_release+0x10/0x10 [ 1277.302072][T16540] ? __pfx_vfs_read+0x10/0x10 [ 1277.306741][T16540] ? __fget_files+0x29/0x470 [ 1277.311322][T16540] ? __fget_files+0x3f6/0x470 [ 1277.315996][T16540] ksys_read+0x1a0/0x2c0 [ 1277.320231][T16540] ? __pfx_ksys_read+0x10/0x10 [ 1277.324983][T16540] ? do_syscall_64+0x100/0x230 [ 1277.329740][T16540] ? do_syscall_64+0xb6/0x230 [ 1277.334422][T16540] do_syscall_64+0xf3/0x230 [ 1277.338920][T16540] ? clear_bhb_loop+0x35/0x90 [ 1277.343587][T16540] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1277.349476][T16540] RIP: 0033:0x7fab6ed7643c [ 1277.353884][T16540] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 1277.373495][T16540] RSP: 002b:00007fab6fb1d040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1277.381922][T16540] RAX: ffffffffffffffda RBX: 00007fab6ef05f80 RCX: 00007fab6ed7643c [ 1277.389889][T16540] RDX: 000000000000000f RSI: 00007fab6fb1d0b0 RDI: 0000000000000004 [ 1277.397852][T16540] RBP: 00007fab6fb1d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 1277.405815][T16540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1277.413780][T16540] R13: 000000000000000b R14: 00007fab6ef05f80 R15: 00007ffdcf24bd58 [ 1277.421758][T16540] [ 1277.596077][T11750] [ 1277.598412][T11750] ====================================================== [ 1277.605403][T11750] WARNING: possible circular locking dependency detected [ 1277.612402][T11750] 6.11.0-rc1-syzkaller-00334-ga5dbd76a8942 #0 Not tainted [ 1277.619481][T11750] ------------------------------------------------------ [ 1277.626472][T11750] kworker/u9:1/11750 is trying to acquire lock: [ 1277.632683][T11750] ffff88801fd29148 ((wq_completion)hci5#2){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830 [ 1277.643198][T11750] [ 1277.643198][T11750] but task is already holding lock: [ 1277.650553][T11750] ffff88807ae1a518 (&chan->lock/1){+.+.}-{3:3}, at: l2cap_recv_frame+0x7ce/0x10840 [ 1277.659876][T11750] [ 1277.659876][T11750] which lock already depends on the new lock. [ 1277.659876][T11750] [ 1277.670253][T11750] [ 1277.670253][T11750] the existing dependency chain (in reverse order) is: [ 1277.679240][T11750] [ 1277.679240][T11750] -> #1 (&chan->lock/1){+.+.}-{3:3}: [ 1277.686692][T11750] reacquire_held_locks+0x3eb/0x690 [ 1277.692388][T11750] lock_release+0x396/0xa30 [ 1277.697396][T11750] process_scheduled_works+0xb34/0x1830 [ 1277.703442][T11750] worker_thread+0x86d/0xd40 [ 1277.708528][T11750] kthread+0x2f0/0x390 [ 1277.713097][T11750] ret_from_fork+0x4b/0x80 [ 1277.718012][T11750] ret_from_fork_asm+0x1a/0x30 [ 1277.723275][T11750] [ 1277.723275][T11750] -> #0 ((wq_completion)hci5#2){+.+.}-{0:0}: [ 1277.731413][T11750] validate_chain+0x18e0/0x5900 [ 1277.736759][T11750] __lock_acquire+0x137a/0x2040 [ 1277.742107][T11750] lock_acquire+0x1ed/0x550 [ 1277.747106][T11750] process_scheduled_works+0x91f/0x1830 [ 1277.753151][T11750] worker_thread+0x86d/0xd40 [ 1277.758242][T11750] kthread+0x2f0/0x390 [ 1277.762811][T11750] ret_from_fork+0x4b/0x80 [ 1277.767726][T11750] ret_from_fork_asm+0x1a/0x30 [ 1277.772989][T11750] [ 1277.772989][T11750] other info that might help us debug this: [ 1277.772989][T11750] [ 1277.783198][T11750] Possible unsafe locking scenario: [ 1277.783198][T11750] [ 1277.790631][T11750] CPU0 CPU1 [ 1277.795973][T11750] ---- ---- [ 1277.801310][T11750] lock(&chan->lock/1); [ 1277.805533][T11750] lock((wq_completion)hci5#2); [ 1277.812969][T11750] lock(&chan->lock/1); [ 1277.819706][T11750] lock((wq_completion)hci5#2); [ 1277.824623][T11750] [ 1277.824623][T11750] *** DEADLOCK *** [ 1277.824623][T11750] [ 1277.832740][T11750] 1 lock held by kworker/u9:1/11750: [ 1277.837997][T11750] #0: ffff88807ae1a518 (&chan->lock/1){+.+.}-{3:3}, at: l2cap_recv_frame+0x7ce/0x10840 [ 1277.847726][T11750] [ 1277.847726][T11750] stack backtrace: [ 1277.853593][T11750] CPU: 0 UID: 0 PID: 11750 Comm: kworker/u9:1 Not tainted 6.11.0-rc1-syzkaller-00334-ga5dbd76a8942 #0 [ 1277.864510][T11750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1277.874549][T11750] Workqueue: hci5 hci_conn_timeout [ 1277.879646][T11750] Call Trace: [ 1277.882906][T11750] [ 1277.885830][T11750] dump_stack_lvl+0x241/0x360 [ 1277.890514][T11750] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1277.895701][T11750] ? print_circular_bug+0x130/0x1a0 [ 1277.900879][T11750] check_noncircular+0x36a/0x4a0 [ 1277.905798][T11750] ? __pfx_check_noncircular+0x10/0x10 [ 1277.911234][T11750] ? lockdep_lock+0x123/0x2b0 [ 