last executing test programs: 24.797528317s ago: executing program 1 (id=1725): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x5, "00370500072300008fef05f42dac5a00"}}}]}, 0x48}}, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000300)) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00') preadv(r5, &(0x7f0000000040)=[{&(0x7f0000000200)=""/233, 0xe9}], 0x1, 0x0, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x0, 0x0, 0x0, &(0x7f0000000200)=""/148, &(0x7f00000002c0)=""/8}) r6 = dup(r4) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r6}) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r8 = dup(r7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000005, 0x12, r8, 0x0) 23.674303971s ago: executing program 1 (id=1728): ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000000)={0x1d, r1, 0x1, {0x0, 0x0, 0x4}, 0xfe}, 0x18) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x3, &(0x7f0000000000)=[{0x3d}, {0x1}, {0x6, 0x0, 0x0, 0x7}]}) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r3, &(0x7f0000000140)={&(0x7f0000000180)=@l2tp6={0xa, 0x0, 0x0, @remote, 0x5}, 0x80, 0x0}, 0x20000000) sendmsg$kcm(r3, &(0x7f0000002ec0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86a9}, 0x20000000) openat$cgroup_type(r2, &(0x7f00000000c0), 0x2, 0x0) r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCL_SETSEL(r4, 0x5452, &(0x7f0000000100)) rmdir(&(0x7f0000000700)='./cgroup/../file0\x00') r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) r8 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_wireguard(r8, 0x8933, &(0x7f0000000080)={'wg2\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r6, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x48, r7, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24}, @WGDEVICE_A_PEERS={0x8, 0x8, 0x0, 0x1, [{0x4, 0x0, 0x0, 0x0}]}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r9}]}, 0x48}}, 0x0) r10 = socket$alg(0x26, 0x5, 0x0) bind$alg(r10, &(0x7f0000001140)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r10, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r11 = accept4(r10, 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_LIST(r11, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x28, 0x7, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x0) sendto$inet6(r4, &(0x7f00000003c0)="8c7c788bfb94000000243c03b1d9eb5571222bb7261e5fe09cedba815fd3d0549c31e2f41486fc559374cbc926b200000000", 0x44, 0x8000, 0x0, 0x5b) sendmsg$nl_route(r11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000040)=ANY=[], 0x38}}, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) 21.973964066s ago: executing program 1 (id=1731): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = syz_io_uring_setup(0x3665, &(0x7f00000003c0)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000440)=0x0) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0xa3d, 0x0, 0x0, 0x0, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000280)=0x6) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000003a00)={0x1, &(0x7f00000039c0)=[{0x6}]}) socket$inet_mptcp(0x2, 0x1, 0x106) socket$inet6(0xa, 0x200000000003, 0x87) syz_emit_ethernet(0x66, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000302b00fc010000000000b595000000000000000000fe8000000000000000000000000000aa870000000000000000020100000000000000000000000000000000000000c0000000000000109078026ee40000000000"], 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x20) connect$l2tp6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0xb}, 0x20) r6 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r6, &(0x7f00000024c0)={0xa, 0x7, 0x0, @loopback}, 0x20) syz_emit_ethernet(0x8e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES8], 0x0) close(r4) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) readahead(r4, 0x40, 0x7) r7 = openat$sndseq(0xffffff9c, &(0x7f0000000100), 0x40000) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r7, 0xc08c5334, &(0x7f0000000140)={0x4, 0x2, 0x1, 'queue0\x00', 0x6}) listen(0xffffffffffffffff, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60ff00f500180600fe8000000000000000000000000000aafe8000000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="60c20000907800001e036b006e2eeb6a80c00b765e3780856d448d7666ce4352bcb1b6cbcf8527de14e1ce1c386cf74d8c"], 0x0) openat$tun(0xffffff9c, &(0x7f0000000080), 0x20a140, 0x0) r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',default_permissions'], 0x0, 0x0, 0x0) syz_fuse_handle_req(r8, &(0x7f0000008100)="58785f58471eb4b5b3ff3946acaad41068511507291e72541d949ffc8a54ff637ccef1fe8511899ea7f3c82cbc6539763a34f6760c1608c911801ca672e62708ba4fc023749076ff6a0daba0caa57000acbd9ecf5e97201f7f14e715bc8c089c3d65e92fd65dedb76d61715067ccf6dfec2b56a48f2b274b564d90c3d868f2bdc07b7e636ad78904bca826fa69b7783e7be2b8e7c997b99225467747875695f6d500cb82b479fe9486bb94e06f796f89906bbfccc964830f86986760ade90c3f7a9dde3172a5124c1889075ad30b5ee2a5f257a6ac790a8e89b247ccbc8d241b7b95f8fc649deffc1bc37d51a8c3dfae38ac968eb48695de38df941f9632ef9ad6779e41ccea8a3ff1cac4fa4b47a152a8f9a1bb0094f41580bbf60fa11cfaf2c535a12c866e9414ee9b58226fbdb0d221e1bdc50e3fa300351364f6350030383856f1f809aee19f337f3d3435ae6754916be1eec24643cec1bd1007ffa38418735988cc901603895f66bd6450d54f99e1246ded898499d2a447f899c00368ce1dd4a4f4cf9cdf7d4f8b38dcb98a598ac490f1086ec712b0cb94610abfdb25b0f6947b46e1dd628897ab68445568578049fa6140250a5d821d70f102fadc2fa273a6e486f250712ec847de3b02a121e19775311e8629045f3404bdfa3207aecdac43c3571b86a9423bd716aa67cb688f9ee4f2b14ea42c89f2766c78fd4ec41ab34eebb4256e885bd7e3abe4348772993bb630aa3397084bbc66cdad664d6a9d33767cc375a44dbc0b08931053a6780a796fd31e1d7c512599f9e010883a52c07ec0938ce1acb3fe3baac6af9fb7e9d7942662e41bd3626d240d5ed34ebcbcc0ccf1c3280c76fbf6cdfb04bdb2d3b4ec6a8961b1eb036b211eff6247b95039cc67d222f2ff122340c56d74b4fffa79a202144bb10ad766f1fd6b32abc3e09213da84b36698e5c67dbd76342baf2fdbd26e9563dadd01fce19d7ec025d05d0494e53229379d13c1cae48ec058cff0bc1ccdc94a74b11a9bc87c580bb6a3f45fe15d15d89bf6102dc1085bfe27b2ab462aaf642b8ceed519cf88b31e9e00fdc23e8f6967a72b4c38b2458656dbf26dd75586731bb519a97d0ff43f4358cd40c7ed371ae8a24f46e320d4c4c0a1b8c42f10908a1c283d8032d76f52d4509d78c2f3a0716c37bc0c786ce9174a88d468e88a6d154e4712778aecded0ca5de28e52c04e33672ecea5135438e908aa1bf00e65ba6dacc4bd018b7bb1c30aa5d9acc679220cb5e7207f1759bd7722d10469225aae24973031a21358532a63aab42f33b1f8f40d545fec7799703ba067592b34247fbc7375acdcb3883ace7d34cf33484f2cf662f3f0e18b5c475ae311fb20f6e6b85320b2bc37e56512dc27815b37bfd9f172be1a119197eb53b535c440fd7f24724e1d466309c0f8556965bd02d75c3dbe2baa0c6a515db07af1f77306577d0b38f0aa8cb188cf5523368951b8210f4bfc6afa0d058ad84656d27a46faef225e6268396ecb54a5182591bff3a86792db5454e238afe7c26eae85fd3c1c060760d89223bbdbe8966ae2558f47d799839cd959c974b69ad262cf8ab4fee554288e767ede9bc5d7f0cfba05966ef7858e41db363122680abe978345d45e4b52b73fe9f52ad26371a5b0539d88aa0c572aa01a41b079dde5a14e031ad903629d06c8d85ad82828c25a9ba7ce0fef2316eb011643e47feca7d280833f8b3008841fb2d88ea84df65b03aa5baaa29d6234ed5db8db461fc5df77aad38690277cd5dac1ed3c23c9f2778295578561f9a4d31159a826b4b62b2a867e6e8a9514edddaacad22106880e6633fb2f3b17c8d10bec633d6128489f7253b3e3e38e5942743ddd1547dfab27a152549f61891e3a5ad17f733b042f7ef915ad7423b9719fee9142407fe1d10ec8b64a21cd24fd39de4496ca3f394f07149bdbf1393181b5afee090ff40ee31d34a9c6a113e3823fac425fa85e212de1a9f7c4937ba64f3327961fccf85e6fa29be12de9589671d60d4658b1562ce7dedcde8ec79d265c13f5e197b66989c3f067d2801fcd78bb92b45e55fb4089a7cd3b179284af782ae0327ba56fc307a281772384448ee465dccefe41be8d75c8cd0eb5c0217d7ca706848f9b82500b77c2d838cbd536304556af87d3b6fb9183b5dc9cf2d0f7ecbb24d9f790151b9c6092dfb2c14decbe6448362cd7c13515f66a99c37b56134d12e8c7f1a5b75e14e47f84d8658f0b65ea91014e2e4fd361f03dbf8ca509d426ca1bba7e43ce918268393ff16b17d9e1bb49fb2b4f6eeb8b4b226c79303b19412a55b7ea7c8774ccebd8d66abe117a8be9a3c4faea730902136df57aff991b59dd71610ba4c8e1cded8287c21c56526f4fb6c502ea73ae310d56640990b3e695b278de6e1eebd51108cf7547c0e457e5fdf59691baf080dd3f5dc3c9a10bd4cc5e10ba42d4d3d9dc4f7ebe0bd2981a1d6fb06f7457dca1e56fac3f0fa7ca19ec2fb7940ee837e960d93a73bf085eaa2888fe3025aadd33cae85d63273be6ae3a92e35d78602d8e23b9460f04b7c0e0e710d10fdb0dd3fa9b880865603500d81dc7e968e8046569830b526e441f25f8b0af47d524aa80fd7dd9c3f72facec2032e2c06bc33c6b739c5368bf54e32b6acdca9d2d14276a8348ae92bfbd60f6aceecf98f3c6fe70747499b25667a96c52e21236421b27deafbc6b5e2b8a4ea2a0d3cd5ee1a10f3153b529b5c04a1961223a943842e17ee0cd114ce6983536400fc40f3d4708436954803fd60caf2b5ed7e4ce90bc75385e2424191c6a5038fa15d99aade49fa1affe63fb73078a6bb4ee560b0b521aeb33f507bdf876829f4d3f695197468e41503a10870a8e6df800608ac33dfdecc03f64d03fb6180287a684063c7edfc8db1366f6bb502fe446085f6acc4741b273a0b736f0f55da28967390bc7434db54ad0da9d1d002ceaa5c3e53efa95e7aaa792db32501a072e669da29fb734d771a6fa8c753fb2fcc204e31d668992473e7937fcf751bc79b125db1725f2a495bd2a4207e4db8d44810a4db5113705c5cb8733866ade3375d1bdbcb965cbd927e7d285f2933bf037911959088b64cfac0ff1e39244f2e9416653ed87ec564eb686af1062354a8bd7034c1022cb0d0b6996762ef4a0a3ab4f3deb459f023a867a38fcad2a10fcf0872862b386ff7c5ea7ce13abb112d1f0ed0723870eccc76d16f7e3cc00e28945bb93d9f2bd8e2017993102f0824867ec141f20df951202a2ab1cd796516ca0b4fdd9e6de8b82fcd30f9ab85cf0a5547e1ad1ef1ad5be7a878a16864d7c06b4ae002f3ba485a9bb36b8a591ecb64a4a5c0fd3b4beb015f58ea4cfe190f3b46cc4d9108d10c52a9de859814edac575d2a3d937a9b31db049e70aa76c085ab63d61c1317205c228f7027fa39125de8fec40ed7982e36a7cfa9fedca30f0b692bd4c7794f6b56d69ada1fed168cf03cc57321fe37e3a8cea4bd093e87b657fe5acb13d2591bebb52898362ddf0335810c70a4838faf8fff16301d16707eaa38e52f913f8aa3e27b2387ca1a217ac69966e287ad5cb0286535d5d00b7006661dbc7923a066945c1a2040a4e95d7b0de4dc8217