last executing test programs: 8m57.184579694s ago: executing program 2 (id=5973): r0 = fsopen(&(0x7f0000000040)='configfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) fsmount(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000700)={{r1}, &(0x7f0000000680), &(0x7f00000006c0)='%+9llu \x00'}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000008c0)='sys_enter\x00', r2}, 0x10) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) 8m57.027937521s ago: executing program 2 (id=5974): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) syz_emit_ethernet(0x46, &(0x7f0000000380)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6064cdd800100000fe0000000000007bae020000c0bd0000000000000000060000000000000000001f00c2"], 0x0) 8m56.822496691s ago: executing program 2 (id=5975): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x101141, 0x0) pwritev(r0, 0x0, 0x0, 0x17ffffd, 0x0) 8m56.600615116s ago: executing program 2 (id=5977): r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, 0x0) write$FUSE_INIT(r0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[], 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r1}, 0x10) pipe(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) r6 = dup(r5) write$UHID_INPUT(r6, &(0x7f0000002080)={0xc, {"a2e3ad2121c752f91b2538f70e06d038e7ff7fc6e5539b3250078b089b3908386d090890e0878f0e1ac6e7049b3367959b619a240d5b67f3988f7e0319520100ffe8d178708c523c921b1b5b31330d095d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d606495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07840900000000000000f5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c000003716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f22b625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a605fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b611fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47afed367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006) 8m54.334840062s ago: executing program 2 (id=5988): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000003680)='sched_switch\x00', r3}, 0x10) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) 8m52.169990923s ago: executing program 2 (id=5993): mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) write$cgroup_pid(r1, &(0x7f00000001c0), 0x12) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = openat$cgroup_ro(r2, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000200)=0x1, 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) write$cgroup_int(r5, &(0x7f0000000200)=0x1, 0x12) 13.518938203s ago: executing program 3 (id=7961): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a000090400000103010100092100080001220100090581"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x14d802, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[], 0x38}, 0x1, 0x300}, 0x0) r5 = socket(0x10, 0x3, 0x9) sendmmsg$alg(r5, &(0x7f0000000140), 0x4924b68, 0x0) r6 = dup(r4) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000008000048"]) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f0000000140), 0x4) setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_128={{0x304, 0x38}, "837ad552eed22b08", "e20000000000000010000000002000", '\x00', "d647cb0002ff00"}, 0x28) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r7, 0x11a, 0x4, 0x0, 0x0) io_uring_setup(0x6119, &(0x7f00000000c0)={0x0, 0x1744, 0x40, 0x2, 0x88, 0x0, r6}) r8 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r8, 0x0) r9 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r9, &(0x7f0000002c80)={0xa, 0x14e24, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x80000000}, 0x1c) connect$inet6(r9, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c) sendmmsg(r9, &(0x7f00000092c0), 0x4ff, 0x0) 12.141482331s ago: executing program 3 (id=7975): openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f000000b000/0x2000)=nil}) ioctl$EVIOCSABS3F(0xffffffffffffffff, 0x401845ff, &(0x7f0000000100)={0xc, 0x2, 0x200, 0x2a, 0x2, 0x2}) r0 = fsopen(&(0x7f0000000000)='smb3\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='source', &(0x7f0000005fc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b0x0}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'bond0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0002000000000000140012800c0001006d6163766c616e000400028008000500", @ANYRES32=r3, @ANYBLOB="08d645001de66b66c460df1fc7e1770977be1c120c7b23cdcb292d74dbc80c61c41fab7af96bc699bb4329896542ce65db8ddbfda82fee84ea49b9d8fba8dc906c9b9a10c3be35f64ba2e2bfdd350affb250bbcf25eab69415051077e05f744869eaa5076644e3903b0ae84ed22ef1d165", @ANYRES32=r4], 0x44}, 0x1, 0x0, 0x0, 0x4c800}, 0x8001) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008108040f80ecdb4cb92e0a480e000f000000e8bd6efb250314000e000100240248ff050005001200", 0x2e}], 0x1}, 0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0x105240, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r6, 0x4058534c, &(0x7f0000000080)={0x80, 0x0, 0x2}) dup3(r6, r6, 0x0) listen(r0, 0x5d) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) listen(r7, 0x100) r8 = socket$inet(0xa, 0x801, 0x84) listen(r8, 0x8) r9 = socket$inet(0xa, 0x801, 0x84) listen(r9, 0x1) r10 = socket$inet6(0xa, 0x1, 0x8010000000000084) r11 = socket$inet(0xa, 0x801, 0x84) socket$inet6_sctp(0xa, 0x1, 0x84) listen(r10, 0x200100) listen(r11, 0x8) r12 = socket$netlink(0x10, 0x3, 0x4) writev(r12, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r12) 10.894384153s ago: executing program 3 (id=7977): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0xa2500, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000800)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x42}}, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r5 = dup2(r4, r4) r6 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r6, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) r7 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x10, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME={0xc, 0x8, 0x100000001}]}}]}, 0x40}}, 0x0) setsockopt$inet_mreqn(r6, 0x0, 0x20, &(0x7f0000000100)={@multicast2, @broadcast, r8}, 0x61) setsockopt$inet_mreqn(r6, 0x0, 0x28, &(0x7f0000000080)={@multicast1, @local}, 0xc) write$vhost_msg_v2(r5, &(0x7f0000000280)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2}}, 0x48) ioctl$RTC_UIE_ON(r5, 0x7003) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="39154ebc", @ANYRES16=r1, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r3, @ANYBLOB="08002600940900000800b700000000000800a1000000100008009f0007000000"], 0x3c}}, 0x0) r10 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007e3dc410cd0621013ddd0102030109021b000100094000090485000189fe1f000905820220"], 0x0) syz_usb_ep_write$ath9k_ep1(r10, 0x82, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r10, &(0x7f0000000300)={0x14, 0x0, &(0x7f00000002c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) sendto$inet(r0, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9ecda75e2a7d49d5cbcb370c4d789390a328ba42c9c60cf2154d1b659aa709e8980a522cfb72f23", 0x59, 0x0, 0x0, 0x0) 7.719261926s ago: executing program 3 (id=7985): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) (async) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) (async) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000880)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="409bf27b5fab952a9af3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000dc0)={0x0, 0x30, 0x4, "a15888ad"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) (async) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000c40)={0x44, &(0x7f0000000a00)={0x0, 0x0, 0x4, "1b2ee791"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) syz_usb_control_io$uac1(r0, 0x0, 0x0) (async) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000100)={0x34, &(0x7f0000000840)={0x20, 0xc, 0x4, "f4950fe2"}, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) (async) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000002c0)={0x1c, &(0x7f0000000140)={0x20, 0x0, 0x4, "bd823f9d"}, 0x0, 0x0}) (async) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000740)={0x40, 0x8, 0x4d, "1497910b"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) (async, rerun: 64) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000700)={0x2c, &(0x7f0000000500)={0x40, 0x10, 0x4, "e8ba7de6"}, 0x0, 0x0, 0x0, 0x0}) (async, rerun: 64) syz_usb_control_io$printer(r0, 0x0, 0x0) (async) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000740)=0x2a68, 0x4) (async) setsockopt$sock_int(r1, 0x1, 0x29, &(0x7f0000000040)=0x92c, 0x4) (async, rerun: 64) recvfrom$packet(r1, 0x0, 0x0, 0x0, 0x0, 0x0) (async, rerun: 64) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000107d1e502d0000ecff000109022400010000300009040000010300020009210700b90122070009058103"], 0x0) syz_emit_ethernet(0x5e, &(0x7f0000001000)={@multicast, @remote, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "2e2caa", 0x28, 0x0, 0x0, @remote, @mcast2, {[@hopopts={0x0, 0x3, '\x00', [@ra, @hao={0xc9, 0x10, @rand_addr=' \x01\x00'}, @ra]}]}}}}}, 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io(r4, &(0x7f0000000380)={0x18, &(0x7f0000000140)=ANY=[@ANYBLOB="003107000000078c214047cfd1"], 0x0, 0x0, 0x0, 0x0}, 0x0) (async) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) dup(r5) 7.126832351s ago: executing program 4 (id=7988): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$getregset(0x4205, r0, 0x202, &(0x7f0000000240)={&(0x7f0000000180)=""/120, 0xffffffffffffff28}) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r1, &(0x7f0000000180)=""/97, 0x61) r2 = socket$key(0xf, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) sendmsg$key(r2, &(0x7f00000001c0)={0x500, 0x0, &(0x7f0000000040)={0x0}}, 0x4008040) r4 = openat$ttyS3(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_opts(r5, 0x0, 0x4, &(0x7f0000000000)="89070404", 0x4) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10) sendto$inet(r5, 0x0, 0xfffe, 0x0, &(0x7f0000000080)={0x2, 0x4e23, @broadcast}, 0x10) r6 = dup(r4) ioctl$TCSETSW2(r6, 0x402c542c, 0x0) ioctl$TIOCMBIS(r6, 0x5416, &(0x7f0000000100)=0x7) r7 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r7, 0x0, 0x8, &(0x7f0000000240)=ANY=[], 0x1) getsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, r8}) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000680)={0x1b, 0x0, 0x0, 0x3, 0x0, r3, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x3, 0x0, @void, @value, @void, @value}, 0x48) r9 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r9, 0x8933, 0x0) bind$can_j1939(r9, 0x0, 0x0) 5.719986111s ago: executing program 1 (id=7994): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0xa2500, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000800)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x42}}, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r5 = dup2(r4, r4) r6 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r6, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) r7 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x10, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME={0xc, 0x8, 0x100000001}]}}]}, 0x40}}, 0x0) setsockopt$inet_mreqn(r6, 0x0, 0x20, &(0x7f0000000100)={@multicast2, @broadcast, r8}, 0x61) setsockopt$inet_mreqn(r6, 0x0, 0x28, &(0x7f0000000080)={@multicast1, @local}, 0xc) write$vhost_msg_v2(r5, &(0x7f0000000280)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2}}, 0x48) ioctl$RTC_UIE_ON(r5, 0x7003) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="39154ebc", @ANYRES16=r1, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r3, @ANYBLOB="08002600940900000800b700000000000800a1000000100008009f0007000000"], 0x3c}}, 0x0) r10 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007e3dc410cd0621013ddd0102030109021b000100094000090485000189fe1f000905820220"], 0x0) syz_usb_ep_write$ath9k_ep1(r10, 0x82, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r10, &(0x7f0000000300)={0x14, 0x0, &(0x7f00000002c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) sendto$inet(r0, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9ecda75e2a7d49d5cbcb370c4d789390a328ba42c9c60cf2154d1b659aa709e8980a522cfb72f23", 0x59, 0x0, 0x0, 0x0) 4.507238408s ago: executing program 0 (id=7997): syz_usb_connect(0x3, 0x24, &(0x7f00000009c0)={{0x12, 0x1, 0x0, 0x3a, 0x98, 0x2a, 0x8, 0xccd, 0x10a3, 0x23a2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x57, 0x33, 0x19}}]}}]}}, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) r1 = socket$inet6_udp(0xa, 0x2, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'vlan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'bond0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0002000000000000140012800c0001006d6163766c616e000400028008000500", @ANYRES32=r3, @ANYBLOB="08d645001de66b66c460df1fc7e1770977be1c120c7b23cdcb292d74dbc80c61c41fab7af96bc699bb4329896542ce65db8ddbfda82fee84ea49b9d8fba8dc906c9b9a10c3be35f64ba2e2bfdd350affb250bbcf25eab69415051077e05f744869eaa5076644e3903b0ae84ed22ef1d165", @ANYRES32=r4], 0x44}, 0x1, 0x0, 0x0, 0x4c800}, 0x8001) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008108040f80ecdb4cb92e0a480e000f000000e8bd6efb250314000e000100240248ff050005001200", 0x2e}], 0x1}, 0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0x105240, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r6, 0x4058534c, &(0x7f0000000080)={0x80, 0x0, 0x2}) dup3(r6, r6, 0x0) listen(r0, 0x5d) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) listen(r7, 0x100) r8 = socket$inet(0xa, 0x801, 0x84) listen(r8, 0x8) r9 = socket$inet(0xa, 0x801, 0x84) listen(r9, 0x1) r10 = socket$inet6(0xa, 0x1, 0x8010000000000084) r11 = socket$inet(0xa, 0x801, 0x84) socket$inet6_sctp(0xa, 0x1, 0x84) listen(r10, 0x200100) listen(r11, 0x8) r12 = socket$netlink(0x10, 0x3, 0x4) writev(r12, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r12) 4.083081006s ago: executing program 4 (id=7998): r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405515, &(0x7f0000000080)={0x6, 0x0, 0x0, 0x0, 'syz0\x00'}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x1c, 0x2, 0x3, 0x301, 0x0, 0x0, {0x7, 0x0, 0x10d}, [@NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0xc4) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00') lseek(r2, 0x4, 0x0) getdents64(r2, 0xffffffffffffffff, 0x43) setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x3, 0x4, 0x1, 0x4}]}, 0x8) 4.004449229s ago: executing program 4 (id=7999): r0 = socket(0x10, 0x3, 0x0) syz_emit_ethernet(0x86, &(0x7f00000001c0)={@random="591a1d9a2bdb", @link_local={0x1, 0x80, 0xc2, 0x25}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @multicast1}, {0x0, 0x0, 0x64, 0x0, @wg=@response={0x220, 0x0, 0x0, "bfd8a5dd2002c02142c4391145badd28fd7f1a9aa8f6f3a6060ffc0e896f38da", "0b3d22b336984ffb47476e10c3ae64b1", {"5800010000080200", "524a72fc460b8cd26e095f24ab642591"}}}}}}}, 0x0) syz_usb_connect(0x0, 0x229, &(0x7f00000005c0)={{0x12, 0x1, 0x110, 0x2d, 0xec, 0xa1, 0x8, 0x45e, 0x401, 0x143d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x217, 0x2, 0x2, 0x7, 0xd0, 0x0, [{{0x9, 0x4, 0xdb, 0x7, 0xa, 0xfa, 0x12, 0x1c, 0x80, [], [{{0x9, 0x5, 0x0, 0x0, 0x8, 0x1, 0x14, 0x10, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0xda, 0x3}]}}, {{0x9, 0x5, 0xc, 0x0, 0x3ff, 0x7, 0x4}}, {{0x9, 0x5, 0xc, 0x4, 0x10, 0xb, 0xd, 0xf}}, {{0x9, 0x5, 0xd, 0x0, 0x3ff, 0x2, 0x90, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0xba, 0x507}, @generic={0xcc, 0xe, "115d1393dd8bbe8387a7881c9344234ca333f8c3aa51f898e086a47882edb49ba0913857376e841f5098652b05252c8fd25cb5d4b97c5ac74d6fdf86ed85c9fc5d4f9a1175d18635d7c7a6e0cf7b8e9c40fa6d696bab8b07312b626676fcee8bdfbf6e34d783be8549f9569711023ec20e6a4971d2828d78208fc156df1c7d406d648a3a39dd9d62be5c4b4bdef520a35fad3f578639dcc888320b0d0e908c8658bcdb9ef4e8c89503318643f982cc17df6c6fced1ca9d5542a3daa863da4a3b61f8c6c4af255c5ed5d7"}]}}, {{0x9, 0x5, 0xf, 0x1, 0x3ff, 0xf, 0x51, 0xc8}}, {{0x9, 0x5, 0xc, 0x1, 0x40, 0x9, 0x2, 0x71, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x6, 0x100}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x0, 0x529}]}}, {{0x9, 0x5, 0x9, 0xc, 0x3ff, 0x10, 0x2, 0xb5}}, {{0x9, 0x5, 0x4, 0x0, 0x20, 0x0, 0x8, 0xf4}}, {{0x9, 0x5, 0x1, 0x4, 0x20, 0x7, 0x3, 0x30, [@uac_iso={0x7, 0x25, 0x1, 0x4, 0x8}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x4, 0x3}]}}, {{0x9, 0x5, 0x1, 0x0, 0x8, 0x80, 0x1, 0xe}}]}}, {{0x9, 0x4, 0xfd, 0x9, 0x0, 0xe8, 0x7f, 0x44, 0x40, [@cdc_ecm={{0x9, 0x24, 0x6, 0x0, 0x0, "3e12e03b"}, {0x5, 0x24, 0x0, 0xfffd}, {0xd, 0x24, 0xf, 0x1, 0x362, 0x6, 0x9, 0x4}, [@obex={0x5, 0x24, 0x15, 0x8}, @obex={0x5, 0x24, 0x15, 0x26cf}, @obex={0x5}, @mdlm_detail={0x79, 0x24, 0x13, 0x5, "4694d8e2b79beb921ba3c626bdc68200d2ad753925fefa3e562359c64f2307bcf9fb7525dd05ed68580dec1d2006e655ff099b6df884f1305afb1217c4cd7d4f96e8a9cd980235cc93c295d9f328ea12f5d8991d01257870c35998a1660ebef49b70fa726f8898373c1f973dce1485834944a17b12"}]}, @hid_hid={0x9, 0x21, 0x8, 0x4, 0x1, {0x22, 0xcb5}}]}}]}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x310, 0x8a, 0x9, 0xb, 0x20, 0x5}, 0x5, &(0x7f00000000c0)={0x5, 0xf, 0x5}, 0x5, [{0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x443}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x816}}, {0x7b, &(0x7f0000000800)=@string={0x7b, 0x3, "5d760d85e958aebe2a353fa0c644eb4810dd2c2d16c528f49cbd1efc9511485999ba2b40728952e3716a49075ec420628f476f29a4aa584db50d0f78327ef8862163b93a5e334192d5d0babf5319f9447c3603ce94beaf1db2edd0f5a1129fc5371adcca775c00a3effa0980217a0b1f493c0c36bff4ff21bc"}}, {0xcf, &(0x7f0000003100)=ANY=[@ANYBLOB="cf03a36d3fc666a70d99245c4a23627fc42e5cfa2e0653de02400b63ff3eedf11cbbe0ddad42e0b0c495add4ac7747e69efd15995e254b831fc9f55db11da368b5748421168af557af75af8ac21d18ced87d729ba79881ddba1338cc363878bcf81c3a9749d2dd5300a4f2efd84b302eaf714de554bc981cb3274e187547a6aa2782c5d1ff0de6132d66f034560d2f69fc5aab0fc49c73d7358944ebb26702305b4e7c79a34dff2309000000c00d7a39e26a6c13b70e064d7ab84263c160ce26e5b313e88897d205d163157db308e8"]}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x1004}}]}) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYRESOCT=r0], 0x24}}, 0x401) r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r1, 0x80046402, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r1, 0x80046402, &(0x7f00000001c0)=0xb63e) recvmmsg$unix(r0, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f0000001bc0)=[{&(0x7f00000002c0)=""/88, 0x58}, {&(0x7f00000004c0)=""/253, 0xffffffffffffff7c}, {&(0x7f0000000a00)=""/4096, 0x1000}, {&(0x7f0000001a00)=""/196, 0xc4}, {&(0x7f0000001b00)=""/175, 0xaf}], 0x5}}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000001cc0)=""/208, 0xd0}, {0x0}, {&(0x7f0000001e40)=""/4096, 0x1000}, {&(0x7f0000000140)=""/123, 0x87}, {&(0x7f0000002f00)=""/219, 0x59}, {&(0x7f0000003000)=""/175, 0xaf}, {&(0x7f00000030c0)=""/55, 0x37}, {&(0x7f00000003c0)=""/68, 0x44}], 0x8}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0, 0x0) write(r0, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000080000000000", 0x14) 2.373591579s ago: executing program 1 (id=8000): rseq(0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000000, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSSOFTCAR(r1, 0x545c, 0x0) socket$nl_route(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r3 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @multicast1, @multicast1}, 0xc) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00000000c220b24f200012800b000100697036746e6c000010000280040013000500090029000000080004"], 0x48}}, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000240)={'dummy0\x00'}) socket$netlink(0x10, 0x3, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0xe) sendmmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x0, 0x0) unshare(0x68040200) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/slab', 0x0, 0x0) getdents(r5, &(0x7f0000000400)=""/239, 0xe1) r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(r6, 0xc0045002, &(0x7f00000000c0)) ioctl$SNDCTL_DSP_SETFMT(r6, 0xc0045005, &(0x7f0000000640)=0x40000) ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x20) ioctl$KVM_NMI(r5, 0xae9a) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f00000000c0)) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x5, 0x6, 0x7fe2, 0x42, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x8, 0x7fe2, 0x1, 0x41, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 2.35605235s ago: executing program 3 (id=8001): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1b96, 0xa, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000d40)={0x2c, &(0x7f0000000780)=ANY=[@ANYBLOB='\x00\x00\a\x00\x00\x00\a'], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$hidraw(&(0x7f0000000280), 0x0, 0x4a141) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x14, 0x0, &(0x7f0000000500)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, &(0x7f0000000140)={0x0, 0x21, 0x9, {0x9, 0x21, 0x4, 0x0, 0x1, {0x22, 0x892}}}}, &(0x7f0000000700)={0x18, &(0x7f0000000600)={0x20, 0x14, 0x3a, "7d04722499c4c3d79931ac86d91d6ff1565f8ad2b96ec19890783766ac31fa4076724df49ebee7df247f5ccc19651f5838d66793bf0617fabc3c"}, &(0x7f0000000200)={0x0, 0xa, 0x1}, 0x0, 0x0, 0x0}) pwritev(r1, &(0x7f0000000000)=[{&(0x7f0000000080)="56e5566b20", 0x5}], 0x1, 0xf739, 0x0) timer_create(0xfffffffd, 0x0, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, 0x0, 0x0) timer_getoverrun(r2) openat(0xffffffffffffff9c, &(0x7f0000000200)='.