1277.915893][T11750] ? validate_chain+0x11e/0x5900 [ 1277.920806][T11750] ? __pfx_validate_chain+0x10/0x10 [ 1277.925981][T11750] validate_chain+0x18e0/0x5900 [ 1277.930831][T11750] ? __pfx_validate_chain+0x10/0x10 [ 1277.936012][T11750] ? mark_lock+0x9a/0x350 [ 1277.940319][T11750] ? __lock_acquire+0x137a/0x2040 [ 1277.945329][T11750] ? mark_lock+0x9a/0x350 [ 1277.949636][T11750] ? debug_object_deactivate+0x2d5/0x390 [ 1277.955245][T11750] __lock_acquire+0x137a/0x2040 [ 1277.960081][T11750] lock_acquire+0x1ed/0x550 [ 1277.964562][T11750] ? process_scheduled_works+0x90a/0x1830 [ 1277.970261][T11750] ? __pfx_lock_acquire+0x10/0x10 [ 1277.975699][T11750] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1277.981665][T11750] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1277.987981][T11750] ? _raw_spin_unlock_irq+0x23/0x50 [ 1277.993177][T11750] process_scheduled_works+0x91f/0x1830 [ 1277.998701][T11750] ? process_scheduled_works+0x90a/0x1830 [ 1278.004403][T11750] ? __pfx_process_scheduled_works+0x10/0x10 [ 1278.010367][T11750] ? assign_work+0x364/0x3d0 [ 1278.014935][T11750] worker_thread+0x86d/0xd40 [ 1278.019505][T11750] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1278.025377][T11750] ? __kthread_parkme+0x169/0x1d0 [ 1278.030379][T11750] ? __pfx_worker_thread+0x10/0x10 [ 1278.035465][T11750] kthread+0x2f0/0x390 [ 1278.039516][T11750] ? __pfx_worker_thread+0x10/0x10 [ 1278.044618][T11750] ? __pfx_kthread+0x10/0x10 [ 1278.049199][T11750] ret_from_fork+0x4b/0x80 [ 1278.053601][T11750] ? __pfx_kthread+0x10/0x10 [ 1278.058180][T11750] ret_from_fork_asm+0x1a/0x30 [ 1278.062935][T11750] [ 1278.146784][T11750] BUG: workqueue leaked atomic, lock or RCU: kworker/u9:1[11750] [ 1278.146784][T11750] preempt=0x00000000 lock=1->0 RCU=0->0 workfn=hci_conn_timeout [ 1278.164735][T11750] INFO: lockdep is turned off. [ 1278.169709][T11750] CPU: 1 UID: 0 PID: 11750 Comm: kworker/u9:1 Not tainted 6.11.0-rc1-syzkaller-00334-ga5dbd76a8942 #0 [ 1278.180640][T11750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1278.190682][T11750] Workqueue: hci5 hci_conn_timeout [ 1278.195794][T11750] Call Trace: [ 1278.199078][T11750] [ 1278.202012][T11750] dump_stack_lvl+0x241/0x360 [ 1278.206710][T11750] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1278.211923][T11750] ? __pfx__printk+0x10/0x10 [ 1278.216528][T11750] process_scheduled_works+0x1121/0x1830 [ 1278.222163][T11750] ? __pfx_process_scheduled_works+0x10/0x10 [ 1278.228133][T11750] ? assign_work+0x364/0x3d0 [ 1278.232710][T11750] worker_thread+0x86d/0xd40 [ 1278.237293][T11750] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1278.243173][T11750] ? __kthread_parkme+0x169/0x1d0 [ 1278.248188][T11750] ? __pfx_worker_thread+0x10/0x10 [ 1278.253287][T11750] kthread+0x2f0/0x390 [ 1278.257350][T11750] ? __pfx_worker_thread+0x10/0x10 [ 1278.262448][T11750] ? __pfx_kthread+0x10/0x10 [ 1278.267024][T11750] ret_from_fork+0x4b/0x80 [ 1278.271427][T11750] ? __pfx_kthread+0x10/0x10 [ 1278.276005][T11750] ret_from_fork_asm+0x1a/0x30 [ 1278.280768][T11750] [ 1278.318711][T16535] lo speed is unknown, defaulting to 1000 [ 1282.339345][ T2921] bridge_slave_1: left allmulticast mode [ 1282.347130][ T2921] bridge_slave_1: left promiscuous mode [ 1282.353610][ T2921] bridge0: port 2(bridge_slave_1) entered disabled state [ 1282.368235][ T2921] bridge_slave_0: left allmulticast mode [ 1282.374029][ T2921] bridge_slave_0: left promiscuous mode [ 1282.380137][ T2921] bridge0: port 1(bridge_slave_0) entered disabled state [ 1282.554732][ T2921] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1282.568263][ T2921] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1282.581021][ T2921] bond0 (unregistering): Released all slaves [ 1283.076061][ T2921] hsr_slave_0: left promiscuous mode [ 1283.086983][ T2921] hsr_slave_1: left promiscuous mode [ 1283.094012][ T2921] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1283.101888][ T2921] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1283.119439][ T2921] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1283.127544][ T2921] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1283.139912][ T2921] veth1_macvtap: left promiscuous mode [ 1283.146156][ T2921] veth0_macvtap: left promiscuous mode [ 1283.151917][ T2921] veth1_vlan: left promiscuous mode [ 1283.157550][ T2921] veth0_vlan: left promiscuous mode [ 1283.453243][ T2921] team0 (unregistering): Port device team_slave_1 removed [ 1283.491971][ T2921] team0 (unregistering): Port device team_slave_0 removed