bf1d4e9b6cccc671fdd9a5770c21e749b407df8c463a3bf17e47bfcba6a890a0435d3fbb7252fe072b149b7bfeb185b088686dd70e0c9cda275497b553aff2b319f7d7b0ed64002c5f9f6ccfc3d55d8c908d314487452f37a650f4561326a84c660b6111702a87db03595b5d080c60288203f091de9f78b997e47233f4bab9b044a98ab118a6c45b7ca746cc2fb90182a923d67216412e24a955c0c2307acc47bdd319955249d8412a5ccf444437f53f524c69ba0167c920f0c1f775cd1a225636200a9e4adf61f418d20f717339d0c8c5386af0936f628cc589a8d5581c1c8cad0b564a3f38b606473280a3fa586a5ba932fd38eeb23096df29a92ab54c409f88ef4f03217f0bb90fea539e629d8a025c802f6b5c3d735fe950c8ff7136e6db287851dfbffea1ef81491a50cb75a103367e85afa3484d6af865dfbca91dc05632b0d94aa384ee0c585424a5ddf80babe0b913b0a2eedda34c7ea7814642a69f8eae868274b16fe0f52fb60b201e6685dad3f419413d5b8186992855a25ffe0d4773a14c7977181a120cbc42af4f9acca3fee1d54ccc125ea49b62ab60c58a0ecdf50ee7c16f3b6b12b254fc08fcc85d409eef7c3f30cf705617f926a17e6588a9fd7e34be9fd863a7b157a2d9a336356d568c2d2dbaf76c2d2b2ff8703748b860e36f02b04d6e4f2fd49511f12ce395dc18622cd51948a32cc432cd797d8a68838cebbbdd9bcb6f2e85719785706012e894cb043bb9a53998131fd4aae3321d81fc001e718c4a99c0580af1d4a0c81665cc5adcf337c8bc00fc0fb3c7be0d5e5ff6a6fae5891858eafedbed69223170ccc71ce36ae439d769c3520972601fbab93f54808d6950cb7cf1e5a3b32d8c6a975e3adccca0b2ee28a4eb5ca3b0ceb9d31a8f767c3f4486a62215171738007675a55abf5916513f7eb9b21ff291f2b4b48bbfcf394cf861fe016b3680be422a8bff49963ce096d1bc17186822b1392e68b1a05fa6c70bd2d9a164f12301a6e78caa8f4cd43749704829f54c5d93637aeef80794d3f206741363e74fa181c9f1dc47557553de620794f096c59ccd74a178f5adb466ad5a62fffc1886f56ebceca4ed46ed2396bcbc31160b4eb1b7d69642e33315e3adbdbe1b9794931e7babf745ecfca37dd4190013793d530df12d6521bc069a05a94e0ffe91900a0c2209a6914d2f85bd161ff77284198129a9b1ba600bda3e52769d39c1bd61c4a70c627c3ad89aa0bdf0c93a2c35e166da9a08b4d2f92deacb6e9034274305b6d254c4052868ba32bec9aa3cec75debe24e78e43374efffe444722a983935f9007fe3de37dd83c52be16e034d09592a179275dd0c91281be579cd19c0162123886893713f25cdae19cf258926bf2070741111eee6b3df708c3fc416b7d046c948bf8500779c0cd5460e640bb1f860f58052b8087e6eb2f16e48f4984c9f9fc9fb2652ac5305861ece5362db08ae912ba055af766da1322057d0bfa647d98b8d4f1e7ed43ecdf1050c0eb19dae93b8014da57241cdab4ffacf0ec1348d4a89b3e8ff187098d83d8eba34e5c7ad4215f1977968a9d337d08fd1188754e7cf41baf0189ccaa5f3b1005f807b0255ce1920ca7d919e4684af70c3d089a99922727c607a2b06e713dd61122842a913036f6cd64dfb313fbdf639fcbd712852bb85337d056685b0a54225ae27e1e8c7ce5acd1f017b8f712c268b9cc0ee26d26c63955df0591f52ef3ef5e6f0a8b0a40fccec5f945431a2e81c35720d178feb481092e4f51978493c5fd502f252bc0152f145f268ead14932990069169483ecc7abc901657460c8730715c078b61059bd2621f50fb838376e0b808a3f118f761efea45bbac4274016960063cc67c428e72e516685552dc3bf473e442d76f2d3ed07b319694490054302a538b52e3b8496b7e37fbf4a2ffff2b484f98fdb14c66ecb8447834733f8a7a5a3c83de34b6647842dd56d8201f9d9240f3b3a5b5cbccf174a08853d06fd164fe74e04608ae12df8a35b73517d22a87c7ebca60942932d03102ff7e8644611b5520b5ebce950945498ce19210c866e48284d18fb7e049deaa43ee5283e3dfad7316ba85490e93182d13efe7ba64ee5ceeaabcff3eb24d46a3a129dd5a6b82e8c48210cb1e6564833f3e15dda4dec383b4319741cebf6374cf2c5d64722afccf7c4e2d81ae28d45f2c35b764281f1f08fec8f8e9277277ae1ae8a8981f85e041d2450afc9374e978f73b66da9aadb2087223f28e21e946eb07710ec86cdcad0948d4ca93827ea34e28806d172c3feb83471ed2d4d7ada2360b209d16b9d35861082d85b6be3c3589a6bdaf6f9b5d52ac8fd7388e32b24f1d5d34b5442c1ceebde311decd709f075d064f07bc60ab14c101ef51039eed56ae1e0a374e3e956603737b3a16db684a81e9b8998a0bb9b17a0876a92b2a3b9924f44b16ae4c7ff376ea8a8c91b504c1dbeb522cf846fc3ec6b9a01f452eeb35cade34c6a0463b92c46e013ee7906ee934141870ddd1464ae688805933504a2dc7cb1f947e28bf22f5eea6afb5de3b950056bf44065b84fd5589385d0feec4ef1db4fb4b595957130e575dc383e3686f4674143debb23e17b398f32683fb4805f297369d0e5f2e63af6891491e4e37186b4a3dffbbdcfff63d1fea4e12d24ef96fde3ed7a323a3605cdf5eaa43da738004556c2c20aa30c40079bc2e9ebe102c1fcf5259f1e3acc6b2a2bc9da4d0b1252433c58a1810581152a235e93deabf7f728eace350bcc4db4f249d4234bbd858c4e61a0eda4e3db0ae530c78eb63425502d651fd0cb986341ba69c44ede18eb3ebf25b2336cdda02447a9e20426d8206368c63b5fd6828612d3b99f627e331bab0009579de8270c36aa03861c300d34f2a3703870712325190073e6c17d8699f6744acb1b5468f93b57ab0366796181a4f543511d7ea2b32606c33cda61e81ed1c2194d305be47a3f1a9145d023620af12e79ec188573526ec35b9ce44e95fdb3530bd0431dd12a227d0ffe317cda1bbd787979261d6c9cf728b3d6bec3ba6ae15a595a30fc242bc5f25d837c1c642219afcfe043bb68a82965574b8b2139789235b262cf4af95a538e6954acf8e27ac3c95328df6e4bd615a376cd96bbc9e0d9802fbb40f80a848225e076219e26e0e63f57330b8bda69ec8dbd8b3272798cbfbb085b1885a1c22b3e2df2a879020ac1110b7af4f53ac97f556596ba0e164df0c85842026a87cf9631c9c9d851549efd8ca37e3b863e88436d5da5f4d3b5b5528e2d08d92b0d3ac6a06a0699653718e93a25b5afe254a068e300751eb6c67e3f5a1813d58d428f1ec108b88ec81444ccb50e8452941510c11f2e80bfd712f64b32b686c92ce922baf6c8eed1e9f0717a654d53b3ce1001880de80b5b15362b20286db9dfdf6c41f48aae84d5ab12ac45310f0eefc56e54113bcf95c1b2a259895af2ae9c679de4e2b898bf8a40a199a2059f8248c1303351dca3fb38906a682f66a94ee6ae6eafa7144758fabbaa60debd6eaaee7b2f1051781084b3c9d626263d011a3daf971b708750a77614753b89b5e1a77a52510ced5708083fb48c554dfd6aacfcf97650f3a3b3f97566050e76da968d4eceb83bc1e005ed1596d6e0ec5e2c90231e62496d7435ec5b28f805e3b7aefdd3718e4ff53065b8e4b15175d80eec59218d8278e711c6049bf6d62ae7069578e957135463d7616b37c1e4bf44d60dac6c7aa04cbbc4a64bb0cc0b059abb6b26f8ed5203232ddd8a6c5882e6e6c53068a71bc84c5834104e85bc96db2163798a3881929248b8c788e5bdc9e46e5f7f3f6ad43fad6fa381a0b924bd938702470b330fb90ba73d557c0d203d55edaed6e3a01aeb53b061dad57713ab27e1a9e0d06b534a65d85beb061bb5258bbb38179ea612a6f402affb8ca018ebf0d6f61d44d5a657c080c7d2dbc9b08c07713b17b0f173ada59b57abb401212f4f1fa026491b48d08cf46a704ab43e46de8ea596d68658523b61a156278b3b77bd1f4491381bfd874ed72b00675fd5b4b7c0ec13c6837434ba8e22230d32e7bb1287e488e14f5c5602cd4ca88012b244c7f23f4897e27027aa862ca139bc8b5fe14be7554832ab02e4ba19699a1e66825d94c7c44451062819a38d3376f0a3716b210c7adf4bfbbc303058aa2e054b3bd53539764f177b11b05451705550f90196997de3d1d480e500cd9d234078cb1a09c63d8911381d327402702c2765fe92b8ba3a0189b2b11b7460996c36eaae3ecb4f4e63bfafd7953ff086dfc0b12e616bbdca4707631467b830d244bd3f4371744bc8a4baac728a397818875d1b6a4a2f0d10be607122a6fe813f52e4456b8a5eb6c9ee0cf889f777a03cc26a055f9f259cfc4f8552b568a4b371260af062619dfb215ecfe7b318f8d627d2777bd5103d6ca2948d19d5812112962b63c2bf3d090ff19185dbc5ad49a580451de717c0baa288cd96669babe88a8b1ab6d0936c4c407878786695f46f59ef06c5c2166b661542c598b6e0551d490946182841184a7a0e669c6ccd73a342f65c4525dc7522dccab15fa72bd07588b5bca71635b9466ca72a504c74cca1c573e8d40d83d1b5c5326481ff8a2055a2e0fb997fe8e4787deaa2a8a57afe74a971e7f1f280895f2fc9d99c41416adef7b70ec47e7a12d0ca3c0ab1dba3c2d65bb172fde1fcd7f97692d3d8c9657e3277ce95947d59bf37dde3f35f7a5d76575f5c14caf7f0926c0896995a5f42efd0d38c42de202bea5b5db39bf697f9a96b54aefec723db523893186634763e7399bfa8029c2708dc817984528601c77a1d78bd4b2c85f10f5ca9363badcdab51a1b315cafa5c2ef64f60395f53efb9d60d89e1b2a5f147508c90d2b09476eee3cb9b5957669a77cd2c522909480dea9be3406d1779ffe4539f2e03efb5f8c2d040f0ea776ff869a36862246294d0ced556a129ef78327617052dc1ef5cfb4e5986ba2f0e063b90e1657d8977b58827a3c4e3d556eb3cf0540685f7c9eda461aa2ecc539fec3d2d56be99a518f11752f2be2f670c5fbe8010ac4eae0ede31c1a48f747ff2eac9fc069d3700a40bf5fcda80a3a4f5fa920f117a72de6da51195d2d7f0cc92ff7835bce2ba6b564832f582df56b24cf30c8297a826a4bbfe0afeb1da3e986b3d0a95509e0037d212a70178ecb246061e067238ea9238e4c4a9a7c6fc5dcba290970f50c52598423336c523f2de7580d059fb53934cb0beb208585e897fafeba30853e54badefa197478fe6b9f26ed0d33babb53acee7b7221d8e0cad7a6bd0d9383ced6391bf88ca7aa50c75c136075e87b92445f02fbbc92f7cb65fe2bbe0bf0c9fc2577da63a56f1efbeb276c1f4d01da6f6f7a842212d96dd45edcd2aee7f2c553ace15eb9336bb1804ec252998c5c8b25033894b05c01ce7c77b73ec0e239478c67d5378fe5a53fe6269025d54006e9bb1cbd09b81a39615517c609f3d74e377888f641587121f0f097b48d8be85800295ebab9407978a9cd379966577cb6e1f5261e4305696a2cdd50d8cb1964d3ae18ec730d40f9c782533efba47db8378c6aa15ce85985e211fff2659729599802a7b585cbef3a2762595f67e2054a0fb4457b146e7a656abb2c4b2387d760f7e5b8b7864132317d5ba29a662f50af8dc182d2fbe216db8e997ac856bc59855ca48999699cd6c5576cc47bf8a8c30638c7e08847e5083aa82068940409461d1065c2b53292d3ab145d5bb590bcd278e48ebd34920b18a2e1731c1855ae5a3ed637ff568d205a08cf98c58f5d79c99912e6c1ab257ece0d68ef13d69a56364419aac7df43f43d5faa9ad851c9810648f9050012e55475109ca3ada3452b78a7964377e0d862e022c73ca3ed6cee8c5fbb2d7c12f91c4851fea7c5b02e0a3c5364b7fcca110f20f8858465c498d7e9c6049417fc5c7d4e0059852a6d794af426e938a401cf43b2ba9f4f3f6f0f2eb710ecf3c0c36c4b3072597f805eca9cb14602292ec7d5601e6b1555c8d024aa4bb81a4cff98cb03725cb184ea7dbed6814106a1402bf68a2e51660af930a500d5530651a0dbf2fdc01a31a99be25350b5c8a5fe01155343d028c03e09009ef2c386a24eba8d842cac581402c8faec7dca1623afe25a230d8d4a8bd23df3cf12abedc2a50e387285acf1b3105011a2bdefb204a53b20be213b50f5244511f25852271e05c03fb9a799ac7ea675ffbde8de181368748a9707674e7e70f28a75e4036b6cf9e0693f91a65be4478b6630067ad8dae030a4b7b9784a206b2f7cfeeefc65aae11fc20190f4d6387bab05fa6e17f0bfbfb0c4f604878771aeace0676d12325e61b19a5317c4d4bb9fe6f3fc8b171f1116528b7cbcc4a91c26a729b512196828075f4d0aeac98887e2a6a19b4e1f1f66233962961c0d49df14c3e6123c9ec8dd7152ad045000107365fd5ed7ce6a6d65ae0736a7e227f77c9b0903d4589ac58ceb691583cdb93ae3fc792c886663cb7c5b0640deb66e29b3c69d2f1a3d1d47d7b672ee3c49e90bd406aa84a0189808924c4e67c5495b045e779c58ca65b42889f52d7315c66be3716dc8592b4875629cd0cb02c29d42bdf9ca5c16bc9051c2a6c09d0695bfba58c19a995838c022e9936c407d8999aa65e4a9d6d8eff99f8dcfac9b561375b6d1293441b9d32533161062c053c63ef09f6100cd748700a710f5bfc2a6297b15242b1f41e21bd004b885d6429a0d334a8c115f7d53d278dad24c9d295b97c50eb340