\x00', 0x0, 0x0) clock_gettime(0x5, &(0x7f00000000c0)) r3 = eventfd2(0x0, 0x0) write$eventfd(r3, &(0x7f0000000000)=0xfffffffffffffffe, 0x8) syz_io_uring_setup(0xf3b, &(0x7f0000000480), &(0x7f0000000080)=0x0, &(0x7f0000000540)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r5 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r5, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_opts(r5, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000040)='vlan0\x00', 0x10) connect$inet(r5, &(0x7f0000000080)={0x2, 0x0, @broadcast}, 0x10) setsockopt$inet_opts(r5, 0x0, 0x4, 0x0, 0x0) r6 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f0000000040)={0x204, 0xa, 0x4}) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) close_range(r7, 0xffffffffffffffff, 0x0) 1.820674635s ago: executing program 4 (id=8002): openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40142, 0x1ee) syz_usb_connect(0x2, 0x36, &(0x7f0000000a40)={{0x12, 0x1, 0x0, 0x40, 0xd0, 0x7d, 0x40, 0x1286, 0x1fa4, 0xfb16, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x70, 0x0, 0x2, 0xee, 0x67, 0x8, 0x0, [], [{{0x9, 0x5, 0xa, 0x2, 0x3ff, 0x1, 0x6, 0x2}}, {{0x9, 0x5, 0x2, 0x10, 0x400, 0x3, 0x3}}]}}]}}]}}, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000480)=ANY=[@ANYBLOB="ffffffffffe3ffffffffffff86dd600111fa00101100fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000e22"], 0x0) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, 0x0, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="480000005a00010026bd7000000000000a0000003200010066"], 0x48}}, 0x0) syz_open_procfs(0x0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x1000) r1 = socket$unix(0x1, 0x1, 0x0) ftruncate(0xffffffffffffffff, 0x97a9) bind$unix(r1, &(0x7f00000002c0)=@abs={0x1, 0x0, 0x4e21}, 0x6e) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc058534f, &(0x7f00000001c0)={{0xf}, 0x1}) 1.48660556s ago: executing program 1 (id=8003): r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) r1 = userfaultfd(0x801) r2 = memfd_secret(0x80000) pidfd_send_signal(r2, 0x0, &(0x7f0000000100)={0x3f, 0x8, 0x10}, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) sendmmsg$inet(r3, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0x0) r4 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000000), 0x121201, 0x0) r5 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r5, 0xc05c6104, &(0x7f00000000c0)={"0000ff9f", 0x0, 0x6, 0x1, 0x0, 0x0, "f759ca148624e13be71500", "00000600", "0000a7a5", "f859ad13", ["8bada981abb8509e6d495f00", "c2a4166a7985e08a3a3f0040", '\x00', "02db56e7381588019861dd62"]}) syz_io_uring_setup(0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$CEC_TRANSMIT(r5, 0xc0386105, &(0x7f0000000000)={0x7, 0x2, 0x1, 0x0, 0x0, 0x0, "9a343de96b89a5d4ff619f6c4068af9e", 0xc, 0x1, 0x6, 0x9, 0x3, 0x3, 0x5}) r6 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r6, 0x0, 0x80, &(0x7f00000001c0)=@filter={'filter\x00', 0xe, 0x0, 0xc0, [0x0, 0x20000040, 0x20000070, 0x200000a0], 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0002000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff00000000"]}, 0x110) r7 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) read$dsp(r7, &(0x7f0000000100)=""/54, 0x36) write$dsp(r4, &(0x7f00000001c0)="d2", 0x1) ioctl$SNDCTL_DSP_SYNC(r4, 0x5001, 0x0) read$dsp(r7, &(0x7f0000000140)=""/119, 0x77) ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000040)=0x8000) read$dsp(r7, &(0x7f00000000c0)=""/1, 0x1) setsockopt$TIPC_CONN_TIMEOUT(r3, 0x10f, 0x82, &(0x7f0000000000)=0x1, 0x4) ioctl$UFFDIO_WRITEPROTECT(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000800000/0x800000)=nil, 0x802000}, 0x2}) r8 = fcntl$dupfd(r1, 0x0, r1) ioctl$UFFDIO_CONTINUE(r8, 0xc018aa06, &(0x7f00000000c0)={{&(0x7f0000800000/0x800000)=nil, 0x800000}, 0x1}) write$rfkill(r2, &(0x7f0000000240)={0x3, 0x4, 0x0, 0x0, 0x1}, 0x8) move_pages(0x0, 0x1, &(0x7f0000000180)=[&(0x7f0000a7a000/0x3000)=nil], &(0x7f00000001c0)=[0x1], 0x0, 0x0) mmap$snddsp(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) 1.443853747s ago: executing program 0 (id=8004): r0 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc0f8565c, &(0x7f0000000180)={0xc04, 0x837df57a, 0x1, {0xd, @win={{0x1, 0x9, 0x0, 0x9}, 0x3, 0xf, 0x0, 0x3, 0x0, 0x9}}, 0x7}) (fail_nth: 1) 1.053494393s ago: executing program 4 (id=8005): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[], 0x30}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000380)="9c741b354f1701b40efc04b2035ba8510cc6e7ae4f463da4a07728ff54033aaf953a8ef9d1f4e2d42ae7dd88eec0afbb306da56f705443e3e771746f80200ba6c54aacdd1d13a25ef6507373a23aeb24dd3526887b4e303fbec46a8571f285c06520b5fb92bb1ad1853d37a025ed0b03845dbcf9cd0f6054d03651e48b1dadb1a32e08ded996c3d8eb1f8d02afd71e22274729a8f8173e838898d67acea52c8192f765c2b61849de74082a14c17d78fc392d247951d1171e11e75a9e19145d640225fb3e2b2c5d8ec7a7cc04fdf37f75882fcc2e4f050024db3edccabaaad30ff135e1078b83d3815b3f02a5d30e8f26ee8f6c1c6363136ab24552e0974bcab405e24164361ad3bbb8dca943eb1ae74f6b8a148118693763a7dd41ef4396781fb90270649aa30048b5e4b27667102b8f4e319ffa4e741b77aeb4bef7dd447e0d394f13cb3540c1dde44dd9a04ffb19295acb", 0x152}], 0x1, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x41, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x5}) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f00000004c0)={0x0, 0x5b, &(0x7f0000000480)={&(0x7f0000000240)={0x40, r5, 0x1, 0x0, 0x0, {0xc, 0x0, 0xffff}, [@ETHTOOL_A_FEATURES_WANTED={0x14, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}]}]}]}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team0\x00'}]}]}, 0x40}}, 0x0) 948.495989ms ago: executing program 0 (id=8006): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="020000000400000006000000aa0b000000000000", @ANYRES32, @ANYBLOB="000000364846c900"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r0}, 0x38) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r1) r3 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="180200000000000000000000000056a8850000001700000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x69, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r5, r4, 0x25, 0x2, @val=@tracing}, 0x40) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000ffffffff7a0af0fff8ffff5979a4f0ff00000000b7060000ffffffff2d6405000000000065040400014741001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000004000095000000000000006623848adf1dc9a764ab51a064e0ff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b01ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18eb7608d87b885297b6a79819782748b376358c33c9f53bfd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b77aafa63b9dd5fa5c53e9c37251709f1ff7f0000f07bf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd7e43fe1ca8345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1777b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d08428353b1c358ebe73af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d99000000110000fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b27113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d637d406160ffaffffffb4e0bde6749aa52c408b74250c14c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000013887ad6d2d440fedce51a3aa57b00ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc36d5aa23bff8cce0600fcff00000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68fd36a03353a55e68ec7c01bd5a2028a8fc107007f3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d90296171fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b44925129677b7b3d2f8e7792c7827862eae80134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2e20ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498d357836f03e8a7c392e535694a3ead2de11e6b1781e2a018c0ada7bc7f0eb2d678f23c07ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f60033fc32f68ea86a2df1e76fe27dfdff1cf9194849c4cc0da9533e5983693e526a7dc0d8728f3b573ca4427bdb44df9341e9b8050e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9247b51d92e0993af4beaf1f3f47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2402045cae150a7016f1a90716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed88631be6411f9927fe9f83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c277648475002e2c62681bd07331422a6e47bbd40857d52c4894944fae5c500000000000000ff00000000de784314b8fd419216b48d0f353c11ae185749fa9ac7dfa16bc5c23a23f74b17a7f1b2d799480f33faa3537a910d6ca02f48b0e69beb1119f106ea59195dbc72e17a5dc8c3d131d82f067e29dc39665dff39fb6347b374aaaf6e65efde3fc6202bf29ccfcb08caf18d668a462493aa82e76affba9c9af31d1c23237aa6eccfadfaf794bb1004c07b21ac6ed77718098b2f722bd05fea3561b86b2838a8de5b4f91d6aba95dc9f4464a024be4d0d8d04f5023e7e19e503624d39a43c7b310de519b40738ff9a623065c06d69d16d4a46ff300022fee47803989b7e916254e0fb9e1c8b07d8a4b8b692a75a32e6ed2caeaa7c258c47fe6143cd9e90b801eff78cd4e402374e0e4ca07b7f17254e3d2f0a2a1bac6fde8a15e3ef3588065524d41966fb3915e804c53201efee751ec294584d23d9008bdf046f55c030ab941a0b8723412127efb3eac0ccf68133c76770d5e7dabcc48d47685404cc540535ed70df75c24660d85f9c9a245185c7da217d1c3743db85db67b9b8a8f00af02367429f6f0b53c169c4356751bf68745dbde055e1722ae256ae53ae637a1431855d16dfa91d82a021a4b2dbb50bf6d59fdd0c9bc84cd7d544de2523b6ce8aaeb94bfba75079f7455204ccca02bd389d8409b2effe9b88e301ac4fe28752386a0678a3f54b2bdf56f927ddd6b0ac98b2b505f668597455ada51ba95ab852b49373a11ff31dcd82474b51498f65e0601bcdd23acb4c01bcd2f3e1ad378d14c07d923087d3518369710b70ffb0b523dc4f00f275c381fe1c091e478b04d5e4a9f75b4072acb005a83c25625ab7a351a68977177e27a1bf112114eb10250c2b9dca234f8967f0439696a2345e747b5f1d8c4bec86d8e8f2eb121ea0159615e7d475d45837921c2c0c3f9e683ac8000214a657c9f0a000000000000009e0b1a8c8f55f30e7c25275ed49b71828b375be03ef903cc8244b1269376d01b674cff9cb82eef0fe55c8b751053004ca6cef28d9a52c3771e9c73d03fdf74f48306560fb6cd86658afa895efa47f3a43e686df5b727ba4ec99620270334fce56c9f86b8a2c8aaede5a48a29b75734fbe1f59e43dc5a39b083848b0ebb14d845df7606e4d58f1a03f2dd337c3a10f3b15d388e43059aa88b42d26d4ccda6d60f996ed444d7f40e0cdbf69e11252a6c0e2d882d93b4f22dc95a191b1e6ff59d7880b4ce587f7ef05c46088268805cf089c4b3cd60cd3fc0c6d81fb2f961abcb0133f3f7a594b8475d6853b2e4fafc52a6851e8cfe1aebe3a4539634a54728921621dd17d6b5a98bf7fb50a5ed93d26ad1e8e5cf8b861ffb2937ca88f129ad24e9a6ef29507e534a9cb594c9274084dcc5b3fcbc267504dcf1b7878d7dc2fe1d23903b622ed2359480c29dd3301e0e"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000880), 0xfffffffffffffddd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r6, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x48, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r8 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000080)={r7}, 0x4) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={r8, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xffe4, 0xfffffffffffffda0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x4) r10 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181003100000000010000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x17}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r9, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r11 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000000)={'macsec0\x00', 0x0}) sendmsg$nl_route(r11, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r13}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACSEC_PORT={0x6, 0x8}, @IFLA_MACSEC_ENCRYPT={0x5}]}}}]}, 0x44}}, 0x0) r14 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00', 0x0}) sendmmsg$inet6(r14, &(0x7f0000002780)=[{{&(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000440)=[@pktinfo={{0x24, 0x29, 0x32, {@empty, r15}}}, @pktinfo={{0x24, 0x29, 0x32, {@private2, r15}}}], 0x50}}], 0x1, 0x0) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r1, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000880}, 0x4c00) r16 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r16, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x2c, 0x11, 0x0, 0x1, @meta={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8}, @NFTA_META_KEY={0x8}, @NFTA_META_SREG={0x8}]}}}]}], {0x14, 0x10}}, 0xb0}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000002c0)={'ip6gre0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="1810f4ff6700e9780083a0ca1ae7d46bb4e3000000000000000a00000000002000"], 0x18}}, 0x0) r17 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX_80211(r17, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r18, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0) 818.804463ms ago: executing program 4 (id=8007): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$getregset(0x4205, r0, 0x202, &(0x7f0000000240)={&(0x7f0000000180)=""/120, 0xffffffffffffff28}) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r1, &(0x7f0000000180)=""/97, 0x61) r2 = socket$key(0xf, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) sendmsg$key(r2, &(0x7f00000001c0)={0x500, 0x0, &(0x7f0000000040)={0x0}}, 0x4008040) r4 = openat$ttyS3(0xffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_opts(r5, 0x0, 0x4, &(0x7f0000000000)="89070404", 0x4) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10) sendto$inet(r5, 0x0, 0xfffe, 0x0, &(0x7f0000000080)={0x2, 0x4e23, @broadcast}, 0x10) r6 = dup(r4) ioctl$TCSETSW2(r6, 0x402c542c, 0x0) ioctl$TIOCMBIS(r6, 0x5416, &(0x7f0000000100)=0x7) r7 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r7, 0x0, 0x8, &(0x7f0000000240)=ANY=[], 0x1) getsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @broadcast}, 0x0, r8}) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000680)={0x1b, 0x0, 0x0, 0x3, 0x0, r3, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x3, 0x0, @void, @value, @void, @value}, 0x48) r9 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r9, 0x8933, 0x0) bind$can_j1939(r9, 0x0, 0x0) 652.377816ms ago: executing program 0 (id=8008): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x24, 0x3a, 0xb, 0x0, 0x0, {0x4}, [@nested={0x10, 0x0, 0x0, 0x1, [@typed={0xc, 0x8, 0x0, 0x0, @u64}]}]}, 0x24}}, 0x0) (fail_nth: 4) 264.651469ms ago: executing program 0 (id=8009): syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "3000bb", 0x10, 0x2b, 0x0, @private2, @local, {[], {0x0, 0x0, 0x10, 0x0, @gue={{0x2, 0x0, 0x3, 0x7f, 0x100, @val=0x80}}}}}}}}, 0x0) 260.488333ms ago: executing program 0 (id=8010): openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0xa2500, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000800)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x42}}, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r5 = dup2(r4, r4) r6 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r6, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) r7 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x10, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME={0xc, 0x8, 0x100000001}]}}]}, 0x40}}, 0x0) setsockopt$inet_mreqn(r6, 0x0, 0x20, &(0x7f0000000100)={@multicast2, @broadcast, r8}, 0x61) setsockopt$inet_mreqn(r6, 0x0, 0x28, &(0x7f0000000080)={@multicast1, @local}, 0xc) write$vhost_msg_v2(r5, &(0x7f0000000280)={0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2}}, 0x48) ioctl$RTC_UIE_ON(r5, 0x7003) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="39154ebc", @ANYRES16=r1, @ANYBLOB="010000000000000000006600000008000300", @ANYRES32=r3, @ANYBLOB="08002600940900000800b700000000000800a1000000100008009f0007000000"], 0x3c}}, 0x0) r10 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007e3dc410cd0621013ddd0102030109021b000100094000090485000189fe1f000905820220"], 0x0) syz_usb_ep_write$ath9k_ep1(r10, 0x82, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r10, &(0x7f0000000300)={0x14, 0x0, &(0x7f00000002c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) sendto$inet(r0, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9ecda75e2a7d49d5cbcb370c4d789390a328ba42c9c60cf2154d1b659aa709e8980a522cfb72f23", 0x59, 0x0, 0x0, 0x0) 96.52173ms ago: executing program 1 (id=8011): r0 = openat$vnet(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) read(r0, &(0x7f0000000040)=""/4, 0x4) (async) r1 = openat$vhost_vsock(0xffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0) (async) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000180)={0x0, 0xa0, &(0x7f00000000c0)=[@in6={0xa, 0x4e21, 0x8, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x10}}, 0x515}, @in6={0xa, 0x4e22, 0x8000, @local, 0x361d}, @in6={0xa, 0x4e24, 0x9, @remote, 0x10}, @in={0x2, 0x4e24, @loopback}, @in6={0xa, 0x4e23, 0x2, @private1, 0x5}, @in={0x2, 0x4e23, @remote}, @in={0x2, 0x4e24, @loopback}]}, &(0x7f00000001c0)=0xc) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000007c0)={&(0x7f0000000280)={0x514, r2, 0x400, 0x70bd28, 0x25dfdbff, {}, [@ETHTOOL_A_PRIVFLAGS_FLAGS={0x174, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0x9b, 0x5, "034d6a85e33dd63627dcdea0943009b3419aee3d172bf3b0a2f473c3801b3769130e95dd9a36dede2cec92f741d5e4feed94bf9a51fadb9bd6488dff82077dce8773ca908e73d8f6ad0e848bec10cf3af4e37377df426afe8acfcee78031e4a3a8b61464d85c05f1c77bc673d8666c487ea174313fa5b6b18fc5ed645c39a31569a10f018772f0ddd7ad449cf877447f518fa6296a99e3"}, @ETHTOOL_A_BITSET_MASK={0xd1, 0x5, "5062280b82d82981aa4ef4afa7d6556b82185a90972d46bc9b88b24d04025875c0d41d4ff4a4d99a7845769e2db4fa6dfb5a30e3e2b28502618113d1e352d72e10bed7ae1b575284abff382ae7e125dd7074d4de5732091ed5b511b8be19617a0636bcf99c598e3e32b89c92fccba3569ef0d4b6bddb659b04317fd697e0dc140651bdd8030d0a14d07ac60e8eac70151b0856f231c66db49df08f13539103dfae82d91b1683ba44ef91d7405aaabef41279b274cc2741a0d98c994c34146c0b0f763f33b94ef37349fa5dbdac"}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x240, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x120, 0x3, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, '^/-*%*\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xd1}, @ETHTOOL_A_BITSET_BIT_NAME={0x13, 0x2, '/dev/vhost-net\x00'}]}, {0x8, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '&/\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xa}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x8}]}, {0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x13, 0x2, '/dev/vhost-net\x00'}]}, {0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xf, 0x2, '\\$-+/.:!)^\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x15, 0x2, '/dev/vhost-vsock\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '\xff\xff'}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, '!&+!%\'\x00'}]}, {0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, ',,/!\"\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '-#\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1000}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xc}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}]}]}, @ETHTOOL_A_BITSET_BITS={0xa0, 0x3, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xfffff5f0}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, '::-#\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5d}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '!\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}]}]}, @ETHTOOL_A_BITSET_MASK={0xf, 0x5, "369a2d082cfea18522822c"}, @ETHTOOL_A_BITSET_MASK={0x43, 0x5, "95b5c63606488059ba49951ce6ac1a96981ef5bb07f6273e7fcc61580b25773f1a565ac47bf22ba89c092b8419fb43b9e05c7c46c7dc367c2041fce7ca9530"}, @ETHTOOL_A_BITSET_VALUE={0x28, 0x4, "fd052f76125e43f0b1eaa9157a5f32e11eb32d1cd2e57f4a7112d929a6022fcad266a148"}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x14c, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0xfc, 0x3, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3ff}]}, {0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x200}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x15, 0x2, '/dev/vhost-vsock\x00'}]}, {0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x26c}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x8, 0x2, '{\\!\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x962}]}, {0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xffffffff}, @ETHTOOL_A_BITSET_BIT_NAME={0x15, 0x2, '/dev/vhost-vsock\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x258}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '/\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x7, 0x2, '+\\\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x13, 0x2, '/dev/vhost-net\x00'}]}]}, @ETHTOOL_A_BITSET_VALUE={0x4a, 0x4, "33d17588d905ac8938ef7cf68ddcf196715cf73472a5d1cdf235bd96f1caea585d49b7e700e7b2158b014623a16b81685606488819bf27c7b2106ce9f67bd8e8c6b76f2093ea"}]}]}, 0x514}, 0x1, 0x0, 0x0, 0x800}, 0xc4) clock_adjtime(0x4, &(0x7f0000000840)={0x1, 0x8, 0x4, 0x5, 0xd4a0, 0x6, 0x8, 0x8, 0xfff, 0x4, 0x716abf65, 0x4, 0x2, 0x9, 0x9, 0xfff, 0x1, 0x6d, 0x5, 0x1, 0x5, 0x6, 0x4, 0x9, 0x9, 0x9}) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000900), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_MODIFY(r3, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x40, r4, 0x300, 0x70bd2d, 0x25dfdbfc, {}, [@L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x2}, @L2TP_ATTR_DATA_SEQ={0x5, 0x4, 0x40}, @L2TP_ATTR_UDP_CSUM={0x5}, @L2TP_ATTR_DEBUG={0x8}, @L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x8001}]}, 0x40}, 0x1, 0x0, 0x0, 0x24008014}, 0x8000) (async) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x2000002, 0x1010, r1, 0x20109000) (async) r5 = syz_open_dev$evdev(&(0x7f0000000a00), 0x5, 0xe0400) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000a40)=0x8c, 0x4) (async) syz_open_dev$video4linux(&(0x7f0000000a80), 0x6, 0x40040) (async) sendmsg$can_j1939(r5, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000ac0)="619f25bff35534bd5b3fcc5a6a82e49c5c4a34a067bbacd993bc41e7f3c715af0bbb78ea1c13135408c119", 0x2b}, 0x1, 0x0, 0x0, 0x20000004}, 0x20000000) (async) epoll_create1(0x80000) (async) r6 = dup3(r5, r5, 0x80000) setsockopt$inet_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f0000000b80)=0x1, 0x4) r7 = socket$inet(0x2, 0x80001, 0x1) (async) ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f0000000bc0)={"2ff62bb51c3084ad946f1435dbe3b6375bfa4023ce16a51b737e44a2b5c48f50517fd8089cd00280b21c2158dcafaa06f8b8bd24526f2a56d486e3eba423e685c2b927e2b300ddbb395d4f7aeba8d95cc7b1d619e785baf42b2e6aa486f5423fb15439b9847de1ca1723b1c56116b4c39ed474e45aba143052f54e222605b43ff70423a48ee88d2c0aba3d6a7f8cca22da05ce4c8ce5b0f2717fd8103f43fee6a178ff1653988389ce7efae68e9a09bd99d5a7bd86379e28c64a29c7fe75e5491ad5cf69fd03fb16d085e7dde2015b8f384ef2ee1a1804cf7420100486a2d43d1c8f6086299aa5e13856facc53070efb3195b13b996a8f7929242087957766681ee79561d1f237dc6e799fe8f30fa71bd2251ad7bd28bbe93761ef465a0348e12480ca76789d0ef555e69b408282c40195d72584bf99e7883258509dea04433e89ea78e3d2be21a0047310fd8680bceae68d7efa1ea8ad4ce8bc22a72fdce03231691795b8ba70207aa51d7b23695dcb9ce108420495106a018ddf0d2b0574c917126d3b010c1e615d4e14bbf7dcc7ebe2d11893db92fa0ef089acd1f1537612ace8589c100fa94871542663c0ee81f21f592499e60c5272b59bbcca12857022ed8e1171bb30b652e1a16cd53a8548db263774ba955fa320d6c4db1c9b3e4128e9a2d0d68b76633870dbdcbddd195f16241057763634551dcb55690e205bc927f841ccabe9e8f6a1ce0e0184c2108647280df19132f704802bef5e6e1530f8a1dce2b2a590ea0260f878f8c42a7ffa95c5202eea0fc49c9f584b4b8ce8ff52d16ff2791264470b87e7eaab0e516ca8cd60e9cdce7add22088a56e368085619ebe112439b2aa25641bcfdf2fe8ae6143c2c728de6ab5ed6e39ebe47d340b2baaf4b74eaa5130715c28723e5bcbcd60b6c81d536c0aa2b63f3e7403ab9dfdd618aa509b4cb93b94e336b40049879caaf3ec482014021ca04d477dbf8ac58022d32465812a817c8d6699667611ee1c7480ef761726b2bd061094830c492daefc440df49dc02a2228baddb142e5ba865601c2db7ef5cbc3c69d4b749ec1c00db00008f2426ab0eb9be249cc63cf7a92a1862fc9ffe53e28811bcecf7d600faa85aa01df776ee952e0dd50513cd417071c031efced1cdbd95b97681097c7e67ffbc162426a75784b5a6d5f552179e94f6fb8466212d127df3c134ab08724085b8d5c7b5f64a9fc1b1ba9182293fd778b072eb11fcea01c4e58c8da3ab444d01d2c838bdf7e90684b9532bc93affc95504b44f8670f9a93efa90481bd8c0d0c000149556f9b8097ecccc6766f83ec0399bc848182303d274400537f08ee733745afde1a8dc17bafb92ea7e7995571b16b5cdc9144f9b163d2733d8f776758c2355906020659c74774a31be575debbb6ea2daa612f8dcb7959c307b3787e520ae1f770d"}) (async) r8 = syz_genetlink_get_family_id$ipvs(&(0x7f0000001000), r6) sendmsg$IPVS_CMD_GET_DAEMON(r3, &(0x7f00000010c0)={&(0x7f0000000fc0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001080)={&(0x7f0000001040)={0x14, r8, 0x20, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x448c0}, 0x40000c0) r9 = gettid() ioctl$sock_FIOSETOWN(r7, 0x8901, &(0x7f0000001100)=r9) ioctl$DMA_BUF_IOCTL_SYNC(r6, 0x40086200, &(0x7f0000001140)=0x1) (async) openat$kvm(0xffffff9c, &(0x7f0000001180), 0x800, 0x0) (async) r10 = openat$vmci(0xffffff9c, &(0x7f00000011c0), 0x2, 0x0) ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r10, 0x7a6, &(0x7f0000001200)={0x2, 0x5, 0x8, 0xf, 0x98fa71d, 0x8001}) (async) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000001380)={&(0x7f0000001280)={0x10, 0x0, 0x0, 0x81}, 0xc, &(0x7f0000001340)={&(0x7f00000012c0)={0x54, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x7}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x1a}}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x3}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x2}, @NFQA_CFG_PARAMS={0x9, 0x2, {0x0, 0x2}}, @NFQA_CFG_PARAMS={0x9, 0x2, {0x7ff, 0x1}}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}, @NFQA_CFG_CMD={0x8, 0x1, {0x5, 0x0, 0x1f}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4040880}, 0x48000) 12.597097ms ago: executing program 1 (id=8012): openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f000000b000/0x2000)=nil}) ioctl$EVIOCSABS3F(0xffffffffffffffff, 0x401845ff, &(0x7f0000000100)={0xc, 0x2, 0x200, 0x2a, 0x2, 0x2}) r0 = fsopen(&(0x7f0000000000)='smb3\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='source', &(0x7f0000005fc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b0x0}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'bond0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0002000000000000140012800c0001006d6163766c616e000400028008000500", @ANYRES32=r3, @ANYBLOB="08d645001de66b66c460df1fc7e1770977be1c120c7b23cdcb292d74dbc80c61c41fab7af96bc699bb4329896542ce65db8ddbfda82fee84ea49b9d8fba8dc906c9b9a10c3be35f64ba2e2bfdd350affb250bbcf25eab69415051077e05f744869eaa5076644e3903b0ae84ed22ef1d165", @ANYRES32=r4], 0x44}, 0x1, 0x0, 0x0, 0x4c800}, 0x8001) r5 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008108040f80ecdb4cb92e0a480e000f000000e8bd6efb250314000e000100240248ff050005001200", 0x2e}], 0x1}, 0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0x105240, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r6, 0x4058534c, &(0x7f0000000080)={0x80, 0x0, 0x2}) dup3(r6, r6, 0x0) listen(r0, 0x5d) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) listen(r7, 0x100) r8 = socket$inet(0xa, 0x801, 0x84) listen(r8, 0x8) r9 = socket$inet(0xa, 0x801, 0x84) listen(r9, 0x1) r10 = socket$inet6(0xa, 0x1, 0x8010000000000084) r11 = socket$inet(0xa, 0x801, 0x84) socket$inet6_sctp(0xa, 0x1, 0x84) listen(r10, 0x200100) listen(r11, 0x8) r12 = socket$netlink(0x10, 0x3, 0x4) writev(r12, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r12) kernel console output (not intermixed with test programs): 0879][ T2974] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 2112.578024][ T2981] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7617'. [ 2112.605766][ T2974] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 2112.612515][ T2974] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 2112.638008][ T2981] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7617'. [ 2112.660489][ T2974] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 2112.668969][ T2974] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 2112.727466][ T2974] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 2112.735543][ T2974] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 2112.848338][ T1396] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2112.872647][ T1396] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2112.886634][ T2990] netlink: 72 bytes leftover after parsing attributes in process `syz.1.7618'. [ 2112.935783][ T1396] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2112.960230][ T1396] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2113.025318][ T2998] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7620'. [ 2113.353214][ T2692] usb 5-1: new high-speed USB device number 111 using dummy_hcd [ 2113.533497][ T2692] usb 5-1: Using ep0 maxpacket: 8 [ 2113.548677][ T2692] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 2113.562177][ T2692] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 2113.582489][ T2692] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 2113.594681][ T2692] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 2113.606103][ T2692] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 2113.619566][ T2692] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 2113.631394][ T2692] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 2113.647911][ T2692] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 2113.683106][ T2692] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 2113.713222][ T2692] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 2113.726577][ T2692] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 2113.734610][ T2692] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 2113.758844][ T2692] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 2113.783108][ T2692] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 2113.817041][ T2692] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 2113.835249][ T2692] usb 5-1: string descriptor 0 read error: -22 [ 2113.841541][ T2692] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 2113.873235][ T2692] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2113.898937][ T2692] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 2114.028098][ T3048] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2114.048031][ T3048] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2114.606440][ T3062] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2114.616934][ T3062] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2114.642763][ T3062] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2114.655439][ T3062] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2115.805227][ T3085] __nla_validate_parse: 3 callbacks suppressed [ 2115.805247][ T3085] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7636'. [ 2115.938226][ T3085] netlink: 24 bytes leftover after parsing attributes in process `syz.0.7636'. [ 2116.092506][ T3088] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7638'. [ 2116.118393][ T2692] usb 5-1: USB disconnect, device number 111 [ 2116.144235][ T3088] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7638'. [ 2116.274012][ T3097] netlink: 72 bytes leftover after parsing attributes in process `syz.1.7641'. [ 2116.324113][ T3100] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2116.338749][ T3100] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2116.366994][ T3100] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2116.384968][ T3100] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2116.535068][ T3107] loop9: detected capacity change from 0 to 7 [ 2116.541906][ T3107] Dev loop9: unable to read RDB block 7 [ 2116.553243][ T3107] loop9: unable to read partition table [ 2116.559339][ T3107] loop9: partition table beyond EOD, truncated [ 2116.568307][ T3107] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨â·û [ 2116.568307][ T3107] ) failed (rc=-5) [ 2116.586463][ T3107] netlink: 'syz.4.7646': attribute type 10 has an invalid length. [ 2116.596929][ T3107] netlink: 2 bytes leftover after parsing attributes in process `syz.4.7646'. [ 2116.606760][ T3107] team0: entered promiscuous mode [ 2116.611824][ T3107] team_slave_0: entered promiscuous mode [ 2116.620235][ T3107] team_slave_1: entered promiscuous mode [ 2116.627002][ T3107] bridge0: port 3(team0) entered blocking state [ 2116.633813][ T3107] bridge0: port 3(team0) entered disabled state [ 2116.640530][ T3107] team0: entered allmulticast mode [ 2116.645788][ T3107] team_slave_0: entered allmulticast mode [ 2116.652977][ T3107] team_slave_1: entered allmulticast mode [ 2116.660877][ T3107] bridge0: port 3(team0) entered blocking state [ 2116.667242][ T3107] bridge0: port 3(team0) entered forwarding state [ 2116.982229][ T3109] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7647'. [ 2117.005054][ T3109] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7647'. [ 2117.085297][ T3115] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7650'. [ 2117.106512][ T3115] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7650'. [ 2117.248634][ T3120] FAULT_INJECTION: forcing a failure. [ 2117.248634][ T3120] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2117.277182][ T3120] CPU: 1 UID: 0 PID: 3120 Comm: syz.4.7652 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2117.287923][ T3120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2117.298009][ T3120] Call Trace: [ 2117.301316][ T3120] [ 2117.304270][ T3120] dump_stack_lvl+0x241/0x360 [ 2117.308983][ T3120] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2117.314214][ T3120] ? __pfx__printk+0x10/0x10 [ 2117.318836][ T3120] ? __pfx_lock_release+0x10/0x10 [ 2117.323900][ T3120] should_fail_ex+0x3b0/0x4e0 [ 2117.328623][ T3120] _copy_to_user+0x2f/0xb0 [ 2117.333076][ T3120] video_usercopy+0xe5e/0x1180 [ 2117.337887][ T3120] ? __pfx___video_do_ioctl+0x10/0x10 [ 2117.343295][ T3120] ? __pfx_video_usercopy+0x10/0x10 [ 2117.348542][ T3120] ? __fget_files+0x29/0x470 [ 2117.353165][ T3120] v4l2_ioctl+0x189/0x1e0 [ 2117.357527][ T3120] v4l2_compat_ioctl32+0x1d7/0x260 [ 2117.362673][ T3120] __se_compat_sys_ioctl+0x510/0xc90 [ 2117.367990][ T3120] ? __pfx___se_compat_sys_ioctl+0x10/0x10 [ 2117.373837][ T3120] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 2117.379854][ T3120] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2117.386225][ T3120] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2117.392846][ T3120] ? lockdep_hardirqs_on+0x99/0x150 [ 2117.398083][ T3120] __do_fast_syscall_32+0xb4/0x110 [ 2117.403230][ T3120] ? exc_page_fault+0x590/0x8c0 [ 2117.408122][ T3120] do_fast_syscall_32+0x34/0x80 [ 2117.412987][ T3120] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2117.419333][ T3120] RIP: 0023:0xf7fdf579 [ 2117.423414][ T3120] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2117.443102][ T3120] RSP: 002b:00000000f576656c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 2117.451533][ T3120] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c008561c [ 2117.459694][ T3120] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 2117.467686][ T3120] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2117.475690][ T3120] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2117.484118][ T3120] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2117.492140][ T3120] [ 2117.513337][ T3117] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 2118.048602][ T3132] PKCS7: Unknown OID: [4] 5.25.264.112.81.102.117 [ 2118.061068][ T3132] PKCS7: Only support pkcs7_signedData type [ 2118.980380][ T3137] netlink: 'syz.0.7659': attribute type 11 has an invalid length. [ 2119.212174][ T3146] FAULT_INJECTION: forcing a failure. [ 2119.212174][ T3146] name failslab, interval 1, probability 0, space 0, times 0 [ 2119.226073][ T3146] CPU: 1 UID: 0 PID: 3146 Comm: syz.3.7662 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2119.236778][ T3146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2119.246859][ T3146] Call Trace: [ 2119.250130][ T3146] [ 2119.253059][ T3146] dump_stack_lvl+0x241/0x360 [ 2119.257750][ T3146] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2119.262946][ T3146] ? __pfx__printk+0x10/0x10 [ 2119.267552][ T3146] ? __kmalloc_node_noprof+0xb7/0x440 [ 2119.272941][ T3146] ? __pfx___might_resched+0x10/0x10 [ 2119.278246][ T3146] should_fail_ex+0x3b0/0x4e0 [ 2119.282928][ T3146] should_failslab+0xac/0x100 [ 2119.287793][ T3146] __kmalloc_node_noprof+0xdf/0x440 [ 2119.293012][ T3146] ? __kvmalloc_node_noprof+0x72/0x190 [ 2119.298485][ T3146] __kvmalloc_node_noprof+0x72/0x190 [ 2119.303773][ T3146] alloc_netdev_mqs+0x8ac/0x1000 [ 2119.308711][ T3146] rtnl_create_link+0x2f9/0xc20 [ 2119.313566][ T3146] rtnl_newlink+0x1423/0x20a0 [ 2119.318245][ T3146] ? rtnl_newlink+0xab1/0x20a0 [ 2119.323024][ T3146] ? __pfx_rtnl_newlink+0x10/0x10 [ 2119.328060][ T3146] ? __pfx___mutex_trylock_common+0x10/0x10 [ 2119.333966][ T3146] ? rcu_is_watching+0x15/0xb0 [ 2119.338749][ T3146] ? trace_contention_end+0x3c/0x120 [ 2119.344035][ T3146] ? __mutex_lock+0x2ef/0xd70 [ 2119.348720][ T3146] ? __pfx_lock_release+0x10/0x10 [ 2119.353759][ T3146] ? __pfx_rtnl_newlink+0x10/0x10 [ 2119.358784][ T3146] rtnetlink_rcv_msg+0x73f/0xcf0 [ 2119.363722][ T3146] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 2119.368840][ T3146] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2119.374302][ T3146] ? ref_tracker_free+0x643/0x7e0 [ 2119.379328][ T3146] netlink_rcv_skb+0x1e3/0x430 [ 2119.384094][ T3146] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2119.389558][ T3146] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2119.394856][ T3146] ? netlink_deliver_tap+0x2e/0x1b0 [ 2119.400053][ T3146] netlink_unicast+0x7f6/0x990 [ 2119.404851][ T3146] ? __pfx_netlink_unicast+0x10/0x10 [ 2119.410136][ T3146] ? __virt_addr_valid+0x183/0x530 [ 2119.415249][ T3146] ? __check_object_size+0x48e/0x900 [ 2119.420574][ T3146] netlink_sendmsg+0x8e4/0xcb0 [ 2119.425350][ T3146] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2119.430639][ T3146] ? __pfx_lock_release+0x10/0x10 [ 2119.435668][ T3146] ? aa_sock_msg_perm+0x91/0x160 [ 2119.440610][ T3146] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2119.445979][ T3146] __sock_sendmsg+0x221/0x270 [ 2119.450749][ T3146] ____sys_sendmsg+0x52a/0x7e0 [ 2119.455529][ T3146] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2119.460822][ T3146] __sys_sendmsg+0x292/0x380 [ 2119.465426][ T3146] ? __pfx___sys_sendmsg+0x10/0x10 [ 2119.470545][ T3146] ? __pfx_vfs_write+0x10/0x10 [ 2119.475335][ T3146] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2119.481928][ T3146] ? lockdep_hardirqs_on+0x99/0x150 [ 2119.487127][ T3146] __do_fast_syscall_32+0xb4/0x110 [ 2119.492239][ T3146] ? exc_page_fault+0x590/0x8c0 [ 2119.497116][ T3146] do_fast_syscall_32+0x34/0x80 [ 2119.501963][ T3146] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2119.508289][ T3146] RIP: 0023:0xf7fd3579 [ 2119.512353][ T3146] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2119.531968][ T3146] RSP: 002b:00000000f575656c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 2119.540402][ T3146] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000280 [ 2119.548373][ T3146] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2119.556337][ T3146] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2119.564306][ T3146] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2119.572292][ T3146] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2119.580287][ T3146] [ 2119.863191][ T3159] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2119.871994][ T3159] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2120.171001][ T3159] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2120.179944][ T3159] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2120.745765][ T3171] PKCS7: Unknown OID: [4] 5.25.264.112.81.102.117 [ 2120.754345][ T3171] PKCS7: Only support pkcs7_signedData type [ 2120.908167][ T3177] net_ratelimit: 3 callbacks suppressed [ 2120.908187][ T3177] dccp_invalid_packet: P.Data Offset(0) too small [ 2120.936451][ T3174] __nla_validate_parse: 7 callbacks suppressed [ 2120.936469][ T3174] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7670'. [ 2120.979502][ T3174] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7670'. [ 2121.517957][ T3188] netlink: 72 bytes leftover after parsing attributes in process `syz.3.7675'. [ 2121.673951][ T3190] FAULT_INJECTION: forcing a failure. [ 2121.673951][ T3190] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2121.698985][ T3190] CPU: 1 UID: 0 PID: 3190 Comm: syz.3.7676 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2121.709733][ T3190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2121.719819][ T3190] Call Trace: [ 2121.723127][ T3190] [ 2121.726081][ T3190] dump_stack_lvl+0x241/0x360 [ 2121.730810][ T3190] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2121.736013][ T3190] ? __pfx__printk+0x10/0x10 [ 2121.740636][ T3190] ? snprintf+0xda/0x120 [ 2121.744877][ T3190] should_fail_ex+0x3b0/0x4e0 [ 2121.749558][ T3190] _copy_to_user+0x2f/0xb0 [ 2121.753988][ T3190] simple_read_from_buffer+0xca/0x150 [ 2121.759383][ T3190] proc_fail_nth_read+0x1e9/0x250 [ 2121.764417][ T3190] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2121.769972][ T3190] ? rw_verify_area+0x55e/0x6f0 [ 2121.774824][ T3190] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2121.780368][ T3190] vfs_read+0x201/0xbc0 [ 2121.784519][ T3190] ? __pfx_lock_release+0x10/0x10 [ 2121.789578][ T3190] ? __pfx_vfs_read+0x10/0x10 [ 2121.794275][ T3190] ? __fget_files+0x3f3/0x470 [ 2121.798962][ T3190] ? fdget_pos+0x24e/0x320 [ 2121.803375][ T3190] ksys_read+0x183/0x2b0 [ 2121.807616][ T3190] ? __pfx_ksys_read+0x10/0x10 [ 2121.812376][ T3190] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2121.818958][ T3190] ? lockdep_hardirqs_on+0x99/0x150 [ 2121.824157][ T3190] __do_fast_syscall_32+0xb4/0x110 [ 2121.829259][ T3190] ? exc_page_fault+0x590/0x8c0 [ 2121.834121][ T3190] do_fast_syscall_32+0x34/0x80 [ 2121.838995][ T3190] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2121.845350][ T3190] RIP: 0023:0xf7fd3579 [ 2121.849449][ T3190] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2121.869087][ T3190] RSP: 002b:00000000f57565a0 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 2121.877606][ T3190] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5756620 [ 2121.885581][ T3190] RDX: 000000000000000f RSI: 00000000f745bff4 RDI: 0000000000000000 [ 2121.893566][ T3190] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 2121.901546][ T3190] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2121.909528][ T3190] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2121.917515][ T3190] [ 2122.093471][ T3198] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7679'. [ 2122.173423][ T29] audit: type=1326 audit(1729051800.853:1269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3195 comm="syz.3.7680" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x0 [ 2123.009430][ T3208] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7684'. [ 2123.042347][ T3208] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7684'. [ 2123.137588][ T3214] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7686'. [ 2123.154204][ T3214] netlink: 72 bytes leftover after parsing attributes in process `syz.3.7686'. [ 2123.197690][ T3217] dccp_invalid_packet: P.Data Offset(0) too small [ 2124.068378][ T3220] IPv6: Can't replace route, no match found [ 2124.510085][ T3229] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7692'. [ 2125.244568][ T3233] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2125.255062][ T3233] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2125.458126][ T3238] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7695'. [ 2125.574457][ T3245] dccp_invalid_packet: P.Data Offset(0) too small [ 2126.198959][ T3248] tipc: Started in network mode [ 2126.204055][ T3248] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 2126.217648][ T3251] loop9: detected capacity change from 0 to 7 [ 2126.224539][ T3248] tipc: New replicast peer: 0000:0000:0000:0000:0000:0001:0000:0000 [ 2126.233384][ T3251] Dev loop9: unable to read RDB block 7 [ 2126.239502][ T3248] tipc: Enabled bearer , priority 10 [ 2126.245933][ T3251] loop9: unable to read partition table [ 2126.251952][ T3251] loop9: partition table beyond EOD, truncated [ 2126.261064][ T3251] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨â·û [ 2126.261064][ T3251] ) failed (rc=-5) [ 2126.301136][ T3251] netlink: 'syz.0.7699': attribute type 10 has an invalid length. [ 2126.309143][ T3251] __nla_validate_parse: 2 callbacks suppressed [ 2126.309155][ T3251] netlink: 2 bytes leftover after parsing attributes in process `syz.0.7699'. [ 2126.327516][ T3251] team0: entered promiscuous mode [ 2126.332572][ T3251] team_slave_0: entered promiscuous mode [ 2126.340435][ T3251] team_slave_1: entered promiscuous mode [ 2126.347813][ T3251] bridge0: port 1(team0) entered blocking state [ 2126.364693][ T3251] bridge0: port 1(team0) entered disabled state [ 2126.382680][ T3251] team0: entered allmulticast mode [ 2126.388825][ T3251] team_slave_0: entered allmulticast mode [ 2126.395559][ T3251] team_slave_1: entered allmulticast mode [ 2126.449152][ T3251] bridge0: port 1(team0) entered blocking state [ 2126.455497][ T3251] bridge0: port 1(team0) entered forwarding state [ 2126.721989][ T3261] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7703'. [ 2127.255842][T12490] tipc: Node number set to 1 [ 2127.521045][ T3267] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7706'. [ 2127.532717][ T3267] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7706'. [ 2128.586757][ T3276] dccp_invalid_packet: P.Data Offset(0) too small [ 2129.355327][ T3291] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7717'. [ 2129.371075][ T3291] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7717'. [ 2129.492875][ T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2129.572352][ T3293] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2129.621999][ T3293] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2129.728333][ T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2130.002608][ T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2130.264026][T28882] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 2130.275482][T28882] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 2130.285014][T28882] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 2130.293127][T28882] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 2130.321937][ T3306] dccp_invalid_packet: P.Data Offset(0) too small [ 2130.397188][ T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2130.403224][T28882] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 2130.443597][T28882] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 2130.690823][ T3316] FAULT_INJECTION: forcing a failure. [ 2130.690823][ T3316] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2130.714346][ T3316] CPU: 1 UID: 0 PID: 3316 Comm: syz.0.7724 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2130.725080][ T3316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2130.735221][ T3316] Call Trace: [ 2130.738511][ T3316] [ 2130.741457][ T3316] dump_stack_lvl+0x241/0x360 [ 2130.746150][ T3316] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2130.751362][ T3316] ? __pfx__printk+0x10/0x10 [ 2130.755968][ T3316] ? snprintf+0xda/0x120 [ 2130.760215][ T3316] should_fail_ex+0x3b0/0x4e0 [ 2130.764901][ T3316] _copy_to_user+0x2f/0xb0 [ 2130.769315][ T3316] simple_read_from_buffer+0xca/0x150 [ 2130.774692][ T3316] proc_fail_nth_read+0x1e9/0x250 [ 2130.779731][ T3316] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2130.785296][ T3316] ? rw_verify_area+0x55e/0x6f0 [ 2130.790146][ T3316] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2130.795693][ T3316] vfs_read+0x201/0xbc0 [ 2130.799845][ T3316] ? __pfx_lock_release+0x10/0x10 [ 2130.804869][ T3316] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 2130.810405][ T3316] ? __pfx_vfs_read+0x10/0x10 [ 2130.815084][ T3316] ? __fget_files+0x3f3/0x470 [ 2130.819761][ T3316] ? fdget_pos+0x24e/0x320 [ 2130.824173][ T3316] ksys_read+0x183/0x2b0 [ 2130.828435][ T3316] ? __pfx_ksys_read+0x10/0x10 [ 2130.836239][ T3316] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2130.842825][ T3316] ? lockdep_hardirqs_on+0x99/0x150 [ 2130.848022][ T3316] __do_fast_syscall_32+0xb4/0x110 [ 2130.853142][ T3316] ? exc_page_fault+0x590/0x8c0 [ 2130.858014][ T3316] do_fast_syscall_32+0x34/0x80 [ 2130.862854][ T3316] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2130.869171][ T3316] RIP: 0023:0xf739d579 [ 2130.873240][ T3316] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2130.892870][ T3316] RSP: 002b:00000000f56865a0 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 2130.901285][ T3316] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f5686620 [ 2130.909251][ T3316] RDX: 000000000000000f RSI: 00000000f738bff4 RDI: 0000000000000000 [ 2130.917238][ T3316] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 2130.925290][ T3316] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2130.933257][ T3316] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2130.941240][ T3316] [ 2131.023781][ T11] team0: left allmulticast mode [ 2131.035076][ T11] team_slave_0: left allmulticast mode [ 2131.045653][ T11] team_slave_1: left allmulticast mode [ 2131.051416][ T11] bridge0: port 3(team0) entered disabled state [ 2131.071919][ T11] bridge_slave_1: left allmulticast mode [ 2131.082790][ T11] bridge_slave_1: left promiscuous mode [ 2131.090579][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 2131.207091][ T29] audit: type=1326 audit(1729051809.903:1270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3321 comm="syz.1.7727" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf745d579 code=0x0 [ 2131.264239][ T11] bridge_slave_0: left allmulticast mode [ 2131.270222][ T11] bridge_slave_0: left promiscuous mode [ 2131.277089][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 2132.263378][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2132.278070][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2132.289524][ T11] bond0 (unregistering): Released all slaves [ 2132.418965][ T11] tipc: Disabling bearer [ 2132.428761][ T11] tipc: Left network mode [ 2132.472271][ T3331] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7728'. [ 2132.536205][ T3331] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7728'. [ 2132.558593][ T3309] chnl_net:caif_netlink_parms(): no params data found [ 2132.573635][T13464] Bluetooth: hci1: command tx timeout [ 2132.865300][ T11] hsr_slave_0: left promiscuous mode [ 2132.871397][ T11] hsr_slave_1: left promiscuous mode [ 2132.893802][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2132.896955][ T3351] dccp_invalid_packet: P.Data Offset(0) too small [ 2132.901253][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2132.943725][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2132.960332][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2132.997001][ T11] veth1_macvtap: left promiscuous mode [ 2133.007310][ T11] veth0_macvtap: left promiscuous mode [ 2133.015388][ T11] veth1_vlan: left promiscuous mode [ 2133.020709][ T11] veth0_vlan: left promiscuous mode [ 2134.413747][ T11] team_slave_1 (unregistering): left promiscuous mode [ 2134.429275][ T11] team0 (unregistering): Port device team_slave_1 removed [ 2134.481804][ T11] team_slave_0 (unregistering): left promiscuous mode [ 2134.494753][ T11] team0 (unregistering): Port device team_slave_0 removed [ 2134.661617][T13464] Bluetooth: hci1: command tx timeout [ 2135.089078][ T3347] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7730'. [ 2135.262208][ T3309] bridge0: port 1(bridge_slave_0) entered blocking state [ 2135.287418][ T3309] bridge0: port 1(bridge_slave_0) entered disabled state [ 2135.324005][ T3377] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7738'. [ 2135.333567][ T3309] bridge_slave_0: entered allmulticast mode [ 2135.340674][ T3309] bridge_slave_0: entered promiscuous mode [ 2135.350723][ T3309] bridge0: port 2(bridge_slave_1) entered blocking state [ 2135.358497][ T3309] bridge0: port 2(bridge_slave_1) entered disabled state [ 2135.366894][ T3309] bridge_slave_1: entered allmulticast mode [ 2135.374485][ T3309] bridge_slave_1: entered promiscuous mode [ 2135.411431][ T3309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2135.435526][ T3377] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7738'. [ 2135.444530][ T3309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2135.529896][ T3309] team0: Port device team_slave_0 added [ 2135.566962][ T3309] team0: Port device team_slave_1 added [ 2135.603731][ T3383] dccp_invalid_packet: P.Data Offset(0) too small [ 2135.630480][ T3309] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2135.658297][ T3309] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2135.685357][ T3309] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2135.707792][ T3309] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2135.715168][ T3309] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2135.742637][ T3309] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2135.789006][ T3309] hsr_slave_0: entered promiscuous mode [ 2135.799970][ T3309] hsr_slave_1: entered promiscuous mode [ 2135.807090][ T3309] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2135.815373][ T3309] Cannot create hsr debugfs directory [ 2136.570732][ T3309] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 2136.620207][ T3309] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 2136.632085][ T3309] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 2136.657588][ T3309] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 2136.686068][ T3415] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2136.719742][ T3415] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2136.744267][T13464] Bluetooth: hci1: command tx timeout [ 2136.772592][ T29] audit: type=1326 audit(1729051815.463:1271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3414 comm="syz.3.7745" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x0 [ 2136.859632][ T3309] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2136.908889][ T3309] 8021q: adding VLAN 0 to HW filter on device team0 [ 2136.930690][ T973] bridge0: port 1(bridge_slave_0) entered blocking state [ 2136.937809][ T973] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2137.006432][ T973] bridge0: port 2(bridge_slave_1) entered blocking state [ 2137.013611][ T973] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2137.078353][ T3309] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2137.103208][ T3309] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2137.185988][ T3309] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2137.281688][ T3309] veth0_vlan: entered promiscuous mode [ 2137.291422][ T3309] veth1_vlan: entered promiscuous mode [ 2137.322380][ T3309] veth0_macvtap: entered promiscuous mode [ 2137.331973][ T3309] veth1_macvtap: entered promiscuous mode [ 2137.388454][ T3309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2137.412663][ T3309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2137.422760][ T3309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2137.446669][ T3309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2137.461372][ T3309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2137.473001][ T3309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2137.484270][ T3309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2137.500733][ T3309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2137.540964][ T3309] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2137.606732][ T3309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2137.625664][ T3309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2137.649142][ T3309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2137.718525][ T3309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2137.747388][ T3309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2137.777176][ T3309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2137.796885][ T3309] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2137.820631][ T3309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2137.855209][ T3309] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2137.900969][ T3309] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2137.926223][ T3309] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2137.955405][ T3309] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2137.982948][ T3309] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2138.177136][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2138.205123][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2138.260381][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2138.278113][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2138.584545][ T3458] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7747'. [ 2138.813246][T13464] Bluetooth: hci1: command tx timeout [ 2139.154663][ T3464] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7750'. [ 2139.164241][ T3466] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7750'. [ 2139.332555][ T3468] dccp_invalid_packet: P.Data Offset(0) too small [ 2139.874239][ T3477] FAULT_INJECTION: forcing a failure. [ 2139.874239][ T3477] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2139.887531][ T3477] CPU: 0 UID: 0 PID: 3477 Comm: syz.3.7755 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2139.898223][ T3477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2139.908288][ T3477] Call Trace: [ 2139.911566][ T3477] [ 2139.914498][ T3477] dump_stack_lvl+0x241/0x360 [ 2139.919179][ T3477] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2139.924373][ T3477] ? __pfx__printk+0x10/0x10 [ 2139.928962][ T3477] ? snprintf+0xda/0x120 [ 2139.933211][ T3477] should_fail_ex+0x3b0/0x4e0 [ 2139.937925][ T3477] _copy_to_user+0x2f/0xb0 [ 2139.942373][ T3477] simple_read_from_buffer+0xca/0x150 [ 2139.947782][ T3477] proc_fail_nth_read+0x1e9/0x250 [ 2139.952827][ T3477] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2139.958383][ T3477] ? rw_verify_area+0x55e/0x6f0 [ 2139.963239][ T3477] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2139.968799][ T3477] vfs_read+0x201/0xbc0 [ 2139.972958][ T3477] ? __pfx_lock_release+0x10/0x10 [ 2139.978003][ T3477] ? __pfx_vfs_read+0x10/0x10 [ 2139.982684][ T3477] ? __fget_files+0x3f3/0x470 [ 2139.987372][ T3477] ? fdget_pos+0x24e/0x320 [ 2139.991788][ T3477] ksys_read+0x183/0x2b0 [ 2139.996037][ T3477] ? __pfx_ksys_read+0x10/0x10 [ 2140.000802][ T3477] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2140.007393][ T3477] ? lockdep_hardirqs_on+0x99/0x150 [ 2140.012597][ T3477] __do_fast_syscall_32+0xb4/0x110 [ 2140.017707][ T3477] ? exc_page_fault+0x590/0x8c0 [ 2140.022561][ T3477] do_fast_syscall_32+0x34/0x80 [ 2140.027406][ T3477] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2140.033731][ T3477] RIP: 0023:0xf7fd3579 [ 2140.037795][ T3477] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2140.057405][ T3477] RSP: 002b:00000000f57565a0 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 2140.065820][ T3477] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5756620 [ 2140.073808][ T3477] RDX: 000000000000000f RSI: 00000000f745bff4 RDI: 0000000000000000 [ 2140.081786][ T3477] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 2140.089761][ T3477] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2140.097734][ T3477] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2140.105718][ T3477] [ 2140.202194][ T3481] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 2140.351512][ T3489] dccp_invalid_packet: P.Data Offset(0) too small [ 2140.422988][ T3492] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2140.441083][ T3492] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2140.475269][ T29] audit: type=1326 audit(1729051819.173:1272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3491 comm="syz.3.7762" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x0 [ 2141.578779][ T3499] netlink: 52 bytes leftover after parsing attributes in process `syz.4.7764'. [ 2141.659195][ T3505] binder: 3504:3505 ioctl 4018620d 0 returned -22 [ 2141.708305][ T3507] ip6_tunnel: non-ECT from 0000:0000:0000:0000:0000:ffff:7f00:0001 with DS=0x1 [ 2141.730960][ T3507] fuse: Bad value for 'fd' [ 2141.900970][ T3515] dccp_invalid_packet: P.Data Offset(0) too small [ 2142.166228][ T3524] FAULT_INJECTION: forcing a failure. [ 2142.166228][ T3524] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2142.184050][ T3524] CPU: 1 UID: 0 PID: 3524 Comm: syz.1.7775 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2142.194789][ T3524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2142.204873][ T3524] Call Trace: [ 2142.208151][ T3524] [ 2142.211095][ T3524] dump_stack_lvl+0x241/0x360 [ 2142.215807][ T3524] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2142.221035][ T3524] ? __pfx__printk+0x10/0x10 [ 2142.225661][ T3524] ? snprintf+0xda/0x120 [ 2142.230006][ T3524] should_fail_ex+0x3b0/0x4e0 [ 2142.234708][ T3524] _copy_to_user+0x2f/0xb0 [ 2142.239151][ T3524] simple_read_from_buffer+0xca/0x150 [ 2142.244530][ T3524] proc_fail_nth_read+0x1e9/0x250 [ 2142.249577][ T3524] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2142.255164][ T3524] ? rw_verify_area+0x55e/0x6f0 [ 2142.260054][ T3524] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2142.265628][ T3524] vfs_read+0x201/0xbc0 [ 2142.269789][ T3524] ? __pfx_lock_release+0x10/0x10 [ 2142.274828][ T3524] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 2142.280394][ T3524] ? __pfx_vfs_read+0x10/0x10 [ 2142.285077][ T3524] ? __fget_files+0x3f3/0x470 [ 2142.289781][ T3524] ? fdget_pos+0x24e/0x320 [ 2142.294237][ T3524] ksys_read+0x183/0x2b0 [ 2142.298512][ T3524] ? __pfx_ksys_read+0x10/0x10 [ 2142.303319][ T3524] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2142.309924][ T3524] ? lockdep_hardirqs_on+0x99/0x150 [ 2142.315142][ T3524] __do_fast_syscall_32+0xb4/0x110 [ 2142.320273][ T3524] ? exc_page_fault+0x590/0x8c0 [ 2142.325133][ T3524] do_fast_syscall_32+0x34/0x80 [ 2142.329995][ T3524] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2142.336333][ T3524] RIP: 0023:0xf745d579 [ 2142.340415][ T3524] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2142.360023][ T3524] RSP: 002b:00000000f57465a0 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 2142.368446][ T3524] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f5746620 [ 2142.376527][ T3524] RDX: 000000000000000f RSI: 00000000f744bff4 RDI: 0000000000000000 [ 2142.384518][ T3524] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 2142.392507][ T3524] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2142.400481][ T3524] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2142.408484][ T3524] [ 2142.548443][ T3529] binder: 3528:3529 ioctl 4018620d 0 returned -22 [ 2143.005407][ T3539] dccp_invalid_packet: P.Data Offset(0) too small [ 2143.564897][ T3555] binder: 3554:3555 ioctl 4018620d 0 returned -22 [ 2143.874151][ T3567] dccp_invalid_packet: P.Data Offset(0) too small [ 2143.971562][ T3569] FAULT_INJECTION: forcing a failure. [ 2143.971562][ T3569] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2143.992865][ T3569] CPU: 0 UID: 0 PID: 3569 Comm: syz.3.7792 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2144.003610][ T3569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2144.013692][ T3569] Call Trace: [ 2144.016988][ T3569] [ 2144.019939][ T3569] dump_stack_lvl+0x241/0x360 [ 2144.024651][ T3569] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2144.029873][ T3569] ? __pfx__printk+0x10/0x10 [ 2144.034528][ T3569] ? snprintf+0xda/0x120 [ 2144.038803][ T3569] should_fail_ex+0x3b0/0x4e0 [ 2144.043530][ T3569] _copy_to_user+0x2f/0xb0 [ 2144.047990][ T3569] simple_read_from_buffer+0xca/0x150 [ 2144.053395][ T3569] proc_fail_nth_read+0x1e9/0x250 [ 2144.058544][ T3569] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2144.064121][ T3569] ? rw_verify_area+0x55e/0x6f0 [ 2144.069007][ T3569] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2144.074582][ T3569] vfs_read+0x201/0xbc0 [ 2144.078769][ T3569] ? __pfx_lock_release+0x10/0x10 [ 2144.083837][ T3569] ? __pfx_vfs_read+0x10/0x10 [ 2144.088552][ T3569] ? __fget_files+0x3f3/0x470 [ 2144.093270][ T3569] ? fdget_pos+0x24e/0x320 [ 2144.097734][ T3569] ksys_read+0x183/0x2b0 [ 2144.102015][ T3569] ? __pfx_ksys_read+0x10/0x10 [ 2144.106809][ T3569] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2144.113427][ T3569] ? lockdep_hardirqs_on+0x99/0x150 [ 2144.118657][ T3569] __do_fast_syscall_32+0xb4/0x110 [ 2144.123803][ T3569] ? exc_page_fault+0x590/0x8c0 [ 2144.128688][ T3569] do_fast_syscall_32+0x34/0x80 [ 2144.133597][ T3569] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2144.139949][ T3569] RIP: 0023:0xf7fd3579 [ 2144.144038][ T3569] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2144.163678][ T3569] RSP: 002b:00000000f57565a0 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 2144.172135][ T3569] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5756620 [ 2144.180137][ T3569] RDX: 000000000000000f RSI: 00000000f745bff4 RDI: 0000000000000000 [ 2144.188227][ T3569] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 2144.196315][ T3569] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2144.204667][ T3569] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2144.212679][ T3569] [ 2144.535287][ T3573] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2144.555579][ T3573] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2144.595941][ T29] audit: type=1326 audit(1729051823.293:1273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3572 comm="syz.3.7794" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fd3579 code=0x0 [ 2144.709185][ T3577] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7795'. [ 2144.959615][ T3576] ebtables: wrong size: *len 264, entries_size 144, replsz 144 [ 2145.281811][ T3583] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 2145.288663][ T3583] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 2145.308308][ T3583] vhci_hcd vhci_hcd.0: Device attached [ 2145.322103][ T3587] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 2145.324252][ T3583] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 2145.334173][ T3587] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 2145.344126][ T3586] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 2145.368316][ T3584] vhci_hcd: connection closed [ 2145.382963][ T80] vhci_hcd: stop threads [ 2145.398797][ T80] vhci_hcd: release socket [ 2145.406068][ T80] vhci_hcd: disconnect device [ 2145.407403][ T3590] binder: 3589:3590 ioctl 4018620d 0 returned -22 [ 2145.535825][ T3596] dccp_invalid_packet: P.Data Offset(0) too small [ 2145.591072][ T3599] FAULT_INJECTION: forcing a failure. [ 2145.591072][ T3599] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2145.606626][ T3599] CPU: 0 UID: 0 PID: 3599 Comm: syz.0.7802 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2145.617356][ T3599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2145.627450][ T3599] Call Trace: [ 2145.630764][ T3599] [ 2145.633727][ T3599] dump_stack_lvl+0x241/0x360 [ 2145.638430][ T3599] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2145.643640][ T3599] ? __pfx__printk+0x10/0x10 [ 2145.648238][ T3599] ? __pfx_lock_release+0x10/0x10 [ 2145.653275][ T3599] should_fail_ex+0x3b0/0x4e0 [ 2145.657978][ T3599] _copy_from_iter+0x1ed/0x1d60 [ 2145.662830][ T3599] ? __virt_addr_valid+0x183/0x530 [ 2145.667953][ T3599] ? __pfx_lock_release+0x10/0x10 [ 2145.673007][ T3599] ? __alloc_skb+0x28f/0x440 [ 2145.677635][ T3599] ? __pfx__copy_from_iter+0x10/0x10 [ 2145.682948][ T3599] ? __virt_addr_valid+0x183/0x530 [ 2145.688086][ T3599] ? __virt_addr_valid+0x183/0x530 [ 2145.693214][ T3599] ? __virt_addr_valid+0x45f/0x530 [ 2145.698327][ T3599] ? __check_object_size+0x48e/0x900 [ 2145.703641][ T3599] netlink_sendmsg+0x73d/0xcb0 [ 2145.708427][ T3599] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2145.713729][ T3599] ? __pfx_lock_release+0x10/0x10 [ 2145.718777][ T3599] ? aa_sock_msg_perm+0x91/0x160 [ 2145.723724][ T3599] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2145.729009][ T3599] __sock_sendmsg+0x221/0x270 [ 2145.733695][ T3599] ____sys_sendmsg+0x52a/0x7e0 [ 2145.738477][ T3599] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2145.743772][ T3599] __sys_sendmsg+0x292/0x380 [ 2145.748365][ T3599] ? __pfx___sys_sendmsg+0x10/0x10 [ 2145.753482][ T3599] ? __pfx_vfs_write+0x10/0x10 [ 2145.758263][ T3599] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2145.764852][ T3599] ? lockdep_hardirqs_on+0x99/0x150 [ 2145.770050][ T3599] __do_fast_syscall_32+0xb4/0x110 [ 2145.775158][ T3599] ? exc_page_fault+0x590/0x8c0 [ 2145.780011][ T3599] do_fast_syscall_32+0x34/0x80 [ 2145.784861][ T3599] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2145.791203][ T3599] RIP: 0023:0xf739d579 [ 2145.795267][ T3599] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2145.814874][ T3599] RSP: 002b:00000000f568656c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 2145.823289][ T3599] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000140 [ 2145.831267][ T3599] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2145.839239][ T3599] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2145.847209][ T3599] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2145.855176][ T3599] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2145.863163][ T3599] [ 2147.566272][ T3611] binder: 3610:3611 ioctl 4018620d 0 returned -22 [ 2147.682140][ T3614] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7809'. [ 2148.517846][ T3618] dccp_invalid_packet: P.Data Offset(0) too small [ 2148.762864][ T3629] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2148.775625][ T3629] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2149.089586][ T3637] binder: 3636:3637 ioctl 4018620d 0 returned -22 [ 2149.137903][ T3639] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7819'. [ 2149.151135][ T3639] bridge0: port 1(team0) entered disabled state [ 2149.396388][ T3639] team0 (unregistering): left allmulticast mode [ 2149.402974][ T3639] team_slave_0: left allmulticast mode [ 2149.408544][ T3639] team_slave_1: left allmulticast mode [ 2149.414443][ T3639] bridge0: port 1(team0) entered disabled state [ 2149.423433][ T3639] team_slave_0: left promiscuous mode [ 2149.437705][ T3639] team0 (unregistering): Port device team_slave_0 removed [ 2149.445341][ T3639] team_slave_1: left promiscuous mode [ 2149.456078][ T3639] team0 (unregistering): Port device team_slave_1 removed [ 2149.497186][ T3644] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7821'. [ 2149.611213][ T3647] dccp_invalid_packet: P.Data Offset(0) too small [ 2150.077489][ T3665] FAULT_INJECTION: forcing a failure. [ 2150.077489][ T3665] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2150.107557][ T3665] CPU: 0 UID: 0 PID: 3665 Comm: syz.3.7827 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2150.118309][ T3665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2150.128396][ T3665] Call Trace: [ 2150.131699][ T3665] [ 2150.134652][ T3665] dump_stack_lvl+0x241/0x360 [ 2150.139349][ T3665] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2150.144558][ T3665] ? __pfx__printk+0x10/0x10 [ 2150.149176][ T3665] ? __pfx_lock_release+0x10/0x10 [ 2150.154239][ T3665] should_fail_ex+0x3b0/0x4e0 [ 2150.158952][ T3665] _copy_from_iter+0x1ed/0x1d60 [ 2150.163832][ T3665] ? __virt_addr_valid+0x183/0x530 [ 2150.168966][ T3665] ? __pfx_lock_release+0x10/0x10 [ 2150.174027][ T3665] ? __pfx__copy_from_iter+0x10/0x10 [ 2150.179353][ T3665] ? __virt_addr_valid+0x183/0x530 [ 2150.184582][ T3665] ? __virt_addr_valid+0x183/0x530 [ 2150.189727][ T3665] ? __virt_addr_valid+0x45f/0x530 [ 2150.194872][ T3665] ? __check_object_size+0x48e/0x900 [ 2150.200200][ T3665] netlink_sendmsg+0x73d/0xcb0 [ 2150.205010][ T3665] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2150.210325][ T3665] ? __pfx_lock_release+0x10/0x10 [ 2150.215379][ T3665] ? aa_sock_msg_perm+0x91/0x160 [ 2150.220329][ T3665] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2150.225620][ T3665] __sock_sendmsg+0x221/0x270 [ 2150.230307][ T3665] ____sys_sendmsg+0x52a/0x7e0 [ 2150.235086][ T3665] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2150.240392][ T3665] __sys_sendmsg+0x292/0x380 [ 2150.244985][ T3665] ? __pfx___sys_sendmsg+0x10/0x10 [ 2150.250108][ T3665] ? __pfx_vfs_write+0x10/0x10 [ 2150.254889][ T3665] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2150.261481][ T3665] ? lockdep_hardirqs_on+0x99/0x150 [ 2150.266687][ T3665] __do_fast_syscall_32+0xb4/0x110 [ 2150.271807][ T3665] ? exc_page_fault+0x590/0x8c0 [ 2150.276671][ T3665] do_fast_syscall_32+0x34/0x80 [ 2150.281519][ T3665] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2150.287936][ T3665] RIP: 0023:0xf7fd3579 [ 2150.292091][ T3665] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2150.311703][ T3665] RSP: 002b:00000000f573556c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 2150.320123][ T3665] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000080 [ 2150.328097][ T3665] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2150.336074][ T3665] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2150.344051][ T3665] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2150.352028][ T3665] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2150.360011][ T3665] [ 2150.412390][ T3667] binder: 3666:3667 ioctl 4018620d 0 returned -22 [ 2150.431192][ T3669] FAULT_INJECTION: forcing a failure. [ 2150.431192][ T3669] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2150.446086][ T3669] CPU: 1 UID: 0 PID: 3669 Comm: syz.3.7829 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2150.456808][ T3669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2150.466891][ T3669] Call Trace: [ 2150.470195][ T3669] [ 2150.473150][ T3669] dump_stack_lvl+0x241/0x360 [ 2150.477858][ T3669] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2150.483081][ T3669] ? __pfx__printk+0x10/0x10 [ 2150.487700][ T3669] ? __pfx_lock_release+0x10/0x10 [ 2150.492760][ T3669] should_fail_ex+0x3b0/0x4e0 [ 2150.497475][ T3669] _copy_from_iter+0x1ed/0x1d60 [ 2150.502341][ T3669] ? __virt_addr_valid+0x183/0x530 [ 2150.507464][ T3669] ? __pfx_lock_release+0x10/0x10 [ 2150.512510][ T3669] ? __alloc_skb+0x28f/0x440 [ 2150.517093][ T3669] ? __pfx__copy_from_iter+0x10/0x10 [ 2150.522373][ T3669] ? __virt_addr_valid+0x183/0x530 [ 2150.527477][ T3669] ? __virt_addr_valid+0x183/0x530 [ 2150.532575][ T3669] ? __virt_addr_valid+0x45f/0x530 [ 2150.537676][ T3669] ? __check_object_size+0x48e/0x900 [ 2150.542976][ T3669] netlink_sendmsg+0x73d/0xcb0 [ 2150.547782][ T3669] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2150.553107][ T3669] ? __pfx_lock_release+0x10/0x10 [ 2150.558161][ T3669] ? aa_sock_msg_perm+0x91/0x160 [ 2150.563111][ T3669] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2150.568420][ T3669] __sock_sendmsg+0x221/0x270 [ 2150.573103][ T3669] ____sys_sendmsg+0x52a/0x7e0 [ 2150.577877][ T3669] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2150.583176][ T3669] __sys_sendmsg+0x292/0x380 [ 2150.587772][ T3669] ? __pfx___sys_sendmsg+0x10/0x10 [ 2150.592896][ T3669] ? __pfx_vfs_write+0x10/0x10 [ 2150.597686][ T3669] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2150.604402][ T3669] ? lockdep_hardirqs_on+0x99/0x150 [ 2150.609603][ T3669] __do_fast_syscall_32+0xb4/0x110 [ 2150.614715][ T3669] ? exc_page_fault+0x590/0x8c0 [ 2150.619575][ T3669] do_fast_syscall_32+0x34/0x80 [ 2150.624426][ T3669] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2150.630758][ T3669] RIP: 0023:0xf7fd3579 [ 2150.634824][ T3669] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2150.654437][ T3669] RSP: 002b:00000000f575656c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 2150.662857][ T3669] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 2150.670857][ T3669] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2150.678829][ T3669] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2150.686799][ T3669] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2150.694770][ T3669] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2150.702753][ T3669] [ 2150.856054][ T3675] dccp_invalid_packet: P.Data Offset(0) too small [ 2151.146688][ T3684] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7837'. [ 2151.269292][T13103] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2151.388032][T13103] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2151.464828][T28882] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 2151.481837][T28882] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 2151.505001][T28882] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 2151.509959][T13103] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2151.521249][T28882] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 2151.532506][T28882] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 2151.542744][T28882] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 2151.594044][T13103] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2151.737116][T13103] bridge_slave_1: left allmulticast mode [ 2151.742920][T13103] bridge_slave_1: left promiscuous mode [ 2151.749065][T13103] bridge0: port 2(bridge_slave_1) entered disabled state [ 2151.759853][T13103] bridge_slave_0: left allmulticast mode [ 2151.766607][T13103] bridge_slave_0: left promiscuous mode [ 2151.774420][T13103] bridge0: port 1(bridge_slave_0) entered disabled state [ 2152.312792][T13103] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2152.327016][T13103] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2152.339426][T13103] bond0 (unregistering): Released all slaves [ 2152.352972][ T3687] chnl_net:caif_netlink_parms(): no params data found [ 2152.547985][ T3687] bridge0: port 1(bridge_slave_0) entered blocking state [ 2152.557351][ T3687] bridge0: port 1(bridge_slave_0) entered disabled state [ 2152.572601][ T3687] bridge_slave_0: entered allmulticast mode [ 2152.580466][ T3687] bridge_slave_0: entered promiscuous mode [ 2152.594832][ T3703] dccp_invalid_packet: P.Data Offset(0) too small [ 2152.600610][ T3687] bridge0: port 2(bridge_slave_1) entered blocking state [ 2152.611545][ T3687] bridge0: port 2(bridge_slave_1) entered disabled state [ 2152.621584][ T3687] bridge_slave_1: entered allmulticast mode [ 2152.629054][ T3687] bridge_slave_1: entered promiscuous mode [ 2152.706331][ T3687] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2152.727880][ T3687] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2152.787580][T13103] hsr_slave_0: left promiscuous mode [ 2152.799842][T13103] hsr_slave_1: left promiscuous mode [ 2152.809816][T13103] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2152.818709][T13103] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2152.827322][T13103] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2152.835082][T13103] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2152.872665][T13103] veth1_macvtap: left promiscuous mode [ 2152.879882][T13103] veth0_macvtap: left promiscuous mode [ 2152.888458][T13103] veth1_vlan: left promiscuous mode [ 2152.900248][T13103] veth0_vlan: left promiscuous mode [ 2153.600450][T13103] team0 (unregistering): Port device team_slave_1 removed [ 2153.630264][T13464] Bluetooth: hci4: command tx timeout [ 2153.666306][T13103] team0 (unregistering): Port device team_slave_0 removed [ 2154.251058][ T3729] netlink: 72 bytes leftover after parsing attributes in process `syz.0.7848'. [ 2154.416923][ T3687] team0: Port device team_slave_0 added [ 2154.429773][ T3687] team0: Port device team_slave_1 added [ 2154.510151][ T3687] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2154.517321][ T3687] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2154.568796][ T3687] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2154.585459][ T3687] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2154.593378][ T3687] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2154.640878][ T3687] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2154.716047][ T3687] hsr_slave_0: entered promiscuous mode [ 2154.722501][ T3687] hsr_slave_1: entered promiscuous mode [ 2154.740288][ T3687] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2154.761973][ T3687] Cannot create hsr debugfs directory [ 2154.767934][ T3735] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7850'. [ 2155.359452][ T3687] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 2155.402962][ T3687] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 2155.414703][ T3687] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 2155.435975][ T3687] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 2155.530099][ T3762] dccp_invalid_packet: P.Data Offset(0) too small [ 2155.575928][ T3687] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2155.598274][ T3687] 8021q: adding VLAN 0 to HW filter on device team0 [ 2155.609703][ T973] bridge0: port 1(bridge_slave_0) entered blocking state [ 2155.616910][ T973] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2155.638808][T29021] bridge0: port 2(bridge_slave_1) entered blocking state [ 2155.646003][T29021] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2155.693231][T13464] Bluetooth: hci4: command tx timeout [ 2155.757624][ T3687] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2155.830587][ T3687] veth0_vlan: entered promiscuous mode [ 2155.850195][ T3687] veth1_vlan: entered promiscuous mode [ 2155.901749][ T3687] veth0_macvtap: entered promiscuous mode [ 2155.930925][ T3687] veth1_macvtap: entered promiscuous mode [ 2155.962374][ T3687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2155.980405][ T3687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2155.990674][ T3687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2156.007640][ T3687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2156.018819][ T3687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2156.036518][ T3687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2156.048642][ T3687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2156.065654][ T3687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2156.081076][ T3687] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2156.107029][ T3687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2156.119838][ T3687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2156.137574][ T3687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2156.150506][ T3687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2156.166794][ T3687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2156.182037][ T3687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2156.197837][ T3687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2156.208765][ T3687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2156.226504][ T3687] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2156.245880][ T3687] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2156.261160][ T3687] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2156.271239][ T3687] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2156.287900][ T3687] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2156.424890][ T973] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2156.432766][ T973] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2156.498605][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2156.518129][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2156.652542][ T3807] binder: 3805:3807 ioctl 4018620d 0 returned -22 [ 2156.886347][ T3813] netlink: 72 bytes leftover after parsing attributes in process `syz.3.7857'. [ 2156.931953][ T3815] FAULT_INJECTION: forcing a failure. [ 2156.931953][ T3815] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2156.949427][ T3815] CPU: 1 UID: 0 PID: 3815 Comm: syz.3.7858 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2156.960127][ T3815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2156.970184][ T3815] Call Trace: [ 2156.973456][ T3815] [ 2156.976388][ T3815] dump_stack_lvl+0x241/0x360 [ 2156.981065][ T3815] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2156.986259][ T3815] ? __pfx__printk+0x10/0x10 [ 2156.990844][ T3815] ? __pfx_lock_release+0x10/0x10 [ 2156.995889][ T3815] should_fail_ex+0x3b0/0x4e0 [ 2157.000606][ T3815] _copy_from_iter+0x1ed/0x1d60 [ 2157.005470][ T3815] ? __virt_addr_valid+0x183/0x530 [ 2157.010596][ T3815] ? __pfx_lock_release+0x10/0x10 [ 2157.015628][ T3815] ? __alloc_skb+0x28f/0x440 [ 2157.020213][ T3815] ? __pfx__copy_from_iter+0x10/0x10 [ 2157.025497][ T3815] ? __virt_addr_valid+0x183/0x530 [ 2157.030604][ T3815] ? __virt_addr_valid+0x183/0x530 [ 2157.035735][ T3815] ? __virt_addr_valid+0x45f/0x530 [ 2157.040933][ T3815] ? __check_object_size+0x48e/0x900 [ 2157.046218][ T3815] netlink_sendmsg+0x73d/0xcb0 [ 2157.051008][ T3815] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2157.056300][ T3815] ? __pfx_lock_release+0x10/0x10 [ 2157.061334][ T3815] ? aa_sock_msg_perm+0x91/0x160 [ 2157.066277][ T3815] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2157.071557][ T3815] __sock_sendmsg+0x221/0x270 [ 2157.076235][ T3815] ____sys_sendmsg+0x52a/0x7e0 [ 2157.081002][ T3815] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2157.086295][ T3815] __sys_sendmsg+0x292/0x380 [ 2157.090902][ T3815] ? __pfx___sys_sendmsg+0x10/0x10 [ 2157.096130][ T3815] ? __pfx_vfs_write+0x10/0x10 [ 2157.100936][ T3815] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2157.107536][ T3815] ? lockdep_hardirqs_on+0x99/0x150 [ 2157.112740][ T3815] __do_fast_syscall_32+0xb4/0x110 [ 2157.117864][ T3815] ? exc_page_fault+0x590/0x8c0 [ 2157.122724][ T3815] do_fast_syscall_32+0x34/0x80 [ 2157.127571][ T3815] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2157.133897][ T3815] RIP: 0023:0xf7f01579 [ 2157.137968][ T3815] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2157.157583][ T3815] RSP: 002b:00000000f568656c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 2157.165998][ T3815] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 2157.173966][ T3815] RDX: 0000000000040000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2157.181934][ T3815] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2157.189905][ T3815] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2157.197873][ T3815] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2157.205856][ T3815] [ 2157.208892][ C1] vkms_vblank_simulate: vblank timer overrun [ 2157.699024][ T3827] dccp_invalid_packet: P.Data Offset(0) too small [ 2157.773313][T13464] Bluetooth: hci4: command tx timeout [ 2158.468802][ T3833] binder: 3832:3833 ioctl 4018620d 0 returned -22 [ 2158.572887][ T3837] netlink: 72 bytes leftover after parsing attributes in process `syz.0.7867'. [ 2159.621347][ T973] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2159.775695][ T973] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2159.868412][ T973] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2159.879873][T28882] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 2159.891223][T28882] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 2159.901995][T28882] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 2159.919476][T28882] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 2159.942016][T28882] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 2159.943750][ T973] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2159.964743][T28882] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 2160.098810][ T973] bridge_slave_1: left allmulticast mode [ 2160.105439][ T973] bridge_slave_1: left promiscuous mode [ 2160.111905][ T973] bridge0: port 2(bridge_slave_1) entered disabled state [ 2160.123880][ T973] bridge_slave_0: left allmulticast mode [ 2160.129535][ T973] bridge_slave_0: left promiscuous mode [ 2160.138559][ T973] bridge0: port 1(bridge_slave_0) entered disabled state [ 2160.576765][ T973] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2160.590413][ T973] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2160.601476][ T973] bond0 (unregistering): Released all slaves [ 2160.663742][ T1263] ieee802154 phy0 wpan0: encryption failed: -22 [ 2160.670134][ T1263] ieee802154 phy1 wpan1: encryption failed: -22 [ 2161.077864][ T3851] chnl_net:caif_netlink_parms(): no params data found [ 2161.311437][ T973] hsr_slave_0: left promiscuous mode [ 2161.331937][ T973] hsr_slave_1: left promiscuous mode [ 2161.358572][ T973] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2161.366325][ T973] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2161.375905][ T973] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2161.385298][ T973] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2161.426862][ T973] veth1_macvtap: left promiscuous mode [ 2161.432691][ T973] veth0_macvtap: left promiscuous mode [ 2161.445929][ T973] veth1_vlan: left promiscuous mode [ 2161.451261][ T973] veth0_vlan: left promiscuous mode [ 2161.783904][T13464] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 2161.798442][T13464] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 2161.808667][T13464] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 2161.822234][T13464] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 2161.842966][T13464] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 2161.843338][ T3876] binder: 3873:3876 ioctl 4018620d 0 returned -22 [ 2161.856788][T13464] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 2162.013175][T13464] Bluetooth: hci4: command tx timeout [ 2162.340240][ T973] team0 (unregistering): Port device team_slave_1 removed [ 2162.394833][ T973] team0 (unregistering): Port device team_slave_0 removed [ 2163.080567][ T3888] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7880'. [ 2163.138599][ T3851] bridge0: port 1(bridge_slave_0) entered blocking state [ 2163.150390][ T3851] bridge0: port 1(bridge_slave_0) entered disabled state [ 2163.164894][ T3851] bridge_slave_0: entered allmulticast mode [ 2163.171627][ T3851] bridge_slave_0: entered promiscuous mode [ 2163.183860][ T3851] bridge0: port 2(bridge_slave_1) entered blocking state [ 