d1e6d523f1757e2014c1605c3bd35f0cfdb74f79850423a37e2f95dfe41c56df09724d21065377f1818311f0c70aaf6fb2d4fc8d9eef576136617371d85481770ce9c390859eacfebba34e75a238ce80bcccadd6c42e8e186be3c15451131fbe9e345c05ab8e23f917d269686a9b5f06dd474f95757b9e5a3328416595539cbdfa69efa9702e5a268b1a70c6e5ff2c118a6e574bfecf17b1576e4f2f7ee566b0b2b5388476a68562991ac01412fa463b0f9e586ad4bde59e91a4b303268b5d8644cb7996cfbba422facd59875ed6ac057e563412255c412be0928a0b6fdb6f35d7008b5d5528ca796a4a69bd90b993a52da9c7d62f4b71a2763f822bb39f3ed39cc5ad5a4d51b5c27d31d105000f3f1e705ed5c42067106f3fe6d30151021bcab7f3a1ad9175b3d3644325aa676b9e057bf9d9aa3348b1d9b31bd639c59bb63f46a6c18794ae006db3b1ee20368160a82e26aee5a9fdc6b44df8be294f3ac0a1275e57ebf5e384b141ce89dd51aaf2248274468894645ba54bc4e6b9788b1eb5043c1f0dffe2e13c6179d0238d8cd037b6fe3e484445ab458fa09e4e8010d3288aa6e6cdbfba4b62c7984d058da8993d5de1df75a1ce8e3bd5875709fd2ede4cd5843e7102ed4031ed096a0c6e3ae9d522ad95ef4af83599507dd32fe3325819cdd7718c9797e921e6e365175e1dd53991edcd2baf27df8b1670d01967e97b3e3e75d297f908deedf2e3b91bd61973e8aa75a5a6f9db11525dd35556bbd13873602a320af74677832f93bd01f1e0631c882c8ab254a26b73a60a6c90cf9b96bd576e05b9befbce882c5d29198451bd15acaa894a5276ea9d870f49a33ee9d2429ef35a905b281deb75be54fa0c9e47be5876d7dce01986f2d0e7ae6df9b87a0ba6cfa55cec0c65dd386db5adc427eac18a00c9aded475417add4ebb8880ef3dd218a9ec3e6e13456f8de1630774e918fe5288dbaec3dd2a74698ec9e28ad573761b9e78af3d5c7a61e3eefc1a54c25bb841529b3fc9137836a2e7eff5ffae8e44f0257160da51ec0b3d144b92f1f43d2782513705baf5930903602d40cb4de87feca7243d2248a78a5d684e303ae147acc96e0b755eea77092b5f6efa723afc8a4240c75529dfe1c2fb75aa42d67e6b6c9a44c575738725815a9af1ced5", 0x2000, &(0x7f0000000200)={&(0x7f0000000180)={0x50}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socket$nl_route(0x10, 0x3, 0x0) syz_fuse_handle_req(r8, &(0x7f00000040c0)="6d797d42fb74562ec642068eb410c60f8cdc42cf09864b1dd1d244ec3ecfb9103306a02bd120cd2c684eee7cd734914ad7ec2bdd4402eeab7a2972f1672f126c4b5f6c5ff748548170bdf1020c2c3d09186940feb185436981cd578c3a2bdc19c16209468100cc1d67247885420cbc0ea004f07283bc4a5cf8499ad5ef4df93b2fa2eb26895ed9260cc61afbc766adadf7809b3a8f76d9f835acae2dac8abc42896374a6a82a8894552441bd0202daa10048b49d3bc74bba1e5258ab8ac5169facb96d9f68705a7709f6d9a66a9988c13d13a2b8b34d9f234e1c5fae79e4cb76ff3102184ed9032d2402087dcb3eff6bfac7bc4d2fdc9ea25f5289d52ed75ffcd83a2781eb4a23fdd078d1e53495305e3ed5bb4e060e89d6eb2b13586f7f5df32e34390d70f074b4f92c4624312698d86578f3d951021db151806fc314c98d819604d8d9572efc7dd71c0d1a9176ffbd48361908e927e03caa4c1ccc805fe755e616d983442660299e9dd34e5612eff964a45d613a832a0ef8e4410fcdb0313712795b369c08f907c91a4f20e5c18ff903e0ee410d77bc076f49debfd6e411104cace38e0318023527d1c54cec66790638c9ee70c29de0406b3483ca1663245edcda56dc9612e93f40f19cbde5cabb8816d7b75a266e404a8e5364d43c08cf5cc645b533c4b6fe349819c5374fac7a923a7a803ab138c873aee3718921043a60a0ce84df8b991dfa525f0955acbc866182f2409d032981ad824f037ef068501f955898c4500049f0b30014832e3b668f5873305ebd1e094f244caa90610be83a5f674decf451a82d9edca6664da89cad8dc212943828570fb365b41993f89c6d36c579157c4055a77eb1dad1dc466e743129e5e3098f4432fbe289111e102223ff04d02e8108b0925ce76118445efa09233e579f398ab373303c0bb64ff82ddb597040e58a61f82cc5614beaec13ed297a8daa9514468283037e5d0077c9803b69421070718fba4865e4b9c6d7d272c562cc4dd998e16fe288dac68b0bdf05eb2a02fd40b900944d10a94f2b3be9b6c6dc628044aa9eaf34e0474771c10bef03f6af2029643acc1e97efa0748cfca63aa9546bbfa6d7533c4dab0b931ac35b331aef91a80d5ea08ba35cf66e1779298d3338114c12f024970d12af8d67f9b165c15a8b7e37c14c2d512dca76cf6077e2011bb47cc993f3088027b2d53daca574e8b443fddf5c252788854be8aec357db43f2147f23061641d2910a4a503a3a9ca86b3656d37d443e5e4207bb38b6e8879bf3de21309eb90113ccaa75e1d1e0900efc17aecd35078b8f3d579d2d4fb576127278290d6a9ea379e22dcc4ad369d3405311efbc74702020d6cdb31267c2e4dfc6a34bf39c9db32da7f387760909843fbd02e9e291e838fcd8faac4c9ad909cc19440bb775070496ef69250f4cf90372c0f1835dacd4d605a69334d73b1228cce41fe3c6457a37531bbab6d8b15a8214ff3002d29016932de969f05ed64b720ad249b8164ea82fde08303277e7d5f0d3e86bd6021024bdb1d24afe3ae28cece041943db60034fa11c3b6ec7b09c117b086fa4016e68e46678a7c5e91c40d2866295247276109a8778b043b51ffe3ec33dbb665806cf6ca41e7143885b6ca920fd8caf475ddcc698a09d368c721f048efe9e0d372d9cc58deba32f81e7e7f6d53209050d72545bbf04356ea95c9bcec3b8b87f56963111c5454b30a12b8479afc26361a7e00a66c03aae8ebc3348ac2e9b0f52453a32efa9b8ec038e671122dc2965d3b7395051974088f4aa47a76327a0dffce6db0a2cd65e2da5539fd7673911d5605cadf30d85563a60afd58767b6adc549173818de01b0de192894a76bc4e62d8c9e341729e6ef37574cf63c27674081202b8ab9cb9d92d346b1c2dadb253532c1674b2440504f8430c0a2ae5829b016af877831ecce9b13743e821436a6c1c46a1176922dbf2721d9722edf72817f8d15fa5c7ecad046df91bb57b8d16244527c855a40403ddf1757c31361c8bec9b5701b5c10a1e96547fa2c93e03f264a366a96666e24d7f908f6fa4c3f26722961e70adfc4ccd413c2c05adeda400de500babfb80a4e4ae5e9e04444c55f006337c0a98c33f04ae0a6620a1acbc26b5c7d125c30ca542c64604a109c6022029da452a717b219456cca6bc9959f088a5f2360c390b531baf92ae2429a2d0b6c7a20c137a3a0050ae2216b871c03c56410d28472d1035bb870f94589b93ceb57a504bba5acb7a6f77699fc10ea96d8e8fb913ca78c0af33a8435344b71531207344d78ac349894aab972c1b471d52b266bbe4313ef2ba71e7a4680ff442a358699c1e18322dfd50c55b637b6e6d5f02fa61b0e8ae4ef7cbb6359f70028a6b60fe901b2ad97a62b5d527efaf5ebe23fccd80d80e02eabb1be14d40faac8a56b4785fe47c8ff4ac4ad7fcef2134b1ec599074dd45d2b7a5c45845787e0490d9d7db95b58b18f14ae6ccc39623ba0fdf64c8d027f1e7652cc90e82732d4292f4ab0f959a44ff906484fcf83e222088345541ba2b1c50b63711d8adb63c8556452c142de8a06f4b28a86f629cc1dc713dcddcfebc8b1420a603fb970ddaedfc82250637327beb5c0ad04947477bc9aec0914cd78cbf5060e4ef7806b3443c85dbe79b8e87807b1a8d141583998c412d89c23dca4aa16af321dead51a12a73be98bd8ebb4d58b3ccd2d67ec936f2596afff2ba4166015aa4cc6c433acf33df30e3d40a0d6468944a07d1f9eba1bb9eb03dbfb42ba790dc1e7f66ad1834fad94440bffe3879509120b6a5cd1890281bf0f4c2d1be00fbe6b2d09ebdf594110f2bda035262d4830dbe64aa3152612df991a6fe1d035e0b301cf527d74140c85ad79acc001fd2ddb3f283c21e8d253c6c4685584f753e01aae2dee4158c68e2e612f056eb602ad8199d84784e05b363292956247d1fd8e4201330d6060d66e10e316143015908554e5325550d61b8af87a92237edd75cf687919ed0164de95042cbcfe96b9102fe3b71f43bbb1fc24d9d2d0d81dad29ac18cce353ca7c4a7c32e12e451654addc5dc6a44d001c40913eaaf14dacab7037a68e9875ae51321d1852820794206fcc1cdd51443d5e3fcdedc4dbf728d1ed8dc29437db0154c2f59d1d0d0b0048cb56ad965682afeda337b172cf6a77be36ab8424b919e493628846bbf485d5fefd73228e40295fa2070027f6f2ed565024b82d1058a1be0d0c364b765f2a58f382e378692d1ca4fc7f09f867ed4684dd82dd4c76e0e640f5f87d1c6c2fafdb733f1cef6572cb5e104ae9c94d26c81cbc9a5fd8fbe61ddbdc683b7f4030132b932abf0d66afafc9a9d3121f0ed962a14294bf0ba7b1d33d7808efa427b5531cd881b5c87ec159bc9557009d9762010a497ad52b57283cde9715b48a3e35a22aec3730a0cb476a59f438684346ce0c14f22d5f1e5826d3f670e9ef60f6dd51a11fd32eed673b9d0a12d8eeb8046b96c51cfc54c21b2c48c4a89273963b8345b01159f53f6b6589333afd871875b930d7a4e2e1f5dfb44157ca004a739b0e98562c83b1d8414220f677f2882ef6ab1039fc5f132d7f55046d0c9545033624338e2ca6bdfcdd9d78306818c6214f524a7d036c80b5506f97fe383c1cae3c73dd2a0c628bff47d13dc7d9f88a3c1bb84ccbcb82fd881c6f5e9aa7516bec86fd6bee49f4db3bbf468922f1ef37c499b011e36173edc0ccb92d13dda668cf88bb99649e606fee23d3d3bc1fcbdfb40c7d4a4a60b89c63e65d02a283137561ccacd0c71cf70c6f039ebd1d29cd58571fa07d74187a7931d3d8b7db3062594b696b0e11a587724440bd77aa01fbe26a031a4c3f16ef3ba7f7544d01e8b7dd0b74f3025fe54cd01be16ee80ab0cd7c56671390f2e9bd62b212cf3ff58da7207846bacf85858130a89a2cb45da85b3ee574e8bb43c6642a3060b6f07228951aeab0fe4f4099b86bf07ec39262acca7319df3d5d057baa794234b89eccf36da5d32e4a5283386a0a271be30f75917ffd9f6d96eb8b50a7f6a0b861c5d12a624f3630a18e3bc94eb58bc835cef0a1b77952df6443cc12f221fb8460f4862f382abe13b409056644ec46fde96e1992e79ec0acdf3066f77bbcd6cf1a24d9b49ce84bd3bc58cd898da801d6b1ab12fd7cecc29894b98d616ccff855116a8985653ca88722dc00aed777dfe1839251be42716824dc0c40b6548319f613faffb2f1900a1f563724b0dcb7aa694110d268e945747d860d4bcaba7837342e3d7f207547ba8c093e8d2a1a5e3e098d19343de5fa773642cfb1a2e49f98df7e13254787cc35b2d689db16e551917c0db1034b175d1f4647c35c4cfe8a871cc7983b052050be9d24ed6e6f70d9d4b7cdebc9ba7a761b8c5f2207761a6fe9db5d4ac975dbe398ae05ed180f028037f2d9684dd3b28135e150db8a8adc6c34d0cca2cb95e6babf8702f26062d0ff0f88fc915caee5597a006e211c61f6fa4ca685e79655af85cb3489f94cd9836af4b80cd20ed23ed8f3f4107814407715b471354c5274595963b00482f3723ca88f4eee346c78bd29d65899163d848c9844991e976ff817120a13ce40aab11632b6fdd9d00acb82a5ac7769a0a7ed5d30ae077bf393f5de5b12114e4d1a32c7297bc5e14b673c78cc675b097d56f7a35c3206b1584996972153e2446465492528e0565718252139e1cf500f05a0ca529d58f5b91fa9bb2822c21248a7a8a92d0a7be5f4d249087176c7c23e27d72bd232fca3f7b36970daf2ccd64be4a798a6c30a068fbae324b4c158715949b37c3942f0eee35b90d2fe9d322420917532f6dceaf8633f4f9618f099ece4186e1adc1323b827c984ba54c887b462e169867c2e063fb60b7906434ef362200559e4d02413667dde0c6111750995824c316305f2ddfa3035ee09fdbc28c7f3c095f5a4382ce033746394a37b4d8a61ae8c7270d3863df7382a4786d7bed9543538166dfd01d122a384a7a3de7958c0272a35856f175fa29ee100d2a0f3a6dacbbe8702cf7e8d307ac0cc7921539a371a1c2e7f834db5a903069c07ff562fee851ac9cc3f2f045146db26b13401258733c67d820d06aa068b789300ac90481f84725311544e9a2363f2ce502c02c100bb41e18a103c79bd2bf14f6b52290fa60d978c284f927829b5027ae0ea842efb3450a8ddcabf0eaff6a6a8300de389e78cee73bd8de9a2809e346ff6c79dceca4277eee4b0dae1a3e1740f306044d6e67a5783e665f9637a8f8154f9ebecf95f48146c750826fccebbb1bef247666a710cd71dcf3ac3aa9d0bcbd4c4ad432bba642366e4a3b12981901358ee1d7babbb7e10737cbd8a1c159d8dd9dd521c48d2911ebb8162b51ea32185c37097c299c0e477914b49d04cabf5033a5a3660f829ce4dfb2f821e6cb19ce37df64f79eca0649ea8c6b41c6c5d08fb1dae021314609946310c833d08d46c026ddc5dbb7ac62f1123be2004729daa8156ee12bdde9529c7498c8d1a3fd59aa07b9ab7870c4e57b2f54dcc26edd206b28870cf346d741b46bcb508a5f9805ed63c6cb03a9334abfea33626b0681e59b1cecb02202c3190260b8e2963ee84d9a6b5e6be99cbf6a17e4a11e154c2a50d625ef1fd4690cb8e030e46e07c891e6db43626525d464302c44dbf65f71a485f9ea05c347b870bf63fddeaaa2336d9eca1d4c56e8a2734287f0f8a185bd8e3165a681175d1ee9d24f48c9182fd40179ea3d128c0b43c4e2c85eeefa4c932fcaf9297488a3d44e602477d94193410728a0ef0f6730e64b8cfb3e2235c6241d1252196f943d9eb9b2ce70f8c5cf21394875081f56ceb6749a8bfa43e0e545fbc6903b63c55b67ba1e064a682d58fb7117eab5407d1c998aa53a0ca190b0a4aaaa657299cee41be166a7622789b81cff0e892ba87c6ff22f29ed512ebe40cf7306b7597607de5c1c6fb2980a03cc0c6f396ecc27b6b5a3fb0a3f3375fccc397527797f6d1e98f9a873882f85a4e5b11eea65cddb12b0cec9e531a3b5de958963e20d8a520aa71588aa3ab92186e64a710ef07debe3fce6313ea69fd5bd45ca3d50e5c98ac632d5479bc0763b05509ffca67158ad8665cb858e4a8eae29ae667cfa8e39dbd15ca03846298faf7169187feae6e84deaee4ae51cd2016a867b3d11c4e6ec3ae39aeb8c8ec36a885e475f3e1e47e1fa464ef9569aba053cd066907a112612de411a5be0868543116f32d0781323c744dfeef87601981afe063122bac14b9059a68d9f356e85ec04c2767cbe79e245d7916daf222b5134ce684f7dec8fc0630cc9aeb5fbc38dfd19628ece15342c941e52be8abf0d82ed7b0b4bf5e6184edcae53949ef5987fd7fc479fc9921f2f332ae68f5dde23a3dd0b4713c3d18913edd9ce59870f7d50fdf33f3d2e8e5045d35555b4db5f48946e1b8d8d682f0c2bdd2d0de6bfff349e5e826cfb2d18d7bb43347362f13f5e80619451527bf0d3cc617881ef718466bf2efcb5f1404c573df09e00a5c0d1648b04860ee20d9e79d4ebac94a35e0a4919b1ab0db9e9dbdce1324223850e2e137ebb0c0e1cd690a3c5c9f8576538cba5e3831e6ba56809644e389ee984df3ea8e4743d5d03619b713c984fe8b43c589b78715b9147384b5bb15af8898cd82b31aca722cbe7938f119251d9142f2661f09b49f99d8988c66198dfb9db7f225086bed1deffa78995a56f905a7ab978a9c557ea1ad306bc0cd1cd8e5acaec1e4430a42068adec4a73f891c8010f0271c38685ca66c36313d15ab5bb6948c089b1fccf7fbb340eb03446a9bcda34b2d14a11e09f71e799fda19dd85293e2b0e2ca3e68145b4ea5705592562962cc6c0b65c88d06067903716656a0a7742850b956b609740c913f54225ae18ffb46162d6a0c1dac8b6c59541c8ef6bfcfa87ad59cb0e8ef6ef1d7f739c0a56cf975f9cca9ee89bac15cae197d02fc72505d23ebc6153491adccd22262979d2909fb8abd25683894e5a776824b81598a833e339a582b9ce3f8d7ce59fc3147eb3e92751867ee9c3506692b25b2d7f38d97280e85c01bf6d71a602d039aec747620d33660a9d5c9cf4010d01f9cb86db4704872307942df56f04cf6c17e57612635e769218cc91da9e2de29aac4563d695a6ebe249c14ba5332b54150a291bec28417febc4c3efae9e14a0323e561dbc80e98bf71deccff5babbcdc8015ef7a86a52781a67a4915645cfb18379084c58110f1294b2e08a6994d1a3dd4fb79437a75cdb05f36a7b3fdb449c0cea5682d37e5b0217676ff7a383a19d48860476b23ccb66779093b0f6b5b6a1ff0cef503dadf5b67382b2a501d0c13d89eec496374f43fcfa751864330479e0d1f7aa0883c2aafbb5c21b06cbea3c8b515fb1f6d061e269c3de372dc48f0b1c0a935de648a0fc4a1a32ce6aaa8432240bbc977a0ece5fd60d92ba49f1443bfc83668e8251260a5b275098e4a072d44726b91d850bd9c2485cacbf2b33be73785421c2fb259b0c1c0955339713f75ca72b9bc56a7167d8a942015385eb4f1bc3e07b23a71779d043a4f420b0fd9e889d398c955f13542c811683636b71a2fb178e951e37ed5519146c5d61e697d1148458c2f224dc6911363edd1b4d30c5cb12d0e2fb035adc33656615c05266f32c2faf5144e24086c97816c87569feb1fd41775263999ff057d9832b872506aba01db7482251f65a74c66cc01b83056970f843ef58df0d89c44f9265d5bfb50c287f330795b30848341dd26683e5df82bfc1cd1a3f2df3dae99fc38edcc614b39c8a8fa6ada4b5dff08914a92b6a16b05f13bbdbdc5e9f14a08e827ee5f364ce115e12bce05122f0dea62d8dd41222fafa3c6bdecea63d3fbd0bfdef667d6ac12b6918273631bf0ec25da2783f06f77a9a0ef2490afe43f3e8b0f553c0c1078141ec0d8f426b1924bd464e4240cda50e9b8a97050360a617eb4f88baa158da8672572f641b20ab3bcbab3d38ff3c84c5c3bf309e26c8ba735503700028c0806c29e02d0a0ed73b9c5c2f2a39f57ee08b935e6e056f01733a12b08603987b14aa7fc542c65a0c03e278723127bced6ac65d2386cf847a73057d19795d5a7517e71d5e480b7380866a64da32fcd1158af9a82559898a7931535a4b75326e2769711ff857d180f16acf316130574fd37bdb658b877f06db42ab96641bc75e3d4ad7fdd9028072139dd3019b03aad32907debef345bcc57423ddfc94683884a00c5f864b8c2dd5af081fa970da251d3afc65dd360c661d8ee2ab58dc9060e2d98b39ae95bb89c319cc93c9e653bf9db205338dc5528c11a391137fe496d726f1407945b243a49a1f3a786047fc47d5e5074e0ec678f26f30cba747d50070c00323d16cff4b06089830931ca704d386140f9c201a5b50a116410be001135aeaf30d7918ccdaf35482659fbb2933e97f1a2e0fc20e6a610e37511d06d4cf931e54ce8f5ab5f688e460e3943bbbe6949a8b4ae309ee31330ece6cb9dfcae0035f3808b7295776ae7bdafffadb6113faac5cd966c2875abb7b20f1b298b48cb78c467f1be92cd3a9d0fd35b7720334274a53a6cbd041b85b6f8f9d622293f0e95a8835204de1faeb7fcdcc57fbdf0afc2e6422bc114355cb5bc979f1bf6d0fb6eb31ee98e06cdcaa1ac36ed3246d85cbdaf999da5d6a7187e8622e6d224c5549a2f2802691a08242ed44a47fc9ad627af949ec3ab5b191025ac75ee7746e2762b530a622a716edbf341e4f9e04fa5d3f77c78dcde06f3845f45c8c1954120ac5949da541882d99adbbca4b0e422e4364289ff1a903bfd1ee63faaa40ef43d3e54249909066e1727591a9632cc8440dcedf931a823e9b542d51aee43897bbbc1f652ae774c326e8400a3a6ab8d90a04e5724fb39c05875ce5afff0502bb6164bc65c107593c155da4b77f136a34c9ec39a4e70cdc4f7fec68245402b2c0fb508eac623ab41a184d3bebe5e9f24c6590c1fee571ed55a76b8554b12116a36101691397d532b46924e6ccb688ab52ffc44f8a670d542477ebd3756d6ef5373024d3f915c187a35feaf39b76453ff835f73862bad13f19e76d47c70122911431e5f71b05a9728631df66b162e708584e83349db1a68368a37cfb4e16c9987a956b3018f2f12c639bf90b5fb0f0560fa7c19887a9d12316dab9bb515cddbae2e9056a556919476b47546c0dae631a88eb8bb9da49879f56efd3d1b65d50bb01c8b4ddc20374877189915cc5824200dfac8f422364b7178f2e7799665b464ac9ec54ffd87fc8dc68e08ab178059ec02bff4ae3c683d0c96796765bdc188c1a4ef46cfa9e6376678245f8d0c907e83e6eb78ffb19e75534925b5b5bfa489fb9cd2c68f00a079c9b34dc45e76044bbfc87c75bbdc5ed0ea7ca0f249007be79116fefa74085f982f670f821ccd0bb14e1086b677f379fd1a1c96bbb4a7338e867d3f91f41b0a7eb2f1104c2ed1593691e601f2e045b3db1cac5dc0d3b302b54967558057e767c4a96f0355d97beace9fe05f0513629b2dd4e86e523d16d7e2e129264e1749b07c062d3a92d96fff5cc976855540eb441a3cef8fc59bf236c85e778b04e30fa807c3ea634af17f005fb55b55f082ca54fc154e6b9df95b951ab9612da7223efc8b63f4528dc3353a15988790d507d9fda18dc8c4adefebc12567e040fd49d2d571437bada1c08054f45545e5cb33c8db8e5b4f2d6735a7fad407fea2ac6e516016c186b7a9b5586650178b3c201eb4fcda3a22291c1f5d66557675dfc73b17edd463abd17a3ec0f1b28adeb4c294c3792c5d2665d504610d37de5dc68fa03e16243ebca169797205d2b24cd64cb1e37328530d68c9a279e36aa0c7f718831ac30607633eab2c9e1b8d6b78649a78fd573d07f0edc18d2f52da2213e2ad44a4bfb3a80ae71d8cf57a2ae2658999d542f7c46da5a30f0f4a82296d0c95e4c6f046db42a00d8631b120a64ee260bf4dbf29103d4e2233fed2ec9ae65fb109f212f967c34e0efb52f56a9a7ab4de472f9cdb0fbcd19fed42d80216c4c717e77a5e6a9118423e0a6dc9d2f3cef598fb9bed6b4e66b279ebbc265560a471d132a854ff230673e843338dcb1ae202c797cfa59dd18eb46e313f1b0dcafdb6518c1da6b08aa1c92bd433a0b65358356a8d03a454f96add1237380049b2567a24836b7bfbdfa58186f2e295e0911dcad6c5413fb36a6e637156291efc016e8513664d515d3ddba1d2c63fa6c5a3331c3cb2f5e2eaad83a75588aca785ada46973d8a2d89686a416720a8f98e1a1eaa8c95aa0bea1dad03ec69bc4bf8300a821f67db4e0c1aab57ef1d1e06880130f6ffe76297acc62879f60e03933666a0da462b7a6b584d28041a3fbafe9a08b7a4664c46b8d40ce4f31a14b122ad74cc4a003f591e019e23cf764795d4235cc8d491c58d3be78a781a708d9fda492306a5afa7c0a43f52f39cafc6a6abc850bbbfa6254fdfd5115727210e19ec8a8857c10a9e9d5cb3001c6e04132667a30a6528e8b59661b483e5365761ac0f5c61e339833b35fd8159875177ed2b78df49ef83b45584c4609562ed2e8bb9add69e88fc0774517a15575f0250d26ae8f6f138daba5311b492c986005bef123a6fc3c1912e378cae2b64e58542293489d5a0f8b582b089c1b05f3ad0aec776b9dcfc0feb1386a98b7e2e09671a73f0eca92364d7f6da861280815b71e48934bc3d321da07878290ec81d3c5c64b8d7f55c1d2e2713edbb5fef28bc36d02302b01c4c29e5df4a9692b41e8d9364e2e408c55b9b14d3ad93889a48787df0673c3df6ba3d9222ee348199aba478e2d398b1e4ae012ca19473b3454327e5bfefb3c56576b6a6c035466f7641464806e63d7086223395a58d886b0dbedd365ce840a6990f56d697605b7d0ac60809270e4e392e89413cc94cea1cb277c4aee023bf90ded9910c96eeead4c6a10ca17151c4966f84bea565746eab573e4295e564d41bc5a6cc9df38c3d7cbd4cd618bd9f292daf95472839fe71c1edc202b6b8b5b939250b089b0dc978397fbaa7533fcce0c4b2eed8ad47779aa4b21504307c7d15e0bcb01bb60e5bafabe66e4b689e4873a1067063e17ba7d647a9a047b1b4ef7350402653b564ae1b34b8597a2357891c90ca2af6b68b794680a0511279fd213eec48dfddba7cbeeb9f9335a0679b1e6db44f27b12d898575d157c2159a86f676df18858857582bffdc006d4732257ade5dde2d1b2cf316fe2a7c5b44505cc808eae5427c43d50e9b99f9317e437df2bc640351e3e8ac249c42f782d07886b6d8875c253ee0e489f1196fa604747586df87e18a893721e6cecfe61dd82daf9b3e4f1eb745c93402c121bb639c56b91bdc77262acfa55389ede1f092733d8a69ae759f82ceda537ffbf32b65138aa3e43e8883048eccf0929de8dee297c5eee97ac7633beae01198e1b00c11276502e7660cd1f59ac619200042656c6e9757b082d374c80182290845f1bc8f2589eaf96948f148ebe675ee7fdb83e32a18eade32f99cca160a4d3504c4bea9c82cfdfe1dd80fbda7c484f2c17c20eea", 0x2000, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)={0x78}, 0x0, 0x0, 0x0, 0x0, 0x0}) 21.689239384s ago: executing program 4 (id=1732): r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@getchain={0x24, 0x24, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x1}}}, 0x24}}, 0x0) 21.016460991s ago: executing program 1 (id=1734): socket$inet_mptcp(0x2, 0x1, 0x106) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3}) io_uring_setup(0x3eae, &(0x7f0000000080)) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x5) ioctl$UI_SET_SWBIT(r1, 0x4004556d, 0x3) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f00000000c0)={{}, 'syz0\x00'}) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100)=0xfffffffd, 0x4) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) sendto(r2, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={0x0}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0500780df9dddbcb538202000000ce9f00060000", @ANYRES32=r6, @ANYBLOB="0800050003000000"], 