2163.191469][ T3851] bridge0: port 2(bridge_slave_1) entered disabled state [ 2163.202625][ T3851] bridge_slave_1: entered allmulticast mode [ 2163.210142][ T3851] bridge_slave_1: entered promiscuous mode [ 2163.303683][ T3851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2163.384685][ T3851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2163.522209][ T3851] team0: Port device team_slave_0 added [ 2163.546506][ T3851] team0: Port device team_slave_1 added [ 2163.646410][ T3851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2163.661609][ T3851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2163.695499][ T3851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2163.720313][ T3851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2163.741197][ T3851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2163.768444][ T3851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2163.806398][ T3878] chnl_net:caif_netlink_parms(): no params data found [ 2163.864249][ T973] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2163.919164][ T3851] hsr_slave_0: entered promiscuous mode [ 2163.932729][ T3851] hsr_slave_1: entered promiscuous mode [ 2163.938721][T13464] Bluetooth: hci0: command tx timeout [ 2163.946847][ T3851] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2163.955447][ T3851] Cannot create hsr debugfs directory [ 2164.003473][ T973] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2164.019637][ T3878] bridge0: port 1(bridge_slave_0) entered blocking state [ 2164.028172][ T3878] bridge0: port 1(bridge_slave_0) entered disabled state [ 2164.035883][ T3878] bridge_slave_0: entered allmulticast mode [ 2164.042585][ T3878] bridge_slave_0: entered promiscuous mode [ 2164.070548][ T3878] bridge0: port 2(bridge_slave_1) entered blocking state [ 2164.081129][ T3878] bridge0: port 2(bridge_slave_1) entered disabled state [ 2164.088846][ T3878] bridge_slave_1: entered allmulticast mode [ 2164.098206][T13464] Bluetooth: hci4: command tx timeout [ 2164.105156][ T3878] bridge_slave_1: entered promiscuous mode [ 2164.130093][ T973] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2164.193607][ T3878] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2164.244492][ T973] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2164.271257][ T3878] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2164.364229][ T3878] team0: Port device team_slave_0 added [ 2164.389099][ T3878] team0: Port device team_slave_1 added [ 2164.463806][ T3878] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2164.474208][ T3878] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2164.502696][ T3878] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2164.548144][ T3878] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2164.565168][ T3878] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2164.620104][ T3878] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2164.742885][ T3878] hsr_slave_0: entered promiscuous mode [ 2164.755236][ T3878] hsr_slave_1: entered promiscuous mode [ 2164.761265][ T3878] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2164.769760][ T3878] Cannot create hsr debugfs directory [ 2164.819063][ T973] bridge_slave_1: left allmulticast mode [ 2164.825450][ T973] bridge_slave_1: left promiscuous mode [ 2164.831422][ T973] bridge0: port 2(bridge_slave_1) entered disabled state [ 2164.841541][ T973] bridge_slave_0: left allmulticast mode [ 2164.848700][ T973] bridge_slave_0: left promiscuous mode [ 2164.855857][ T973] bridge0: port 1(bridge_slave_0) entered disabled state [ 2165.291437][ T973] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2165.302374][ T973] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2165.313544][ T973] bond0 (unregistering): Released all slaves [ 2165.684201][ T973] hsr_slave_0: left promiscuous mode [ 2165.690415][ T973] hsr_slave_1: left promiscuous mode [ 2165.703998][ T973] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2165.719024][ T973] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2165.730783][ T973] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2165.743291][ T973] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2165.791001][ T973] veth1_macvtap: left promiscuous mode [ 2165.816874][ T973] veth0_macvtap: left promiscuous mode [ 2165.822535][ T973] veth1_vlan: left promiscuous mode [ 2165.860723][ T973] veth0_vlan: left promiscuous mode [ 2165.923764][ T3948] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7884'. [ 2165.966436][ T3948] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7884'. [ 2166.013239][T13464] Bluetooth: hci0: command tx timeout [ 2166.183521][T13464] Bluetooth: hci4: command tx timeout [ 2166.570023][ T3963] binder: 3962:3963 ioctl 4018620d 0 returned -22 [ 2166.777415][ T973] team0 (unregistering): Port device team_slave_1 removed [ 2166.847514][ T973] team0 (unregistering): Port device team_slave_0 removed [ 2167.496352][ T3970] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7892'. [ 2167.709207][ T3851] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 2167.721136][ T3851] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 2167.741923][ T3851] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 2167.838149][ T3851] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 2168.093790][T13464] Bluetooth: hci0: command tx timeout [ 2168.118185][ T3851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2168.138820][ T3851] 8021q: adding VLAN 0 to HW filter on device team0 [ 2168.168099][T29021] bridge0: port 1(bridge_slave_0) entered blocking state [ 2168.175321][T29021] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2168.214604][T29021] bridge0: port 2(bridge_slave_1) entered blocking state [ 2168.221761][T29021] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2168.263278][T13464] Bluetooth: hci4: command tx timeout [ 2168.315191][ T3851] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2168.393569][ T3851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2168.400671][ T3878] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 2168.428842][ T3878] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 2168.452542][ T3878] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 2168.492369][ T3878] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 2168.504100][ T3851] veth0_vlan: entered promiscuous mode [ 2168.519149][ T3851] veth1_vlan: entered promiscuous mode [ 2168.598498][ T3851] veth0_macvtap: entered promiscuous mode [ 2168.617215][ T3851] veth1_macvtap: entered promiscuous mode [ 2168.666311][ T3851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2168.681509][ T3851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2168.693371][ T3851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2168.704190][ T3851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2168.717697][ T3851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2168.728628][ T3851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2168.740681][ T3851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2168.752139][ T3851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2168.764328][ T3851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2168.776081][ T3851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2168.790384][ T3851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2168.805223][ T3851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2168.819606][ T3851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2168.843554][ T3851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2168.865469][ T3851] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2168.877096][ T3851] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2168.888178][ T3851] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2168.897590][ T3851] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2168.912268][ T3878] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2168.987480][ T3878] 8021q: adding VLAN 0 to HW filter on device team0 [ 2169.026839][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 2169.034024][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2169.057602][T13103] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2169.069590][ T973] bridge0: port 2(bridge_slave_1) entered blocking state [ 2169.076777][ T973] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2169.077039][T13103] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2169.159976][ T973] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2169.170872][ T3878] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2169.174398][ T973] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2169.232936][ T3878] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2169.272085][ T4008] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7873'. [ 2169.300207][ T4008] bond_slave_0: entered promiscuous mode [ 2169.306002][ T4008] bond_slave_1: entered promiscuous mode [ 2169.315724][ T4008] macsec1: entered promiscuous mode [ 2169.323470][ T4008] bond0: entered promiscuous mode [ 2169.328844][ T4008] macsec1: entered allmulticast mode [ 2169.336516][ T4008] bond0: entered allmulticast mode [ 2169.341676][ T4008] bond_slave_0: entered allmulticast mode [ 2169.347681][ T4008] bond_slave_1: entered allmulticast mode [ 2169.356274][ T4008] bond0: left allmulticast mode [ 2169.361966][ T4008] bond_slave_0: left allmulticast mode [ 2169.367756][ T4008] bond_slave_1: left allmulticast mode [ 2169.373858][ T4008] bond0: left promiscuous mode [ 2169.379097][ T4008] bond_slave_0: left promiscuous mode [ 2169.384635][ T4008] bond_slave_1: left promiscuous mode [ 2169.478864][ T3878] veth0_vlan: entered promiscuous mode [ 2169.502260][ T3878] veth1_vlan: entered promiscuous mode [ 2169.574503][ T3878] veth0_macvtap: entered promiscuous mode [ 2169.589343][ T3878] veth1_macvtap: entered promiscuous mode [ 2169.642861][ T3878] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2169.679294][ T3878] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2169.704567][ T3878] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2169.732675][ T3878] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2169.732685][ T4025] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2169.754982][ T3878] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2169.766308][ T3878] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2169.777538][ T3878] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2169.788553][ T3878] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2169.801175][ T3878] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2169.803843][ T4025] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2169.842176][ T3878] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2169.874263][ T3878] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2169.891456][ T29] audit: type=1326 audit(1729051848.583:1274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4024 comm="syz.3.7897" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f54579 code=0x0 [ 2169.891759][ T3878] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2169.925828][ T3878] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2169.936589][ T3878] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2169.947950][ T3878] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2169.957969][ T3878] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2169.969267][ T3878] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2169.980809][ T3878] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2170.006614][ T3878] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2170.016749][ T3878] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2170.026748][ T3878] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2170.035716][ T3878] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2170.125656][ T973] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2170.141305][ T973] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2170.162476][T29021] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2170.172724][T29021] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2170.180350][T13464] Bluetooth: hci0: command tx timeout [ 2171.036058][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2171.137348][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2171.946022][ T4099] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7904'. [ 2171.963669][ T4099] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7904'. [ 2172.808370][ T4108] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2172.817635][ T4108] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2175.881222][ T4121] bridge0: entered promiscuous mode [ 2175.888044][ T4121] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7911'. [ 2175.897566][ T4121] bridge_slave_1: left allmulticast mode [ 2175.903473][ T4121] bridge_slave_1: left promiscuous mode [ 2175.909321][ T4121] bridge0: port 2(bridge_slave_1) entered disabled state [ 2175.918840][ T4121] bridge_slave_0: left allmulticast mode [ 2175.924843][ T4121] bridge_slave_0: left promiscuous mode [ 2175.930514][ T4121] bridge0: port 1(bridge_slave_0) entered disabled state [ 2175.962010][ T4121] bridge0 (unregistering): left promiscuous mode [ 2176.110421][ T4127] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7914'. [ 2176.133215][ T4127] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7914'. [ 2176.216287][ T4136] x_tables: ip_tables: ah match: only valid for protocol 51 [ 2176.376625][ T4144] FAULT_INJECTION: forcing a failure. [ 2176.376625][ T4144] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2176.392067][ T4144] CPU: 1 UID: 0 PID: 4144 Comm: syz.3.7921 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2176.402788][ T4144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2176.412840][ T4144] Call Trace: [ 2176.416116][ T4144] [ 2176.419037][ T4144] dump_stack_lvl+0x241/0x360 [ 2176.423736][ T4144] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2176.428972][ T4144] ? __pfx__printk+0x10/0x10 [ 2176.433595][ T4144] ? __pfx_lock_release+0x10/0x10 [ 2176.438662][ T4144] should_fail_ex+0x3b0/0x4e0 [ 2176.443377][ T4144] _copy_to_iter+0x1ed/0x1d60 [ 2176.448088][ T4144] ? __pfx__copy_to_iter+0x10/0x10 [ 2176.453212][ T4144] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 2176.459115][ T4144] get_random_bytes_user+0x1e5/0x420 [ 2176.464409][ T4144] ? __pfx_get_random_bytes_user+0x10/0x10 [ 2176.470253][ T4144] ? __pfx_vfs_write+0x10/0x10 [ 2176.475016][ T4144] ? __fget_files+0x3f3/0x470 [ 2176.479695][ T4144] __ia32_sys_getrandom+0x151/0x250 [ 2176.484896][ T4144] ? __pfx___ia32_sys_getrandom+0x10/0x10 [ 2176.490624][ T4144] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2176.497212][ T4144] ? lockdep_hardirqs_on+0x99/0x150 [ 2176.502410][ T4144] __do_fast_syscall_32+0xb4/0x110 [ 2176.507519][ T4144] ? exc_page_fault+0x590/0x8c0 [ 2176.512372][ T4144] do_fast_syscall_32+0x34/0x80 [ 2176.517222][ T4144] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2176.523548][ T4144] RIP: 0023:0xf7f54579 [ 2176.527612][ T4144] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2176.547216][ T4144] RSP: 002b:00000000f56d656c EFLAGS: 00000206 ORIG_RAX: 0000000000000163 [ 2176.555726][ T4144] RAX: ffffffffffffffda RBX: 0000000020000600 RCX: 00000000ffffff4f [ 2176.563696][ T4144] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2176.571662][ T4144] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2176.579634][ T4144] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2176.587606][ T4144] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2176.595587][ T4144] [ 2176.659451][ T4148] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2176.669260][ T4148] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2176.689211][ T29] audit: type=1326 audit(1729051855.383:1275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4147 comm="syz.3.7922" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f54579 code=0x0 [ 2178.112633][ T4162] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7928'. [ 2178.125312][ T4162] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7928'. [ 2178.876864][ T4170] FAULT_INJECTION: forcing a failure. [ 2178.876864][ T4170] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2178.890111][ T4170] CPU: 1 UID: 0 PID: 4170 Comm: syz.0.7932 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2178.900797][ T4170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2178.910861][ T4170] Call Trace: [ 2178.914141][ T4170] [ 2178.917068][ T4170] dump_stack_lvl+0x241/0x360 [ 2178.921754][ T4170] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2178.926966][ T4170] ? __pfx__printk+0x10/0x10 [ 2178.931589][ T4170] ? __pfx_lock_release+0x10/0x10 [ 2178.936625][ T4170] should_fail_ex+0x3b0/0x4e0 [ 2178.941329][ T4170] _copy_from_iter+0x1ed/0x1d60 [ 2178.946204][ T4170] ? __virt_addr_valid+0x183/0x530 [ 2178.951331][ T4170] ? __pfx_lock_release+0x10/0x10 [ 2178.956366][ T4170] ? __alloc_skb+0x28f/0x440 [ 2178.960956][ T4170] ? __pfx__copy_from_iter+0x10/0x10 [ 2178.966260][ T4170] ? __virt_addr_valid+0x183/0x530 [ 2178.971376][ T4170] ? __virt_addr_valid+0x183/0x530 [ 2178.976482][ T4170] ? __virt_addr_valid+0x45f/0x530 [ 2178.981592][ T4170] ? __check_object_size+0x48e/0x900 [ 2178.986878][ T4170] netlink_sendmsg+0x73d/0xcb0 [ 2178.991653][ T4170] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2178.996941][ T4170] ? __pfx_lock_release+0x10/0x10 [ 2179.001967][ T4170] ? aa_sock_msg_perm+0x91/0x160 [ 2179.006903][ T4170] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2179.012184][ T4170] __sock_sendmsg+0x221/0x270 [ 2179.016874][ T4170] ____sys_sendmsg+0x52a/0x7e0 [ 2179.021644][ T4170] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2179.026934][ T4170] __sys_sendmsg+0x292/0x380 [ 2179.031522][ T4170] ? __pfx___sys_sendmsg+0x10/0x10 [ 2179.036642][ T4170] ? __pfx_vfs_write+0x10/0x10 [ 2179.041424][ T4170] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2179.048007][ T4170] ? lockdep_hardirqs_on+0x99/0x150 [ 2179.053209][ T4170] __do_fast_syscall_32+0xb4/0x110 [ 2179.058407][ T4170] ? exc_page_fault+0x590/0x8c0 [ 2179.063263][ T4170] do_fast_syscall_32+0x34/0x80 [ 2179.068116][ T4170] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2179.074441][ T4170] RIP: 0023:0xf739d579 [ 2179.078504][ T4170] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2179.098125][ T4170] RSP: 002b:00000000f568656c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 2179.106542][ T4170] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200001c0 [ 2179.114520][ T4170] RDX: 000000000000c094 RSI: 0000000000000000 RDI: 0000000000000000 [ 2179.122494][ T4170] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2179.130468][ T4170] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2179.138433][ T4170] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2179.146412][ T4170] [ 2179.212079][ T4172] tipc: New replicast peer: 255.255.255.255 [ 2179.226000][ T4172] tipc: Enabled bearer , priority 10 [ 2179.817960][ T4178] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2179.837383][ T4178] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2179.869667][ T29] audit: type=1326 audit(1729051858.563:1276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4177 comm="syz.3.7944" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f54579 code=0x0 [ 2179.928831][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2180.243392][T12490] tipc: Node number set to 11521 [ 2182.467493][T28882] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 2182.478424][T28882] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 2182.487282][T28882] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 2182.499378][T28882] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 2182.509578][T28882] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 2182.517079][T28882] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 2182.642822][ T4196] chnl_net:caif_netlink_parms(): no params data found [ 2182.698722][ T4196] bridge0: port 1(bridge_slave_0) entered blocking state [ 2182.706058][ T4196] bridge0: port 1(bridge_slave_0) entered disabled state [ 2182.713346][ T4196] bridge_slave_0: entered allmulticast mode [ 2182.720381][ T4196] bridge_slave_0: entered promiscuous mode [ 2182.729085][ T4196] bridge0: port 2(bridge_slave_1) entered blocking state [ 2182.736715][ T4196] bridge0: port 2(bridge_slave_1) entered disabled state [ 2182.744078][ T4196] bridge_slave_1: entered allmulticast mode [ 2182.750768][ T4196] bridge_slave_1: entered promiscuous mode [ 2182.774148][ T4196] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2182.785299][ T4196] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2182.817146][ T4196] team0: Port device team_slave_0 added [ 2182.826128][ T4196] team0: Port device team_slave_1 added [ 2182.862334][ T4196] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2182.869637][ T4196] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2182.896097][ T4196] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2182.909403][ T4204] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7943'. [ 2182.921317][ T4196] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2182.928371][ T4196] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2182.956922][ T4196] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2182.975827][ T4204] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7943'. [ 2183.028247][ T4196] hsr_slave_0: entered promiscuous mode [ 2183.041441][ T4196] hsr_slave_1: entered promiscuous mode [ 2183.048515][ T4196] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2183.063174][ T4196] Cannot create hsr debugfs directory [ 2183.120899][ T4208] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7946'. [ 2183.132531][ T4208] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7946'. [ 2183.206683][ T4196] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2183.294963][ T4196] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2183.386633][ T4196] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2183.465502][ T4196] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2183.691375][ T4196] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 