0x24}}, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'rr\x00', 0x37}, 0x2c) syz_emit_ethernet(0x36, &(0x7f0000000040)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@ra={0x94, 0x4, 0x8d1}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}, 0x0) ioctl$UI_DEV_CREATE(r1, 0x5501) 20.637936546s ago: executing program 1 (id=1736): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r0, 0x0, 0x0, 0x1f4, 0x0, 0x0) 9.076907788s ago: executing program 3 (id=1752): r0 = socket(0x10, 0x3, 0x0) gettid() bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)=ANY=[@ANYRES16=0x0, @ANYRES32=r3, @ANYRES32=0x0, @ANYBLOB="c302"], 0x2e0}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r4, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'veth1_to_bridge\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newqdisc={0x58, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x2}}}]}}]}, 0x58}}, 0x0) sendmsg$nl_crypto(r0, &(0x7f0000000580)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000540)={&(0x7f0000000700)=ANY=[@ANYBLOB="f8000000130000032bbd7000fbdbdf25736d33000000000000000000000000000000000000000000005c00000000000000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e3ff000000000000000000000000000000000000000000000000000000000000000000000000009756b5cc0000000000000000000000000800010006000000080001000700000008000100080000004193d771b502d359f45d6fe9f6280057050db037cd761da9bd201d37ce8c80f06ad3c796f09492bb48019698e24033faa48869329c58f25ea79c76b11d5101c8fee4324fc94623a056aef641aba4a922deb61aa6167a0cf1ddada4eb0ee58e3a62c3e7ae8d522984025bac713094e2cc21e9c2ef4bb6767c295ee493cf7f7c7eae0c4c50db355041af4c7cd6b564334cdc01c5"], 0xf8}, 0x1, 0x0, 0x0, 0x1}, 0x884) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c, 0x0}}], 0x1, 0x0) r7 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r7, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f000000d040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x3c}}, 0x0) sendmsg(r7, 0x0, 0x4) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r8 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) r9 = syz_io_uring_setup(0x6aa6, &(0x7f0000000380)={0x0, 0x2c01, 0x8, 0x1, 0x8d}, &(0x7f0000000180), &(0x7f0000000300)) syz_io_uring_setup(0x5169, &(0x7f0000000200)={0x0, 0x0, 0x20, 0x800, 0x2f1, 0x0, r9}, &(0x7f0000000100), &(0x7f0000000340)=0x0) syz_io_uring_setup(0xeba, &(0x7f0000000280)={0x0, 0x0, 0x80}, &(0x7f0000000040)=0x0, &(0x7f00000005c0)) syz_io_uring_submit(r11, r10, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index=0x3, 0x0, 0x0}) write(r8, &(0x7f0000000040), 0x0) ioctl$VIDIOC_S_CTRL(r8, 0xc008561c, &(0x7f0000000080)={0xf0f046}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) getgid() 7.706212497s ago: executing program 3 (id=1754): socket$inet_mptcp(0x2, 0x1, 0x106) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3}) io_uring_setup(0x3eae, &(0x7f0000000080)) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x5) ioctl$UI_SET_SWBIT(r1, 0x4004556d, 0x3) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f00000000c0)={{}, 'syz0\x00'}) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100)=0xfffffffd, 0x4) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) sendto(r2, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={0x0}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0500780df9dddbcb538202000000ce9f00060000", @ANYRES32=r6, @ANYBLOB="0800050003000000"], 0x24}}, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'rr\x00', 0x37}, 0x2c) syz_emit_ethernet(0x36, &(0x7f0000000040)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x12) ioctl$UI_DEV_CREATE(r1, 0x5501) 7.229830317s ago: executing program 3 (id=1756): sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) (async) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) (async) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a4c000000060a0904009a1d7a356257409400000018000480140001800a0001006c696d6974e00000040002800900010073797a3000000000b8000000050007409c000000140000008b02000000000000000000000000000a"], 0x74}}, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x90) syz_open_dev$video4linux(&(0x7f0000000500), 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001380)={r3, 0xfe, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff3c, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001380)={r3, 0xfe, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff3c, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={r4}, 0x4) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000001380)={@cgroup=r0, 0x0, 0x0, 0x4, &(0x7f0000000200)=[0x0], 0x1, 0x0, &(0x7f0000000240)=[0x0, 0x0], &(0x7f0000001300), &(0x7f0000001340)=[0x0, 0x0, 0x0, 0x0]}, 0x40) sendmsg$AUDIT_TTY_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$key(0xf, 0x3, 0x2) execveat(r0, &(0x7f0000001440)='./file0\x00', &(0x7f0000001540)=[&(0x7f0000001480)='-\x00', &(0x7f00000014c0)='/}#\x00', &(0x7f0000001500)='\x00'], &(0x7f00000015c0)=[&(0x7f0000001580)='syz'], 0x100) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="1101"], 0x38}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000010200fd000005000500000000000a"], 0x70}}, 0x0) (async) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000010200fd000005000500000000000a"], 0x70}}, 0x0) setsockopt$inet6_int(r1, 0x29, 0x4b, &(0x7f0000000100)=0x4, 0x4) getsockopt$inet6_int(r1, 0x29, 0x5, &(0x7f00000000c0), &(0x7f0000000180)=0x4) fanotify_init(0x0, 0x0) (async) fanotify_init(0x0, 0x0) memfd_create(&(0x7f0000000180)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3', 0x0) (async) r5 = memfd_create(&(0x7f0000000180)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3', 0x0) dup(r5) (async) r6 = dup(r5) fanotify_mark(r0, 0x2, 0x40000000, r6, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000001400)) add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) (async) r7 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0xfe3a, 0xfffffffffffffffe) keyctl$read(0xb, r7, &(0x7f0000000300)=""/4096, 0x1000) (async) keyctl$read(0xb, r7, &(0x7f0000000300)=""/4096, 0x1000) bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @remote, 0x2}, 0x1c) connect$inet(0xffffffffffffffff, 0x0, 0x0) 7.032416816s ago: executing program 3 (id=1757): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80), 0x0, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) eventfd(0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="1e20070000000000c099"], 0xa) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_hardware_error={{0x10, 0x1}, {0xc2}}}, 0x4) syz_emit_vhci(&(0x7f0000000100)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(0x0, 0x0) syz_open_dev$usbmon(&(0x7f0000000280), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) arch_prctl$ARCH_SHSTK_ENABLE(0x1011, 0x0) r5 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r5, 0x8982, &(0x7f0000000a40)={0x0, 'macsec0\x00'}) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="04fdcb0500e6d6006cad8d7a549c5f76109e299ea7f666daa4a63971f4b2774c2ede1ae5cbacd02d35e437d591deadf000b8c7331ad51fc198bd5bbc26cc0fdb98811616758b2cb2bc659a9ad9c036b9d1974cfb7e195384974014982c93ab30e9ae380cd7e4fc0872571eb4e98cc4a18361f95b907f60f02de5f2d3c2457d4a8f09331bd64552f77eee73c36c9a3163c1301dfc573cc01e2e35829d21b9318e37b47f61b72a600c58b44a8bafad268f97a78b068a9896fe135498eb3dbbf4d0538d63b6338115c821e982834481e376927f5ab446c2012839527e0456e4240f8eeb39e62e31"], 0xce) syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_disconn_complete={{0x5, 0x4}, {0x96, 0xc8, 0x3}}}, 0x7) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) 6.234815386s ago: executing program 0 (id=1702): syz_open_dev$evdev(&(0x7f0000000a00), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') ioctl$EVIOCGRAB(r0, 0x400445a0, &(0x7f0000000440)) r1 = creat(0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000a40)=ANY=[@ANYBLOB="c80000000002010400000000000000000a0000003c0001800c00028005000100010000002c00018014000300fc00000000000000000000000000000014000400fe8800000000000000000000000000013c0003800c00028005000100000000002c00018014000300fc00000000000000000000000000000014000400000000000000000000000000000000013c0002800c00028005000100000000002c00018014000300fe8000000000000000000000000000bb14000400ff020000000000000000000000000001dca434bda38c8debb471848e24273996e2a4ec02935b7ea8d361fbb01c76227bdd4d47049e886493583398d423b4633090904a7c31f64bd68c751592360c55f877cc16795ada1d90a2816d118cbaffbc3d5097910ce7fb88c17c609fb87d670d69ba84e3a6f843d978c8ccc6a54321c6b2c4707692b2da6564c48918495276ee184885c5f3357168b4d3aa97c14baf27e537446655354950883a471d94c4bb4abbdad3ab13731e400d5853cec460859b666f6f4cb427c3e16cfb3ba88c49021a768a6579482607f9625e8d071d2fe846948630b76f012c11d929163c0d49e212b59274cca6fabc8aa1591b8a440b22de9e1b232222b3a8b6618a0e92ef8f1e0fc29d1f251c81e79952a8ec10006335623bfb5f9370a87d881033f364d685255ac14b6c9cddd342406f82d2c21774ec27357856eed7ec90429e77531af246960266c754b0b50bfe228b289474041ca12f715db62b25970a5c8dc9bb90d4c359e1855e0de8d8d9"], 0xc8}}, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x45c, 0x0, &(0x7f0000000140)="2b7393b7c6347cd49978d5023a81022d1e7baeea09c5d463b04397f7a66a0f0b769bc097d48d09754d7e15e59224486b3df2c3fc8b3379a1a30fee142bb1a32d4c3b32006571f5de9d846e7e8b8e64c79a66e2ba19f7eca5d0e0517dcd4eba1ab882af481e477e362ceb1fd11c9d50b5e3afd7f60aa6881b2681c53ee87badeeba28eba948324721a382f000917a4a6f6f76d04e0b19396feccdbae7795aaa45818dce2d1f7b4642b09dd40bf4bef9854b631eb821b13a7e475d5c9a9d4bbb3fd9b07650683a35d9557d1e7e6496dd6f6f5ca57a5c43b9863819829430e1607ebf0dbb2308a8181ef5ccdcf1eb157470d54635a1a5b7075c77dfdb97155af8fa282fcc5ca5bad36839e0cad1304c542be170a44da4089a32bc3f35a85a6e30b8d233809335a4274938505517a26728b643c2f04917afe55c68759adea3bb70f5b5c3c59fc24d6e3835c110420cfd6de096f8dec90f5f577744d2d0f3ec21819253cdb102d50678293328726f1c4f7163e28e79ab4767e3054dfa9a11b1fdafb8757b2a91f8283ad01712062048b52b5cfcaf648fe760a98ee82fbb1836c88434e0b36f9b56c4d3cd8b42566cba88ddb7418762cd8495a4ec8de7952789c2a6d37cdbbecde53ffea86db893181d9b5c7d4663d1bd78c9cb87af7cbfa54a1b2c98432ef5ba6f43c358ae873495f46850d56d83f3d7d376b3b6120ffe93c8ab6b6f214316d8c3376a5a65d173b6e4243326c729163050547d49338a737bc894f487bc9b51e75ac2031ea714ed6c917f13e3cc0ee85a75e9a98a42f9aad6f1e244c1daa06ee55b205e11aa3a2982387210bccd26c5108f2a548b06dd0a0520ca8f99532ab0a4fd8c33f0f01ad40b74ef4e9f0d01b7bbc8aa69296cca1f19d92c5be8ffa3264e3951dd318363e02d36fa69ecaa3978b6c471c9dde0052632d1ebe277982fb0c900dd3f461257ad46a69b8f1e9bc36d8992426aa4adddc024bb74a39539f1cf801502cbd0d7acb8b2c5d9778a8253d2c8746d5b252a32f67c94cb8916a6310c1af0c0eb6f09a07d5020948a9c0f147c01d4a8b3af25686eadef9eaed2623cb012521ab86453e71bf351c130b6d33ffc388afdb5b2b7c16c1002a0640dd73e7a7e6a852dd2c75209d711a50363e46116ad2a14483c3729a81e4ef2fed2f18732f0038e079e561eea96eb665219070f42139c627dd5f185d23fdc316d38eb99826bcb63938d6cd1af3b5274f57009f87854ad98bef03025c32e7aa4a721d28e94ec5feff3a279c2e1c18002e39eaaefec3dfd1eae45a61e4283e8a7ef1eaf70d93a0333a9ff9ef048332f3fcc797076f8c02858548418e34a9967282de2eb4cc6438f0b6c9dcc204cdd732dd88624b39c16e8f80819cb72be6ab07492ed05ade4caf1ae3d723830523e32c02786c50ac1f47b994ed49fc4b9b318a4c86b4f7fb0d3c6a8763ef27cd52936cc55ef5ac50935a7f706464be90ea4b5f894ad92910de17889a6236a4bda8aac5e1daa70a8fcf248360cdd4e86f854f23e3e4792d91c85f1ed6cf7c36bbe9d879fc86b55e55e0566b6451aad55b1b2"}) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r3, 0xc0a85322, &(0x7f0000000100)={{0x0, 0x80}}) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f00000006c0)=0x1, 0x4) tkill(0x0, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCDELDLCI(0xffffffffffffffff, 0x8981, &(0x7f0000000040)={'pimreg0\x00'}) sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r1, &(0x7f00000005c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x8800) r5 = socket$inet6(0xa, 0x800000000000002, 0x0) open(&(0x7f0000000740)='./file0\x00', 0x12000, 0x12) sendto$inet6(r5, 0x0, 0x0, 0x400ad00, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @dev}, 0x1c) sendto$inet6(r5, 0x0, 0x2, 0x0, 0x0, 0x0) syz_usb_connect$cdc_ncm(0x0, 0xaa, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x98, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6, 0x24, 0x1a, 0x9c4c}, [@country_functional={0x10, 0x24, 0x7, 0x80, 0x0, [0x0, 0xfffe, 0x0, 0x0, 0x6]}, @call_mgmt={0x5}, @mdlm_detail={0x27, 0x24, 0x13, 0x0, "d9f62b8b787a06263152755fc26d0ffd3185cc6f4ec2b3ca3f875b6e356f9c5682cf3d"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x0, 0x0, 0x3}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0x0, 0x1}}}}}}}]}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x34, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x6}]}, @NFT_MSG_NEWSETELEM={0x60, 0xc, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x34, 0x3, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x24, 0xb, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0xdc}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 4.329321173s ago: executing program 0 (id=1760): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000005000)=""/102381, 0x18fed}], 0x1, 0x0, 0x0) getpid() socket$inet_sctp(0x2, 0x1, 0x84) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_audit(0x10, 0x3, 0x9) r4 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000000), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000000080)={'wg0\x00', 0x0}) sendmsg$WG_CMD_GET_DEVICE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="270300000000000000000000000008000100", @ANYRES32=r5], 0x1c}}, 0x0) ioctl$TUNSETOFFLOAD(r1, 0x400454c9, 0x3) ioctl$TUNSETLINK(r1, 0x400454cd, 0x6) 4.177189487s ago: executing program 3 (id=1761): r0 = socket(0x10, 0x3, 0x0) gettid() bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)=ANY=[@ANYRES16=0x0, @ANYRES32=r3, @ANYRES32=0x0, @ANYBLOB="c302"], 0x2e0}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r4, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x800) r5 = socket$packet(0x11, 0x0, 0x300) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'veth1_to_bridge\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newqdisc={0x58, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x2c, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x2}}}]}}]}, 0x58}}, 0x0) sendmsg$nl_crypto(r0, &(0x7f0000000580)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000540)={&(0x7f0000000700)=ANY=[@ANYBLOB="f8000000130000032bbd7000fbdbdf25736d33000000000000000000000000000000000000000000005c00000000000000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e3ff000000000000000000000000000000000000000000000000000000000000000000000000009756b5cc0000000000000000000000000800010006000000080001000700000008000100080000004193d771b502d359f45d6fe9f6280057050db037cd761da9bd201d37ce8c80f06ad3c796f09492bb48019698e24033faa48869329c58f25ea79c76b11d5101c8fee4324fc94623a056aef641aba4a922deb61aa6167a0cf1ddada4eb0ee58e3a62c3e7ae8d522984025bac713094e2cc21e9c2ef4bb6767c295ee493cf7f7c7eae0c4c50db355041af4c7cd6b564334cdc01c5"], 0xf8}, 0x1, 0x0, 0x0, 0x1}, 0x884) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003c40)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c, 0x0}}], 0x1, 0x0) r7 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r7, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f000000d040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x3c}}, 0x0) sendmsg(r7, 0x0, 0x4) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) r8 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) r9 = syz_io_uring_setup(0x6aa6, &(0x7f0000000380)={0x0, 0x2c01, 0x8, 0x1, 0x8d}, &(0x7f0000000180), &(0x7f0000000300)) syz_io_uring_setup(0x5169, &(0x7f0000000200)={0x0, 0x0, 0x20, 0x800, 0x2f1, 0x0, r9}, &(0x7f0000000100), &(0x7f0000000340)=0x0) syz_io_uring_setup(0xeba, &(0x7f0000000280)={0x0, 0x0, 0x80}, &(0x7f0000000040)=0x0, &(0x7f00000005c0)) syz_io_uring_submit(r11, r10, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index=0x3, 0x0, 0x0}) write(r8, &(0x7f0000000040), 0x0) ioctl$VIDIOC_S_CTRL(r8, 0xc008561c, &(0x7f0000000080)={0xf0f046}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) getgid() 3.966788365s ago: executing program 4 (id=1733): r0 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, &(0x7f00000004c0)=0x2, 0x4) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) memfd_create(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) io_setup(0x0, 0x0) syz_emit_vhci(&(0x7f0000000680)=ANY=[@ANYBLOB="043e320d02"], 0x35) r1 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r1, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r1, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) quotactl_fd$Q_SETINFO(r0, 0xffffffff80000602, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB], 0xc3}, 0x1, 0x100000000000000}, 0x0) ioctl$VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f00000001c0)={0x5c, 0xa, 0x0, "b75c89e7a20c8eac82ad0416bb1844038d2cd97c945462f31638b5394c00"}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000e3a000/0x2000)=nil, 0x2000, 0x17) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000080)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f00000001c0)={0x48, 0x2, r3}) set_mempolicy(0x6005, &(0x7f0000000080)=0xffffffffffff7ffd, 0x2) r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="010000ff0200000000000000ca"]) syz_clone3(&(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000740)=[0xffffffffffffffff], 0x1}, 0x58) 3.66512659s ago: executing program 2 (id=1762): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newlink={0x38, 0x10, 0x3, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}, @IFLA_AF_SPEC={0x4}]}, 0x38}, 0x1, 0x2}, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b707000014000000b7030000000000008500000005000000bf0900000000000035090100000000009500000000000000b7020000000000007b9af8ff00000000b5090800000000007baaf0ff00000000bd8a00000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018270000", @ANYRES32=r2, @ANYBLOB="000000000000524fde560000000000004608f0ff76000000bf9100000000680104000023709d00008500000000000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 3.506236611s ago: executing program 0 (id=1763): socket$inet_mptcp(0x2, 0x1, 0x106) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3}) io_uring_setup(0x3eae, &(0x7f0000000080)) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x5) ioctl$UI_SET_SWBIT(r1, 0x4004556d, 0x3) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f00000000c0)={{}, 'syz0\x00'}) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100)=0xfffffffd, 0x4) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) sendto(r2, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={0x0}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0500780df9dddbcb538202000000ce9f00060000", @ANYRES32=r6, @ANYBLOB="0800050003000000"], 0x24}}, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'rr\x00', 0x37}, 0x2c) syz_emit_ethernet(0x36, &(0x7f0000000040)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x12) ioctl$UI_DEV_CREATE(r1, 0x5501) 3.35839426s ago: executing program 2 (id=1764): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) io_setup(0x5, &(0x7f0000000000)) 2.933305191s ago: executing program 2 (id=1765): syz_emit_ethernet(0x4d0, &(0x7f00000004c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000000000008100000086dd60ea382704962f0000000000000000000000000000000001fe8000000000000000000000000000000420880b0000000000000800000086dd34a09e4e79e717a4d0dcb9770f59945aade78d9549b1fd990f232f0619197b747fcdeb83f586ba83e523dbc6ba5b1cba9a691d80c041011c9e0bc642f47934a1747b59ba8a263ed7e283d281b37aea191356851bad789eeb8b63b2c5b91373bc8f1166154c91a44f02bb2d87db08904c06ccc3496458ace4040ed4fe9916f748e363f4e71ff815b74521a1405beb319af9c5b775bbea787c7b9e68933cb4909aa409fd009a78e45ffdaa5ce6ad5e3ca26e0fee664967dbbe7ad84728d4d36b47082f0d01d0f16daae177f6d81094164d07dc1297d00d42608a8f5ac750917745588b6aca183bb2f6245db83226bd859ea3d64d053a15ac9cdf894f2fa4b4b126feca95d58e4bbbe6be1c4bb522ff4ba11ef6c63478813cc2e103ea351d475b81ed1603fb2f485c10d6f8bc2deec37e906af542b4eced6b80c86ee9740eb2f2007b3e98728ca966fca6a9ac551298e996452f4861db2309a30d1cdf58ec08f78971398cc73c85cab220121d18e5f17a8e5c2211e29cd5be11d064ef42a196865a9f9692de67cfa270760fae0ded908defefabb0b87e9aacc7b78479b3f33715ad7794dc77345afc4869168e5d5ee44c88cd675b60a500bfc4b035cf4c4ac779a1ff59f2881f3dcc553e2aa22b584f0d454b69f5633b6936ef4fc45f0a57"], 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x282, 0x0, &(0x7f0000000140)="2b7393b7c6347cd49978d5023a81022d1e7baeea09c5d463b04397f7a66a0f0b769bc097d48d09754d7e15e59224486b3df2c3fc8b3379a1a30fee142bb1a32d4c3b32006571f5de9d846e7e8b8e64c79a66e2ba19f7eca5d0e0517dcd4eba1ab882af481e477e362ceb1fd11c9d50b5e3afd7f60aa6881b2681c53ee87badeeba28eba948324721a382f000917a4a6f6f76d04e0b19396feccdbae7795aaa45818dce2d1f7b4642b09dd40bf4bef9854b631eb821b13a7e475d5c9a9d4bbb3fd9b07650683a35d9557d1e7e6496dd6f6f5ca57a5c43b9863819829430e1607ebf0dbb2308a8181ef5ccdcf1eb157470d54635a1a5b7075c77dfdb97155af8fa282fcc5ca5bad36839e0cad1304c542be170a44da4089a32bc3f35a85a6e30b8d233809335a4274938505517a26728b643c2f04917afe55c68759adea3bb70f5b5c3c59fc24d6e3835c110420cfd6de096f8dec90f5f577744d2d0f3ec21819253cdb102d50678293328726f1c4f7163e28e79ab4767e3054dfa9a11b1fdafb8757b2a91f8283ad01712062048b52b5cfcaf648fe760a98ee82fbb1836c88434e0b36f9b56c4d3cd8b42566cba88ddb7418762cd8495a4ec8de7952789c2a6d37cdbbecde53ffea86db893181d9b5c7d4663d1bd78c9cb87af7cbfa54a1b2c98432ef5ba6f43c358ae873495f46850d56d83f3d7d376b3b6120ffe93c8ab6b6f214316d8c3376a5a65d173b6e4243326c729163050547d49338a737bc894f487bc9b51e75ac2031ea714ed6c917f13e3cc0ee85a75e9a98a42f9aad6f1e244c1daa06ee55b205e11aa3a2982387210bccd26c5108f2a548b06dd0a0520ca8f99532ab0a4fd8c33f0f01ad40b74ef4e9f0d01b7bbc8aa69296cca1f19d92c5be8ffa3"}) set_mempolicy(0x6, &(0x7f0000000000)=0x3, 0xf5) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'}) syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff) openat$sequencer(0xffffff9c, &(0x7f0000000040), 0x100, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0}, 0x90) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x401d031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 2.843587276s ago: executing program 0 (id=1766): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x6) getsockopt$inet6_tcp_buf(r0, 0x6, 0x1a, 0x0, &(0x7f0000000080)) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=ANY=[@ANYBLOB="38000000180001000000000000000000020000000000000900000000060015000200000014001680100008800c000180050001"], 0x38}}, 0x0) 2.698214972s ago: executing program 4 (id=1767): ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000000)={0x1d, r1, 0x1, {0x0, 0x0, 0x4}, 0xfe}, 0x18) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x3, &(0x7f0000000000)=[{0x3d}, {0x1}, {0x6, 0x0, 0x0, 0x7}]}) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r3, &(0x7f0000000140)={&(0x7f0000000180)=@l2tp6={0xa, 0x0, 0x0, @remote, 0x5}, 0x80, 0x0}, 0x20000000) sendmsg$kcm(r3, &(0x7f0000002ec0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86a9}, 0x20000000) openat$cgroup_type(r2, &(0x7f00000000c0), 0x2, 0x0) r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCL_SETSEL(r4, 0x5452, &(0x7f0000000100)) rmdir(&(0x7f0000000700)='./cgroup/../file0\x00') r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) write$FUSE_BMAP(r4, &(0x7f0000000280)={0x18, 0x0, 0x0, {0x5}}, 0x18) r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) r7 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_wireguard(r7, 0x8933, &(0x7f0000000080)={'wg2\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x48, r6, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24}, @WGDEVICE_A_PEERS={0x8, 0x8, 0x0, 0x1, [{0x4, 0x0, 0x0, 0x0}]}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r8}]}, 0x48}}, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) bind$alg(r9, &(0x7f0000001140)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r10 = accept4(r9, 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_LIST(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x28, 0x7, 0x6, 0x0, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}}, 0x0) sendto$inet6(r4, &(0x7f00000003c0)="8c7c788bfb94000000243c03b1d9eb5571222bb7261e5fe09cedba815fd3d0549c31e2f41486fc559374cbc926b200000000", 0x44, 0x8000, 0x0, 0x5b) sendmsg$nl_route(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000040)=ANY=[], 0x38}}, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) 2.441695555s ago: executing program 0 (id=1768): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) r0 = socket$inet6(0xa, 0x3, 0xff) syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd6000000000103afffe8000000000000000000000000800bbff02000000000000000000d8ed94a00186009078ff00000200000000000000003a1108df859474c71d4da595765e25aeeaa2d86ed2da9595b37db2cfc3a10d15b1c5e46116d6cc917d432227dd79660503bb8a970b9216033db8b4298d8071b8100729dc70dfda9a3bb5c17a9b709c78e536ce262c7c57ed4c73e23a771bdbe1ceca98d4a0cfd6086f6dbcfa5b0d"], 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x8d}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) sched_setscheduler(r1, 0x0, &(0x7f0000000040)=0x6) futex(&(0x7f0000001300)=0x80000001, 0x800000000006, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x54, &(0x7f0000000140)}) prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='l%\x86\xce6\xdb\f\xcf\x19|\xc9O\x7f\xce\x8f\x7f\x1c\xeay\x06\x00\x00\x00\a0\r\x13\xaa\x84r\xd7^\xe82\x0f\x1a\xf1\x02\x00\x1e&{\xee2\x95I\xca\xbevl\x12\xb6 \xd4') prctl$PR_SET_SECCOMP(0x10, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='map_files\x00') getdents64(r2, &(0x7f0000002f40)=""/4098, 0x1002) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x16, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x87, 0x0, 0x0, 0x0, 0x5}, [@exit, @btf_id={0x18, 0x6, 0x3, 0x0, 0x4}, @ringbuf_query, @ringbuf_query, @tail_call, @call={0x85, 0x0, 0x0, 0x12}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}]}, &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, r2, 0x8, &(0x7f0000000100)={0x0, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000180)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000300)=[{0x5, 0x9, 0x4, 0x4}, {0x1, 0x5, 0x9, 0x3}], 0x10, 0x1}, 0x90) accept4$packet(r2, &(0x7f00000002c0), &(0x7f00000003c0)=0x14, 0x0) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) signalfd(0xffffffffffffffff, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000500)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000300)=""/159) getuid() socket(0x10, 0x2, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x3, &(0x7f0000000080)=[{0x15, 0x0, 0x1}, {0x4, 0x0, 0x0, 0x7}, {0x6, 0x0, 0x0, 0x6}]}) 2.209196393s ago: executing program 3 (id=1769): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80), 0x0, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) eventfd(0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="1e20070000000000c099"], 0xa) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_hardware_error={{0x10, 0x1}, {0xc2}}}, 0x4) syz_emit_vhci(&(0x7f0000000100)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(0x0, 0x0) syz_open_dev$usbmon(&(0x7f0000000280), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) arch_prctl$ARCH_SHSTK_ENABLE(0x1011, 0x0) r5 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r5, 0x8982, &(0x7f0000000a40)={0x0, 'macsec0\x00'}) syz_emit_vhci(&(0x7f0000000040)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="04fdcb0500e6d6006cad8d7a549c5f76109e299ea7f666daa4a63971f4b2774c2ede1ae5cbacd02d35e437d591deadf000b8c7331ad51fc198bd5bbc26cc0fdb98811616758b2cb2bc659a9ad9c036b9d1974cfb7e195384974014982c93ab30e9ae380cd7e4fc0872571eb4e98cc4a18361f95b907f60f02de5f2d3c2457d4a8f09331bd64552f77eee73c36c9a3163c1301dfc573cc01e2e35829d21b9318e37b47f61b72a600c58b44a8bafad268f97a78b068a9896fe135498eb3dbbf4d0538d63b6338115c821e982834481e376927f5ab446c2012839527e0456e4240f8eeb39e62e31"], 0xce) syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_disconn_complete={{0x5, 0x4}, {0x96, 0xc8, 0x3}}}, 0x7) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) 1.710520318s ago: executing program 4 (id=1770): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0xfffffffffffffed7, &(0x7f00000001c0)=0x5) eventfd2(0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x2) r1 = socket$pppoe(0x18, 0x1, 0x0) ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f00000000c0)) ioctl$PPPOEIOCSFWD(r1, 0x4008b100, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/asound/seq/clients\x00', 0x0, 0x0) lseek(r3, 0x9, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f000001aa80)='cgroup.freeze\x00', 0x275a, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r5, 0xfff) syz_emit_ethernet(0x4a, &(0x7f00000003c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x5e, &(0x7f0000000300)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x28, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, {[@md5sig={0x1d, 