2183.721588][ T4196] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 2183.732200][ T4196] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 2183.749157][ T4196] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 2183.830711][ T4196] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2183.860601][ T4196] 8021q: adding VLAN 0 to HW filter on device team0 [ 2183.879087][T13103] bridge0: port 1(bridge_slave_0) entered blocking state [ 2183.886324][T13103] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2183.932716][ T1396] bridge0: port 2(bridge_slave_1) entered blocking state [ 2183.939922][ T1396] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2184.087954][ T4196] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2184.119511][ T4196] veth0_vlan: entered promiscuous mode [ 2184.148242][ T4196] veth1_vlan: entered promiscuous mode [ 2184.179344][ T4196] veth0_macvtap: entered promiscuous mode [ 2184.198799][ T4196] veth1_macvtap: entered promiscuous mode [ 2184.264422][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2184.275423][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2184.285831][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2184.296563][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2184.306779][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2184.317756][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2184.327963][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2184.363368][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2184.381706][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2184.392729][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2184.415381][ T4196] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2184.435953][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2184.448939][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2184.467191][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2184.479674][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2184.491591][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2184.502474][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2184.514107][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2184.525463][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2184.536136][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2184.548067][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2184.563202][ T4196] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2184.573430][T28882] Bluetooth: hci5: command tx timeout [ 2184.598268][ T4196] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2184.623584][ T4196] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2184.632392][ T4196] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2184.649617][ T4196] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2184.766771][T13103] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2184.767357][ T4232] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7955'. [ 2184.795243][T13103] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2184.828386][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2184.848185][ T4232] netlink: 24 bytes leftover after parsing attributes in process `syz.1.7955'. [ 2184.863269][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2185.037402][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2185.413590][ T4251] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2185.431047][ T4251] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2186.653175][T28882] Bluetooth: hci5: command tx timeout [ 2186.795702][ T4268] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7966'. [ 2186.844894][ T4268] netlink: 24 bytes leftover after parsing attributes in process `syz.4.7966'. [ 2186.871813][ T4271] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2186.897722][ T4271] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2186.928613][ T4273] FAULT_INJECTION: forcing a failure. [ 2186.928613][ T4273] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2186.969833][ T4273] CPU: 0 UID: 0 PID: 4273 Comm: syz.4.7969 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2186.980569][ T4273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2186.990637][ T4273] Call Trace: [ 2186.993943][ T4273] [ 2186.996882][ T4273] dump_stack_lvl+0x241/0x360 [ 2187.001589][ T4273] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2187.006796][ T4273] ? __pfx__printk+0x10/0x10 [ 2187.011412][ T4273] ? __pfx_lock_release+0x10/0x10 [ 2187.016442][ T4273] should_fail_ex+0x3b0/0x4e0 [ 2187.021124][ T4273] _copy_from_user+0x2f/0xe0 [ 2187.025744][ T4273] get_compat_msghdr+0xae/0x730 [ 2187.030623][ T4273] ? __fget_files+0x29/0x470 [ 2187.035239][ T4273] ? __pfx_get_compat_msghdr+0x10/0x10 [ 2187.040732][ T4273] ? __fget_files+0x3f3/0x470 [ 2187.045447][ T4273] __sys_sendmsg+0x25d/0x380 [ 2187.050049][ T4273] ? __pfx___sys_sendmsg+0x10/0x10 [ 2187.055171][ T4273] ? __pfx_vfs_write+0x10/0x10 [ 2187.059969][ T4273] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2187.066595][ T4273] ? lockdep_hardirqs_on+0x99/0x150 [ 2187.071830][ T4273] __do_fast_syscall_32+0xb4/0x110 [ 2187.076980][ T4273] ? exc_page_fault+0x590/0x8c0 [ 2187.081935][ T4273] do_fast_syscall_32+0x34/0x80 [ 2187.086787][ T4273] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2187.093132][ T4273] RIP: 0023:0xf745d579 [ 2187.097225][ T4273] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2187.116861][ T4273] RSP: 002b:00000000f574656c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 2187.125291][ T4273] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000200004c0 [ 2187.133265][ T4273] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2187.141239][ T4273] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2187.149213][ T4273] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2187.157224][ T4273] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2187.165248][ T4273] [ 2187.168290][ C0] vkms_vblank_simulate: vblank timer overrun [ 2187.186506][ T4271] bond0: entered promiscuous mode [ 2187.191692][ T4271] bond_slave_0: entered promiscuous mode [ 2187.229234][ T4271] bond_slave_1: entered promiscuous mode [ 2188.442008][ T4309] netlink: 78 bytes leftover after parsing attributes in process `syz.0.7978'. [ 2188.733491][T28882] Bluetooth: hci5: command tx timeout [ 2188.889176][ T4316] FAULT_INJECTION: forcing a failure. [ 2188.889176][ T4316] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2188.902749][ T4316] CPU: 1 UID: 0 PID: 4316 Comm: syz.1.7981 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2188.913553][ T4316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2188.923616][ T4316] Call Trace: [ 2188.926896][ T4316] [ 2188.929823][ T4316] dump_stack_lvl+0x241/0x360 [ 2188.934526][ T4316] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2188.939750][ T4316] ? __pfx__printk+0x10/0x10 [ 2188.944367][ T4316] ? __pfx_lock_release+0x10/0x10 [ 2188.949568][ T4316] should_fail_ex+0x3b0/0x4e0 [ 2188.954345][ T4316] _copy_from_iter+0x1ed/0x1d60 [ 2188.959387][ T4316] ? __virt_addr_valid+0x183/0x530 [ 2188.964509][ T4316] ? __pfx_lock_release+0x10/0x10 [ 2188.969562][ T4316] ? __alloc_skb+0x28f/0x440 [ 2188.974176][ T4316] ? __pfx__copy_from_iter+0x10/0x10 [ 2188.979472][ T4316] ? __virt_addr_valid+0x183/0x530 [ 2188.984585][ T4316] ? __virt_addr_valid+0x183/0x530 [ 2188.989701][ T4316] ? __virt_addr_valid+0x45f/0x530 [ 2188.994827][ T4316] ? __check_object_size+0x48e/0x900 [ 2189.000120][ T4316] netlink_sendmsg+0x73d/0xcb0 [ 2189.004898][ T4316] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2189.010188][ T4316] ? __pfx_lock_release+0x10/0x10 [ 2189.015221][ T4316] ? aa_sock_msg_perm+0x91/0x160 [ 2189.020207][ T4316] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2189.025505][ T4316] __sock_sendmsg+0x221/0x270 [ 2189.030210][ T4316] ____sys_sendmsg+0x52a/0x7e0 [ 2189.035009][ T4316] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2189.040330][ T4316] __sys_sendmsg+0x292/0x380 [ 2189.044957][ T4316] ? __pfx___sys_sendmsg+0x10/0x10 [ 2189.050112][ T4316] ? __pfx_vfs_write+0x10/0x10 [ 2189.054950][ T4316] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2189.061562][ T4316] ? lockdep_hardirqs_on+0x99/0x150 [ 2189.066794][ T4316] __do_fast_syscall_32+0xb4/0x110 [ 2189.071925][ T4316] ? exc_page_fault+0x590/0x8c0 [ 2189.076818][ T4316] do_fast_syscall_32+0x34/0x80 [ 2189.081677][ T4316] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2189.088010][ T4316] RIP: 0023:0xf745d579 [ 2189.092086][ T4316] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2189.111788][ T4316] RSP: 002b:00000000f574656c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 2189.120400][ T4316] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000240 [ 2189.128406][ T4316] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2189.136409][ T4316] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2189.144402][ T4316] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2189.152392][ T4316] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2189.160415][ T4316] [ 2190.093165][ T4301] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 2190.093417][T28882] Bluetooth: hci1: command 0x0c1a tx timeout [ 2190.109513][ T4301] Bluetooth: hci1: Opcode 0x0406 failed: -110 [ 2190.813319][T28882] Bluetooth: hci5: command tx timeout [ 2191.012069][ T4301] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 2191.020880][ T4301] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 2191.027717][ T4301] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 2191.035068][ T4301] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 2191.043530][ T4301] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 2191.049708][ T4301] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 2191.056666][ T4301] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 2191.064949][ T4301] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 2191.072387][ T4301] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 2191.080053][ T4301] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 2191.205742][ T4324] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2191.225557][ T4324] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2191.248121][ T4326] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 2191.260977][ T4326] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 2191.270025][ T4326] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 2191.279357][ T4326] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 2191.288701][ T4326] geneve2: entered promiscuous mode [ 2191.292890][ T4328] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2191.299105][ T4326] geneve2: entered allmulticast mode [ 2191.320523][ T4326] netdevsim netdevsim0 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 2191.320586][ T4328] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2191.360341][ T4326] netdevsim netdevsim0 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 2191.370242][ T4326] netdevsim netdevsim0 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 2191.380293][ T4326] netdevsim netdevsim0 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 2191.392437][ T4332] FAULT_INJECTION: forcing a failure. [ 2191.392437][ T4332] name failslab, interval 1, probability 0, space 0, times 0 [ 2191.412842][ T4332] CPU: 1 UID: 0 PID: 4332 Comm: syz.4.7987 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2191.423685][ T4332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2191.433789][ T4332] Call Trace: [ 2191.437071][ T4332] [ 2191.439992][ T4332] dump_stack_lvl+0x241/0x360 [ 2191.444677][ T4332] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2191.449881][ T4332] ? __pfx__printk+0x10/0x10 [ 2191.454475][ T4332] ? __pfx_lock_acquire+0x10/0x10 [ 2191.459502][ T4332] should_fail_ex+0x3b0/0x4e0 [ 2191.464200][ T4332] ? ahash_def_finup+0x102/0x850 [ 2191.469165][ T4332] should_failslab+0xac/0x100 [ 2191.473849][ T4332] ? ahash_def_finup+0x102/0x850 [ 2191.478792][ T4332] __kmalloc_noprof+0xd8/0x400 [ 2191.483575][ T4332] ? __pfx_shash_ahash_update+0x10/0x10 [ 2191.489146][ T4332] ahash_def_finup+0x102/0x850 [ 2191.493918][ T4332] gcm_hash_crypt_continue+0x338/0x770 [ 2191.499379][ T4332] tls_push_record+0x19a7/0x3790 [ 2191.504366][ T4332] bpf_exec_tx_verdict+0xb7b/0x1260 [ 2191.509766][ T4332] ? get_user_pages_fast+0xcc/0x160 [ 2191.514973][ T4332] ? __pfx_get_user_pages_fast+0x10/0x10 [ 2191.520632][ T4332] ? __pfx_bpf_exec_tx_verdict+0x10/0x10 [ 2191.526379][ T4332] ? sk_msg_alloc+0xab1/0xb60 [ 2191.531064][ T4332] ? __phys_addr+0xba/0x170 [ 2191.535579][ T4332] tls_sw_sendmsg+0x1d2f/0x28c0 [ 2191.540456][ T4332] ? __pfx_tls_sw_sendmsg+0x10/0x10 [ 2191.545660][ T4332] ? aa_sk_perm+0x96d/0xab0 [ 2191.550169][ T4332] ? sock_rps_record_flow+0x1a/0x400 [ 2191.555493][ T4332] ? inet_send_prepare+0x21/0x260 [ 2191.560552][ T4332] ? inet_send_prepare+0x5a/0x260 [ 2191.565592][ T4332] __sock_sendmsg+0xef/0x270 [ 2191.570217][ T4332] sock_write_iter+0x2d7/0x3f0 [ 2191.574987][ T4332] ? __pfx_sock_write_iter+0x10/0x10 [ 2191.580287][ T4332] do_iter_readv_writev+0x600/0x880 [ 2191.585492][ T4332] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 2191.591217][ T4332] ? bpf_lsm_file_permission+0x9/0x10 [ 2191.596597][ T4332] ? security_file_permission+0x74/0x280 [ 2191.602228][ T4332] ? rw_verify_area+0x1c3/0x6f0 [ 2191.607087][ T4332] vfs_writev+0x376/0xba0 [ 2191.611426][ T4332] ? __pfx_vfs_writev+0x10/0x10 [ 2191.616326][ T4332] ? fdget_pos+0x19a/0x320 [ 2191.620771][ T4332] do_writev+0x1b1/0x350 [ 2191.625048][ T4332] ? __pfx_do_writev+0x10/0x10 [ 2191.629832][ T4332] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2191.636440][ T4332] ? lockdep_hardirqs_on+0x99/0x150 [ 2191.641640][ T4332] __do_fast_syscall_32+0xb4/0x110 [ 2191.646977][ T4332] ? exc_page_fault+0x590/0x8c0 [ 2191.651834][ T4332] do_fast_syscall_32+0x34/0x80 [ 2191.656720][ T4332] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2191.663061][ T4332] RIP: 0023:0xf745d579 [ 2191.667141][ T4332] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2191.686837][ T4332] RSP: 002b:00000000f574656c EFLAGS: 00000206 ORIG_RAX: 0000000000000092 [ 2191.695443][ T4332] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000180 [ 2191.703448][ T4332] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000 [ 2191.711443][ T4332] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2191.719416][ T4332] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2191.727476][ T4332] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2191.735545][ T4332] [ 2191.813190][ T4334] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2191.822344][ T4334] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2191.852673][ T4337] FAULT_INJECTION: forcing a failure. [ 2191.852673][ T4337] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2191.871398][ T4337] CPU: 1 UID: 0 PID: 4337 Comm: syz.0.7989 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2191.882127][ T4337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2191.892190][ T4337] Call Trace: [ 2191.895472][ T4337] [ 2191.898406][ T4337] dump_stack_lvl+0x241/0x360 [ 2191.903106][ T4337] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2191.908346][ T4337] ? __pfx__printk+0x10/0x10 [ 2191.912973][ T4337] ? __pfx_lock_release+0x10/0x10 [ 2191.918043][ T4337] should_fail_ex+0x3b0/0x4e0 [ 2191.922748][ T4337] _copy_from_iter+0x1ed/0x1d60 [ 2191.927619][ T4337] ? __virt_addr_valid+0x183/0x530 [ 2191.932755][ T4337] ? __pfx_lock_release+0x10/0x10 [ 2191.937805][ T4337] ? __alloc_skb+0x28f/0x440 [ 2191.942407][ T4337] ? __pfx__copy_from_iter+0x10/0x10 [ 2191.947819][ T4337] ? __virt_addr_valid+0x183/0x530 [ 2191.952963][ T4337] ? __virt_addr_valid+0x183/0x530 [ 2191.958103][ T4337] ? __virt_addr_valid+0x45f/0x530 [ 2191.963243][ T4337] ? __check_object_size+0x48e/0x900 [ 2191.968572][ T4337] netlink_sendmsg+0x73d/0xcb0 [ 2191.973375][ T4337] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2191.978684][ T4337] ? __pfx_lock_release+0x10/0x10 [ 2191.983735][ T4337] ? aa_sock_msg_perm+0x91/0x160 [ 2191.988709][ T4337] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2191.994093][ T4337] __sock_sendmsg+0x221/0x270 [ 2191.998792][ T4337] ____sys_sendmsg+0x52a/0x7e0 [ 2192.003564][ T4337] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2192.008867][ T4337] __sys_sendmsg+0x292/0x380 [ 2192.013463][ T4337] ? __pfx___sys_sendmsg+0x10/0x10 [ 2192.018590][ T4337] ? __pfx_vfs_write+0x10/0x10 [ 2192.023391][ T4337] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2192.029988][ T4337] ? lockdep_hardirqs_on+0x99/0x150 [ 2192.035268][ T4337] __do_fast_syscall_32+0xb4/0x110 [ 2192.040380][ T4337] ? exc_page_fault+0x590/0x8c0 [ 2192.045236][ T4337] do_fast_syscall_32+0x34/0x80 [ 2192.050098][ T4337] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2192.056430][ T4337] RIP: 0023:0xf739d579 [ 2192.060493][ T4337] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2192.080108][ T4337] RSP: 002b:00000000f568656c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 2192.088536][ T4337] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200002c0 [ 2192.096515][ T4337] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2192.104488][ T4337] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2192.112465][ T4337] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2192.120448][ T4337] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2192.128431][ T4337] [ 2192.183551][T28882] Bluetooth: hci1: command 0x0c1a tx timeout [ 2193.063164][T28882] Bluetooth: hci0: command 0x0c1a tx timeout [ 2193.069271][T13464] Bluetooth: hci4: command 0x0c1a tx timeout [ 2193.134053][T13464] Bluetooth: hci5: command 0x0c1a tx timeout [ 2193.145217][ T4350] FAULT_INJECTION: forcing a failure. [ 2193.145217][ T4350] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2193.167026][ T4350] CPU: 1 UID: 0 PID: 4350 Comm: syz.0.7993 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2193.177761][ T4350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2193.187836][ T4350] Call Trace: [ 2193.191151][ T4350] [ 2193.194110][ T4350] dump_stack_lvl+0x241/0x360 [ 2193.198804][ T4350] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2193.204001][ T4350] ? __pfx__printk+0x10/0x10 [ 2193.208585][ T4350] ? snprintf+0xda/0x120 [ 2193.212847][ T4350] should_fail_ex+0x3b0/0x4e0 [ 2193.217531][ T4350] _copy_to_user+0x2f/0xb0 [ 2193.221943][ T4350] simple_read_from_buffer+0xca/0x150 [ 2193.227369][ T4350] proc_fail_nth_read+0x1e9/0x250 [ 2193.232400][ T4350] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2193.237951][ T4350] ? rw_verify_area+0x55e/0x6f0 [ 2193.242798][ T4350] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2193.248350][ T4350] vfs_read+0x201/0xbc0 [ 2193.252506][ T4350] ? __pfx_lock_release+0x10/0x10 [ 2193.257543][ T4350] ? __pfx_vfs_read+0x10/0x10 [ 2193.262241][ T4350] ? __fget_files+0x3f3/0x470 [ 2193.266926][ T4350] ? fdget_pos+0x24e/0x320 [ 2193.271366][ T4350] ksys_read+0x183/0x2b0 [ 2193.275603][ T4350] ? __pfx_ksys_read+0x10/0x10 [ 2193.280360][ T4350] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2193.286938][ T4350] ? lockdep_hardirqs_on+0x99/0x150 [ 2193.292129][ T4350] __do_fast_syscall_32+0xb4/0x110 [ 2193.297239][ T4350] ? exc_page_fault+0x590/0x8c0 [ 2193.302094][ T4350] do_fast_syscall_32+0x34/0x80 [ 2193.306938][ T4350] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2193.313257][ T4350] RIP: 0023:0xf739d579 [ 2193.317318][ T4350] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2193.336918][ T4350] RSP: 002b:00000000f56865a0 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 2193.345357][ T4350] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5686620 [ 2193.353346][ T4350] RDX: 000000000000000f RSI: 00000000f738bff4 RDI: 0000000000000000 [ 2193.361309][ T4350] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 2193.369293][ T4350] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2193.377305][ T4350] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2193.385470][ T4350] [ 2193.459178][ T4354] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 2193.465721][ T4354] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 2193.477592][ T4354] vhci_hcd vhci_hcd.0: Device attached [ 2193.700746][ T4355] vhci_hcd: cannot find a urb of seqnum 0 max seqnum 0 [ 2193.713381][T13103] vhci_hcd: stop threads [ 2193.723749][T13103] vhci_hcd: release socket [ 2193.731029][T13103] vhci_hcd: disconnect device [ 2195.133396][T28882] Bluetooth: hci0: command 0x0c1a tx timeout [ 2195.133384][T13464] Bluetooth: hci4: command 0x0c1a tx timeout [ 2195.216630][T13464] Bluetooth: hci5: command 0x0c1a tx timeout [ 2195.533341][T13464] Bluetooth: hci1: command 0x0c1a tx timeout [ 2195.540010][ T4352] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 2196.421370][ T4352] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 2196.428741][ T4352] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 2196.437308][ T4352] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 2196.458323][ T4368] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2196.476516][ T4368] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2196.561482][ T4375] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2196.570369][ T4375] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2196.592693][ T29] audit: type=1326 audit(1729051875.283:1277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4374 comm="syz.3.8001" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f54579 code=0x0 [ 2197.044906][ T4379] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2197.055774][ T4379] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2197.072699][ T4379] netlink: 'syz.4.8002': attribute type 1 has an invalid length. [ 2197.494419][ T4385] FAULT_INJECTION: forcing a failure. [ 2197.494419][ T4385] name failslab, interval 1, probability 0, space 0, times 0 [ 2197.521612][ T4385] CPU: 1 UID: 0 PID: 4385 Comm: syz.0.8004 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2197.532354][ T4385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2197.542416][ T4385] Call Trace: [ 2197.545710][ T4385] [ 2197.548672][ T4385] dump_stack_lvl+0x241/0x360 [ 2197.553389][ T4385] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2197.558593][ T4385] ? __pfx__printk+0x10/0x10 [ 2197.563188][ T4385] ? fs_reclaim_acquire+0x93/0x130 [ 2197.568308][ T4385] ? __pfx___might_resched+0x10/0x10 [ 2197.573602][ T4385] should_fail_ex+0x3b0/0x4e0 [ 2197.578291][ T4385] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 2197.584018][ T4385] should_failslab+0xac/0x100 [ 2197.588697][ T4385] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 2197.594415][ T4385] __kmalloc_noprof+0xd8/0x400 [ 2197.599185][ T4385] tomoyo_realpath_from_path+0xcf/0x5e0 [ 2197.604752][ T4385] tomoyo_path_number_perm+0x23a/0x880 [ 2197.610215][ T4385] ? tomoyo_path_number_perm+0x208/0x880 [ 2197.615850][ T4385] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 2197.621837][ T4385] ? __pfx_lock_acquire+0x10/0x10 [ 2197.626905][ T4385] ? __fget_files+0x29/0x470 [ 2197.631499][ T4385] ? __fget_files+0x3f3/0x470 [ 2197.636180][ T4385] security_file_ioctl_compat+0xc6/0x2a0 [ 2197.641813][ T4385] __se_compat_sys_ioctl+0xd6/0xc90 [ 2197.647014][ T4385] ? __pfx___se_compat_sys_ioctl+0x10/0x10 [ 2197.652826][ T4385] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 2197.658817][ T4385] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2197.665177][ T4385] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2197.671764][ T4385] ? lockdep_hardirqs_on+0x99/0x150 [ 2197.676964][ T4385] __do_fast_syscall_32+0xb4/0x110 [ 2197.682077][ T4385] ? exc_page_fault+0x590/0x8c0 [ 2197.686963][ T4385] do_fast_syscall_32+0x34/0x80 [ 2197.691810][ T4385] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2197.698150][ T4385] RIP: 0023:0xf739d579 [ 2197.702216][ T4385] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2197.721823][ T4385] RSP: 002b:00000000f568656c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 2197.730240][ T4385] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0f8565c [ 2197.738213][ T4385] RDX: 0000000020000180 RSI: 0000000000000000 RDI: 0000000000000000 [ 2197.746179][ T4385] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2197.754154][ T4385] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2197.762126][ T4385] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2197.770117][ T4385] [ 2197.803633][ T4385] ERROR: Out of memory at tomoyo_realpath_from_path. [ 2197.805420][T13464] Bluetooth: hci4: command 0x0c1a tx timeout [ 2198.059762][ T4390] netlink: 'syz.0.8006': attribute type 10 has an invalid length. [ 2198.072258][ T4390] hsr0: entered promiscuous mode [ 2198.081154][ T4390] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 2198.095327][ T4390] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 2198.106991][ T4390] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 2198.123249][ T4390] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 2198.139106][ T4395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2198.157925][ T4394] netlink: 'syz.0.8006': attribute type 8 has an invalid length. [ 2198.179470][ T4395] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2198.210128][ T4390] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8006'. [ 2198.252942][ T4399] FAULT_INJECTION: forcing a failure. [ 2198.252942][ T4399] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2198.271189][ T4399] CPU: 1 UID: 0 PID: 4399 Comm: syz.0.8008 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2198.281915][ T4399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2198.291971][ T4399] Call Trace: [ 2198.295255][ T4399] [ 2198.298202][ T4399] dump_stack_lvl+0x241/0x360 [ 2198.302898][ T4399] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2198.308126][ T4399] ? __pfx__printk+0x10/0x10 [ 2198.312744][ T4399] ? __pfx_lock_release+0x10/0x10 [ 2198.317839][ T4399] should_fail_ex+0x3b0/0x4e0 [ 2198.322542][ T4399] _copy_from_iter+0x1ed/0x1d60 [ 2198.327404][ T4399] ? __virt_addr_valid+0x183/0x530 [ 2198.332530][ T4399] ? __pfx_lock_release+0x10/0x10 [ 2198.337583][ T4399] ? __alloc_skb+0x28f/0x440 [ 2198.342198][ T4399] ? __pfx__copy_from_iter+0x10/0x10 [ 2198.347513][ T4399] ? __virt_addr_valid+0x183/0x530 [ 2198.352632][ T4399] ? __virt_addr_valid+0x183/0x530 [ 2198.357734][ T4399] ? __virt_addr_valid+0x45f/0x530 [ 2198.362839][ T4399] ? __check_object_size+0x48e/0x900 [ 2198.368123][ T4399] netlink_sendmsg+0x73d/0xcb0 [ 2198.372888][ T4399] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2198.378250][ T4399] ? __pfx_lock_release+0x10/0x10 [ 2198.383294][ T4399] ? aa_sock_msg_perm+0x91/0x160 [ 2198.388226][ T4399] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2198.393499][ T4399] __sock_sendmsg+0x221/0x270 [ 2198.398179][ T4399] ____sys_sendmsg+0x52a/0x7e0 [ 2198.402954][ T4399] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2198.408244][ T4399] __sys_sendmsg+0x292/0x380 [ 2198.412827][ T4399] ? __pfx___sys_sendmsg+0x10/0x10 [ 2198.417945][ T4399] ? __pfx_vfs_write+0x10/0x10 [ 2198.422720][ T4399] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2198.429298][ T4399] ? lockdep_hardirqs_on+0x99/0x150 [ 2198.434491][ T4399] __do_fast_syscall_32+0xb4/0x110 [ 2198.439599][ T4399] ? exc_page_fault+0x590/0x8c0 [ 2198.444466][ T4399] do_fast_syscall_32+0x34/0x80 [ 2198.449304][ T4399] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2198.455625][ T4399] RIP: 0023:0xf739d579 [ 2198.459680][ T4399] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2198.479284][ T4399] RSP: 002b:00000000f568656c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 2198.487693][ T4399] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000100 [ 2198.495654][ T4399] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2198.503615][ T4399] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2198.511572][ T4399] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2198.519532][ T4399] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2198.527519][ T4399] [ 2198.541722][T13464] Bluetooth: hci5: command 0x0c1a tx timeout [ 2198.542899][T28882] Bluetooth: hci0: command 0x0c1a tx timeout [ 2198.857465][ T4414] netlink: 72 bytes leftover after parsing attributes in process `syz.1.8012'. [ 2199.058069][ T30] INFO: task kworker/0:4:20793 blocked for more than 143 seconds. [ 2199.070294][ T30] Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2199.078184][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2199.090251][ T30] task:kworker/0:4 state:D stack:20752 pid:20793 tgid:20793 ppid:2 flags:0x00004000 [ 2199.100688][ T30] Workqueue: usb_hub_wq hub_event SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 2199.105840][ T30] Call Trace: [ 2199.109138][ T30] [ 2199.112329][ T30] __schedule+0x1895/0x4b30 [ 2199.117255][ T30] ? __pfx___schedule+0x10/0x10 [ 2199.127271][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 2199.139700][ T30] ? __pfx_lock_release+0x10/0x10 [ 2199.153107][ T30] ? kick_pool+0x1bd/0x620 [ 2199.161485][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 2199.176837][ T30] ? lockdep_hardirqs_on+0x99/0x150 [ 2199.189732][ T30] ? schedule+0x90/0x320 [ 2199.206282][ T30] schedule+0x14b/0x320 [ 2199.225140][ T30] schedule_preempt_disabled+0x13/0x30 [ 2199.253554][ T30] __mutex_lock+0x6a7/0xd70 [ 2199.283090][ T30] ? __mutex_lock+0x52a/0xd70 [ 2199.317528][ T30] ? adu_disconnect+0xca/0x2b0 [ 2199.339725][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 2199.362886][ T30] ? usb_hcd_flush_endpoint+0x3d1/0x3f0 [ 2199.375400][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 2199.405331][ T30] adu_disconnect+0xca/0x2b0 [ 2199.409971][ T30] usb_unbind_interface+0x25e/0x940 [ 2199.444259][ T30] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 2199.450063][ T30] ? __pfx_usb_unbind_interface+0x10/0x10 [ 2199.483300][ T30] device_release_driver_internal+0x503/0x7c0 [ 2199.490403][ T30] bus_remove_device+0x34f/0x420 [ 2199.516497][ T30] device_del+0x57a/0x9b0 [ 2199.520919][ T30] ? kobject_put+0x272/0x480 [ 2199.525632][ T30] ? __pfx_device_del+0x10/0x10 [ 2199.530483][ T30] ? kobject_put+0x44d/0x480 [ 2199.538062][ T30] usb_disable_device+0x3bf/0x850 [ 2199.543218][ T30] usb_disconnect+0x340/0x950 [ 2199.548029][ T30] hub_event+0x1ebc/0x5150 [ 2199.552591][ T30] ? debug_object_deactivate+0x2d5/0x390 [ 2199.558374][ T30] ? __pfx_hub_event+0x10/0x10 [ 2199.563249][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 2199.568323][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 2199.574468][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2199.580840][ T30] ? process_scheduled_works+0x976/0x1850 [ 2199.586662][ T30] process_scheduled_works+0xa63/0x1850 [ 2199.592845][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 2199.599544][ T30] ? assign_work+0x364/0x3d0 [ 2199.604282][ T30] worker_thread+0x870/0xd30 [ 2199.608907][ T30] ? __kthread_parkme+0x169/0x1d0 [ 2199.614039][ T30] ? __pfx_worker_thread+0x10/0x10 [ 2199.619173][ T30] kthread+0x2f0/0x390 [ 2199.623344][ T30] ? __pfx_worker_thread+0x10/0x10 [ 2199.628486][ T30] ? __pfx_kthread+0x10/0x10 [ 2199.633172][ T30] ret_from_fork+0x4b/0x80 [ 2199.637619][ T30] ? __pfx_kthread+0x10/0x10 [ 2199.642225][ T30] ret_from_fork_asm+0x1a/0x30 [ 2199.647189][ T30] [ 2199.650267][ T30] INFO: task kworker/0:1:32136 blocked for more than 143 seconds. [ 2199.658376][ T30] Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2199.666107][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2199.674896][ T30] task:kworker/0:1 state:D stack:20792 pid:32136 tgid:32136 ppid:2 flags:0x00004000 [ 2199.685205][ T30] Workqueue: usb_hub_wq hub_event [ 2199.690274][ T30] Call Trace: [ 2199.694231][ T30] [ 2199.697202][ T30] __schedule+0x1895/0x4b30 [ 2199.701766][ T30] ? __pfx___schedule+0x10/0x10 [ 2199.707571][ T30] ? __pfx_lock_release+0x10/0x10 [ 2199.712687][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 2199.718786][ T30] ? schedule+0x90/0x320 [ 2199.723125][ T30] schedule+0x14b/0x320 [ 2199.727320][ T30] schedule_preempt_disabled+0x13/0x30 [ 2199.732821][ T30] __mutex_lock+0x6a7/0xd70 [ 2199.737423][ T30] ? __mutex_lock+0x52a/0xd70 [ 2199.742127][ T30] ? adu_disconnect+0xca/0x2b0 [ 2199.747038][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 2199.752098][ T30] ? usb_hcd_flush_endpoint+0x3d1/0x3f0 [ 2199.757775][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 2199.763791][ T30] adu_disconnect+0xca/0x2b0 [ 2199.768434][ T30] usb_unbind_interface+0x25e/0x940 [ 2199.773755][ T30] ? kernfs_remove_by_name_ns+0x11b/0x160 [ 2199.779514][ T30] ? __pfx_usb_unbind_interface+0x10/0x10 [ 2199.785377][ T30] device_release_driver_internal+0x503/0x7c0 [ 2199.791494][ T30] bus_remove_device+0x34f/0x420 [ 2199.797174][ T30] device_del+0x57a/0x9b0 [ 2199.801556][ T30] ? kobject_put+0x272/0x480 [ 2199.806927][ T30] ? __pfx_device_del+0x10/0x10 [ 2199.811821][ T30] ? kobject_put+0x44d/0x480 [ 2199.816534][ T30] usb_disable_device+0x3bf/0x850 [ 2199.821604][ T30] usb_disconnect+0x340/0x950 [ 2199.826416][ T30] hub_event+0x1ebc/0x5150 [ 2199.830889][ T30] ? debug_object_deactivate+0x2d5/0x390 [ 2199.836644][ T30] ? __pfx_hub_event+0x10/0x10 [ 2199.841450][ T30] ? __pfx_lock_acquire+0x10/0x10 [ 2199.846605][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 2199.852637][ T30] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2199.859319][ T30] ? process_scheduled_works+0x976/0x1850 [ 2199.865147][ T30] process_scheduled_works+0xa63/0x1850 [ 2199.870764][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 2199.876836][ T30] ? assign_work+0x364/0x3d0 [ 2199.881449][ T30] worker_thread+0x870/0xd30 [ 2199.886143][ T30] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 2199.892065][ T30] ? __kthread_parkme+0x169/0x1d0 [ 2199.897230][ T30] ? __pfx_worker_thread+0x10/0x10 [ 2199.903364][ T30] kthread+0x2f0/0x390 [ 2199.907480][ T30] ? __pfx_worker_thread+0x10/0x10 [ 2199.912618][ T30] ? __pfx_kthread+0x10/0x10 [ 2199.917280][ T30] ret_from_fork+0x4b/0x80 [ 2199.921764][ T30] ? __pfx_kthread+0x10/0x10 [ 2199.926581][ T30] ret_from_fork_asm+0x1a/0x30 [ 2199.931401][ T30] [ 2199.935403][ T30] [ 2199.935403][ T30] Showing all locks held in the system: [ 2199.943317][ T30] 2 locks held by kworker/u8:0/11: [ 2199.948471][ T30] 1 lock held by khungtaskd/30: [ 2199.953435][ T30] #0: ffffffff8e937de0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 2199.973222][ T30] 2 locks held by getty/4988: [ 2199.977959][ T30] #0: ffff88814bdf40a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 2199.987985][ T30] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 [ 2199.998251][ T30] 6 locks held by kworker/0:4/20793: [ 2200.004207][ T30] #0: ffff888020ea3148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 2200.016511][ T30] #1: ffffc900051dfd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 2200.028803][ T30] #2: ffff888028032190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 [ 2200.037943][ T30] #3: ffff8880735a2190 (&dev->mutex){....}-{3:3}, at: usb_disconnect+0x103/0x950 [ 2200.047380][ T30] #4: ffff888024fa0160 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 [ 2200.058140][ T30] #5: ffffffff8f6861c8 (adutux_mutex){+.+.}-{3:3}, at: adu_disconnect+0xca/0x2b0 [ 2200.067563][ T30] 3 locks held by kworker/1:1/30256: [ 2200.072849][ T30] #0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 2200.084087][ T30] #1: ffffc9000312fd00 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 2200.094807][ T30] #2: ffffffff8e93d378 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830 [ 2200.106544][ T30] 6 locks held by kworker/0:1/32136: [ 2200.111858][ T30] #0: ffff888020ea3148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 2200.124148][ T30] #1: ffffc9000347fd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 2200.143370][ T30] #2: ffff888145b2a190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 [ 2200.152350][ T30] #3: ffff888051f29190 (&dev->mutex){....}-{3:3}, at: usb_disconnect+0x103/0x950 [ 2200.163325][ T30] #4: ffff88804d735160 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 [ 2200.175184][ T30] #5: ffffffff8f6861c8 (adutux_mutex){+.+.}-{3:3}, at: adu_disconnect+0xca/0x2b0 [ 2200.193193][ T30] 3 locks held by kworker/u8:6/1396: [ 2200.198519][ T30] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 2200.213763][ T30] #1: ffffc9000349fd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 2200.233125][ T30] #2: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 2200.242201][ T30] 1 lock held by syz.3.7291/1424: [ 2200.253196][ T30] #0: ffffffff8f6861c8 (adutux_mutex){+.+.}-{3:3}, at: adu_release+0xbf/0x870 [ 2200.262261][ T30] 6 locks held by kworker/0:8/2692: [ 2200.271932][ T30] #0: ffff888020ea3148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 2200.283485][ T30] #1: ffffc900036afd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 2200.295965][ T30] #2: ffff888145b42190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150 [ 2200.305083][ T30] #3: ffff88807247e190 (&dev->mutex){....}-{3:3}, at: usb_disconnect+0x103/0x950 [ 2200.315070][ T30] #4: ffff888069659160 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xce/0x7c0 [ 2200.326363][ T30] #5: ffffffff8f6861c8 (adutux_mutex){+.+.}-{3:3}, at: adu_disconnect+0xca/0x2b0 [ 2200.336358][ T30] 3 locks held by kworker/0:9/2924: [ 2200.342069][ T30] 1 lock held by syz-executor/3851: [ 2200.347368][ T30] #0: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 2200.356468][ T30] 1 lock held by syz-executor/3878: [ 2200.361684][ T30] #0: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 2200.370779][ T30] 1 lock held by syz.4.7903/4096: [ 2200.375901][ T30] #0: ffff888145b42190 (&dev->mutex){....}-{3:3}, at: usbdev_open+0x156/0x770 [ 2200.385017][ T30] 1 lock held by syz.4.8007/4402: [ 2200.390055][ T30] #0: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 2200.399162][ T30] 1 lock held by syz.1.8013/4415: [ 2200.404242][ T30] #0: ffffffff8fcd2b88 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 2200.413959][ T30] [ 2200.416885][ T30] ============================================= [ 2200.416885][ T30] [ 2200.425478][ T30] NMI backtrace for cpu 0 [ 2200.429821][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2200.440330][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2200.450384][ T30] Call Trace: [ 2200.453657][ T30] [ 2200.456590][ T30] dump_stack_lvl+0x241/0x360 [ 2200.461264][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2200.466458][ T30] ? __pfx__printk+0x10/0x10 [ 2200.471047][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 2200.475984][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 2200.481441][ T30] ? _printk+0xd5/0x120 [ 2200.485596][ T30] ? __pfx__printk+0x10/0x10 [ 2200.490179][ T30] ? __wake_up_klogd+0xcc/0x110 [ 2200.495026][ T30] ? __pfx__printk+0x10/0x10 [ 2200.499618][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 2200.504642][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 2200.510622][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 2200.516608][ T30] watchdog+0xff4/0x1040 [ 2200.520855][ T30] ? watchdog+0x1ea/0x1040 [ 2200.525290][ T30] ? __pfx_watchdog+0x10/0x10 [ 2200.529972][ T30] kthread+0x2f0/0x390 [ 2200.534037][ T30] ? __pfx_watchdog+0x10/0x10 [ 2200.538724][ T30] ? __pfx_kthread+0x10/0x10 [ 2200.543307][ T30] ret_from_fork+0x4b/0x80 [ 2200.547730][ T30] ? __pfx_kthread+0x10/0x10 [ 2200.552314][ T30] ret_from_fork_asm+0x1a/0x30 [ 2200.557085][ T30] [ 2200.560893][ T30] Sending NMI from CPU 0 to CPUs 1: [ 2200.566793][ C1] NMI backtrace for cpu 1 [ 2200.566807][ C1] CPU: 1 UID: 0 PID: 29021 Comm: kworker/u8:1 Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2200.566827][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2200.566838][ C1] Workqueue: bat_events batadv_nc_worker [ 2200.566864][ C1] RIP: 0010:rcu_is_watching+0x5a/0xb0 [ 2200.566884][ C1] Code: f0 48 c1 e8 03 42 80 3c 38 00 74 08 4c 89 f7 e8 3c c4 83 00 48 c7 c3 98 7e 03 00 49 03 1e 48 89 d8 48 c1 e8 03 42 0f b6 04 38 <84> c0 75 22 8b 03 65 ff 0d 51 01 89 7e 74 10 83 e0 04 c1 e8 02 5b [ 2200.566898][ C1] RSP: 0018:ffffc900035d7b38 EFLAGS: 00000a02 [ 2200.566912][ C1] RAX: 0000000000000000 RBX: ffff8880b8737e98 RCX: ffff8880292cbc00 [ 2200.566925][ C1] RDX: ffff8880292cbc00 RSI: ffffffff8c6100c0 RDI: ffffffff8c610080 [ 2200.566937][ C1] RBP: ffff888065768480 R08: ffffffff8b901ba1 R09: 1ffffffff2859300 [ 2200.566950][ C1] R10: dffffc0000000000 R11: fffffbfff2859301 R12: ffff88805cde0cc0 [ 2200.566963][ C1] R13: 0000000000000090 R14: ffffffff8e31da58 R15: dffffc0000000000 [ 2200.566976][ C1] FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 2200.566990][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2200.567002][ C1] CR2: 000055902c7cb380 CR3: 000000000e734000 CR4: 00000000003526f0 [ 2200.567018][ C1] DR0: 0000000000000005 DR1: 000000000000000a DR2: 0000000000000002 [ 2200.567029][ C1] DR3: 0000000000000010 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 2200.567040][ C1] Call Trace: [ 2200.567046][ C1] [ 2200.567053][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 2200.567073][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 2200.567095][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 2200.567113][ C1] ? nmi_handle+0x2a/0x5a0 [ 2200.567137][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 2200.567156][ C1] ? nmi_handle+0x14f/0x5a0 [ 2200.567172][ C1] ? nmi_handle+0x2a/0x5a0 [ 2200.567189][ C1] ? rcu_is_watching+0x5a/0xb0 [ 2200.567205][ C1] ? default_do_nmi+0x63/0x160 [ 2200.567225][ C1] ? exc_nmi+0x123/0x1f0 [ 2200.567242][ C1] ? end_repeat_nmi+0xf/0x53 [ 2200.567261][ C1] ? batadv_nc_worker+0x101/0x610 [ 2200.567281][ C1] ? rcu_is_watching+0x5a/0xb0 [ 2200.567298][ C1] ? rcu_is_watching+0x5a/0xb0 [ 2200.567316][ C1] ? rcu_is_watching+0x5a/0xb0 [ 2200.567333][ C1] [ 2200.567339][ C1] [ 2200.567346][ C1] batadv_nc_worker+0x10b/0x610 [ 2200.567365][ C1] ? batadv_nc_worker+0xcb/0x610 [ 2200.567386][ C1] ? process_scheduled_works+0x976/0x1850 [ 2200.567407][ C1] process_scheduled_works+0xa63/0x1850 [ 2200.567439][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 2200.567462][ C1] ? assign_work+0x364/0x3d0 [ 2200.567484][ C1] worker_thread+0x870/0xd30 [ 2200.567506][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 2200.567530][ C1] ? __kthread_parkme+0x169/0x1d0 [ 2200.567552][ C1] ? __pfx_worker_thread+0x10/0x10 [ 2200.567571][ C1] kthread+0x2f0/0x390 [ 2200.567586][ C1] ? __pfx_worker_thread+0x10/0x10 [ 2200.567605][ C1] ? __pfx_kthread+0x10/0x10 [ 2200.567620][ C1] ret_from_fork+0x4b/0x80 [ 2200.567640][ C1] ? __pfx_kthread+0x10/0x10 [ 2200.567655][ C1] ret_from_fork_asm+0x1a/0x30 [ 2200.567688][ C1] [ 2200.567827][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 2200.881919][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.12.0-rc3-syzkaller-00044-g2f87d0916ce0 #0 [ 2200.892413][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 2200.902462][ T30] Call Trace: [ 2200.905738][ T30] [ 2200.908686][ T30] dump_stack_lvl+0x241/0x360 [ 2200.913370][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2200.918564][ T30] ? __pfx__printk+0x10/0x10 [ 2200.923156][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 2200.929155][ T30] ? vscnprintf+0x5d/0x90 [ 2200.933588][ T30] panic+0x349/0x880 [ 2200.937521][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 2200.943676][ T30] ? __pfx_panic+0x10/0x10 [ 2200.948085][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 2200.953542][ T30] ? __irq_work_queue_local+0x137/0x410 [ 2200.959092][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 2200.964459][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 2200.970615][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 2200.976770][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 2200.982924][ T30] watchdog+0x1033/0x1040 [ 2200.987256][ T30] ? watchdog+0x1ea/0x1040 [ 2200.991683][ T30] ? __pfx_watchdog+0x10/0x10 [ 2200.996356][ T30] kthread+0x2f0/0x390 [ 2201.000419][ T30] ? __pfx_watchdog+0x10/0x10 [ 2201.005091][ T30] ? __pfx_kthread+0x10/0x10 [ 2201.009685][ T30] ret_from_fork+0x4b/0x80 [ 2201.014100][ T30] ? __pfx_kthread+0x10/0x10 [ 2201.018684][ T30] ret_from_fork_asm+0x1a/0x30 [ 2201.023457][ T30] [ 2201.026742][ T30] Kernel Offset: disabled [ 2201.031083][ T30] Rebooting in 86400 seconds..