0x12, "4c72c74590cd07156b723813e6d31ac4"}]}}}}}}}}, 0x0) write$binfmt_elf64(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="7f454c460000000600"/23], 0x78) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r4, 0x0) setitimer(0x0, &(0x7f0000000000)={{0x0, 0x2710}}, 0x0) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) socket$tipc(0x1e, 0x2, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x1}) socket$nl_route(0x10, 0x3, 0x0) 1.475992822s ago: executing program 1 (id=1738): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = io_uring_setup(0x30d3, &(0x7f0000000240)) close_range(r4, 0xffffffffffffffff, 0x0) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x800) io_setup(0x9, &(0x7f0000000180)) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000480)=@newqdisc={0x8c, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x5}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffbfffd, {0x0, 0x0, 0x96, 0x0, 0x0, 0x4}}}}, @qdisc_kind_options=@q_ingress={0xc}, @TCA_RATE={0x6, 0x5, {0x2, 0x7}}]}, 0x8c}}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) kexec_load(0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000002140)) read$FUSE(0xffffffffffffffff, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) io_getevents(0x0, 0x10000, 0x3, &(0x7f0000000400)=[{}, {}, {}], &(0x7f0000000000)={0x77359400}) bind$inet6(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000008b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x90, 0x0, 0x0, {0x0, 0x0, 0xc}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_connect(0x0, 0x3f, &(0x7f0000002000)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d000110000000090400", @ANYRESDEC=0x0], 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000300)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) mprotect(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000066c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0xb, 0x0, 0x0, r3, {}, {}, {0xd}}, [@filter_kind_options=@f_flow={{0x9}, {0xc, 0x2, [@TCA_FLOW_DIVISOR={0x8}]}}]}, 0x3c}}, 0x0) 1.027582488s ago: executing program 2 (id=1771): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = epoll_create1(0x0) epoll_pwait2(r0, &(0x7f0000000140)=[{}], 0x1, &(0x7f00000001c0), &(0x7f0000000240), 0x8) r1 = socket$can_bcm(0x1d, 0x2, 0x2) sendmsg$can_bcm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) 1.027077844s ago: executing program 4 (id=1772): r0 = socket$igmp6(0xa, 0x3, 0x2) sendmsg$inet6(r0, &(0x7f0000000480)={&(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, 0x1c, 0x0}, 0x4000816) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000ac0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) (async) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r3 = accept4(r2, 0x0, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) (async) r4 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r4, 0x10e, 0xc, &(0x7f0000000640)=0x4, 0x4) sendmsg$netlink(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000680)={0x2c, 0x12, 0x1, 0x0, 0x0, "", [@nested={0x10, 0x0, 0x0, 0x0, [@typed={0xc, 0x0, 0x0, 0x0, @u64}]}, @typed={0xc, 0x3, 0x0, 0x0, @u64}]}, 0x2c}], 0x1}, 0x0) sendmmsg$unix(r3, &(0x7f0000000a80)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000300)="fb", 0x1}, {&(0x7f0000000000)="7df96d9198953cb7bf2bc0a3b28751a1", 0x10}], 0x2}}], 0x1, 0x0) syz_emit_ethernet(0x86, &(0x7f00000010c0)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @redirect={0x5, 0x4, 0x0, @broadcast=0x1000000, {0x17, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @private, @private, {[@timestamp_addr={0x44, 0xc, 0x0, 0x1, 0x0, [{@remote, 0x4e210000}]}, @timestamp_addr={0x44, 0x3c, 0x0, 0x1, 0x0, [{@multicast1}, {}, {@dev}, {@private}, {@empty}, {@initdev={0xac, 0x1e, 0x0, 0x0}}, {@empty}]}]}}}}}}}, 0x0) recvmmsg(r3, &(0x7f0000000980)=[{{&(0x7f0000000040)=@un=@abs, 0x80, &(0x7f00000002c0)=[{&(0x7f00000001c0)=""/150, 0x96}, {&(0x7f0000000100)=""/2, 0x2}, {&(0x7f0000000340)=""/240, 0xf0}, {&(0x7f0000000440)=""/176, 0xb0}, {&(0x7f0000000280)=""/39, 0x27}, {&(0x7f0000000500)=""/83, 0x53}], 0x6, &(0x7f0000000b40)=""/4096, 0x1000}, 0x5}, {{&(0x7f00000005c0)=@in={0x2, 0x0, @private}, 0x80, &(0x7f0000000880)=[{&(0x7f0000000640)=""/154, 0x9a}, {&(0x7f0000000700)=""/50, 0x32}, {&(0x7f0000000740)=""/48, 0x30}, {&(0x7f00000007c0)=""/187, 0xbb}], 0x4, &(0x7f00000008c0)=""/165, 0xa5}, 0x6}], 0x2, 0x183, 0x0) (async) recvmmsg(r3, &(0x7f0000000980)=[{{&(0x7f0000000040)=@un=@abs, 0x80, &(0x7f00000002c0)=[{&(0x7f00000001c0)=""/150, 0x96}, {&(0x7f0000000100)=""/2, 0x2}, {&(0x7f0000000340)=""/240, 0xf0}, {&(0x7f0000000440)=""/176, 0xb0}, {&(0x7f0000000280)=""/39, 0x27}, {&(0x7f0000000500)=""/83, 0x53}], 0x6, &(0x7f0000000b40)=""/4096, 0x1000}, 0x5}, {{&(0x7f00000005c0)=@in={0x2, 0x0, @private}, 0x80, &(0x7f0000000880)=[{&(0x7f0000000640)=""/154, 0x9a}, {&(0x7f0000000700)=""/50, 0x32}, {&(0x7f0000000740)=""/48, 0x30}, {&(0x7f00000007c0)=""/187, 0xbb}], 0x4, &(0x7f00000008c0)=""/165, 0xa5}, 0x6}], 0x2, 0x183, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0xffffffffffffff0c, &(0x7f0000000780)={&(0x7f0000000580)=@ipv4_newroute={0x38, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x5}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x4}, @RTA_ENCAP={0x14, 0x16, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0x10, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, @LWTUNNEL_IP_OPT_GENEVE_CLASS={0x6}}}}]}, 0x38}}, 0x0) 817.402391ms ago: executing program 2 (id=1773): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newlink={0x38, 0x10, 0x3, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}, @IFLA_AF_SPEC={0x4}]}, 0x38}, 0x1, 0x2}, 0x0) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b707000014000000b7030000000000008500000005000000bf0900000000000035090100000000009500000000000000b7020000000000007b9af8ff00000000b5090800000000007baaf0ff00000000bd8a00000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018270000", @ANYRES32=r2, @ANYBLOB="000000000000524fde560000000000004608f0ff76000000bf9100000000680104000023709d00008500000000000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 745.772175ms ago: executing program 4 (id=1774): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000a80), 0x0, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r1, 0x541b, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) eventfd(0x0) syz_emit_vhci(&(0x7f0000000040)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x0, 0xc8, 0x2}}}, 0x7) syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @inquiry_info={{}, {0x0, [{@any, 0x2, 0x4, 0x80, "0cee66", 0x101}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x5, 0x10, 0x0, "777493", 0x6}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x5, 0x6d, 0x1, "991065", 0x80}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x9, 0xff, 0xd5, "b3827a", 0xe17e}]}}}, 0x4) syz_emit_vhci(&(0x7f0000000100)=@HCI_VENDOR_PKT={0xff, 0x80}, 0x2) syz_emit_vhci(0x0, 0x0) syz_open_dev$usbmon(&(0x7f0000000280), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) openat$pidfd(0xffffffffffffff9c, 0x0, 0x0, 0x0) pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) arch_prctl$ARCH_SHSTK_ENABLE(0x1011, 0x0) r5 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r5, 0x8982, &(0x7f0000000a40)={0x0, 'macsec0\x00'}) syz_emit_vhci(&(0x7f00000001c0)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x1, 0x3, 0x2d}, @l2cap_cid_signaling={{0x29}, [@l2cap_conf_req={{0x4, 0x2, 0x25}, {0x800, 0xfff, [@l2cap_conf_efs={0x6, 0x10, {0x4, 0x1, 0x7, 0x4, 0x9, 0x539}}, @l2cap_conf_rfc={0x4, 0x9, {0x3, 0x2, 0x9, 0xe91, 0x4, 0x71c}}, @l2cap_conf_flushto={0x2, 0x2, 0xb}]}}]}}, 0x32) syz_emit_vhci(&(0x7f0000000200)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_features={{0xb, 0xb}, {0x0, 0xc9, "4bddfc52fd3a5399"}}}, 0xe) syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="0405049fcf33a2eeb9c59af4471c1d6d2c272d21dd571d2ec4665ec248785fbca26badc4f984c3a6a61cd8c71ce465b0210f22ee4a4ff8aa394360f23300756b8e85e6c138ed8d582041adbedf960e"], 0x7) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) 469.042529ms ago: executing program 2 (id=1775): socket$inet_mptcp(0x2, 0x1, 0x106) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3}) io_uring_setup(0x3eae, &(0x7f0000000080)) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x5) ioctl$UI_SET_SWBIT(r1, 0x4004556d, 0x3) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f00000000c0)={{}, 'syz0\x00'}) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100)=0xfffffffd, 0x4) connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) sendto(r2, &(0x7f00000002c0)='%', 0x300000, 0x0, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={0x0}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0500780df9dddbcb538202000000ce9f00060000", @ANYRES32=r6, @ANYBLOB="0800050003000000"], 0x24}}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000040)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local, {[@ra={0x94, 0x4, 0x8d1}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x12) ioctl$UI_DEV_CREATE(r1, 0x5501) 0s ago: executing program 0 (id=1776): r0 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, &(0x7f00000004c0)=0x2, 0x4) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) memfd_create(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) io_setup(0x0, 0x0) syz_emit_vhci(&(0x7f0000000680)=ANY=[@ANYBLOB="043e320d02"], 0x35) r1 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) connect$inet(r1, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r1, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) quotactl_fd$Q_SETINFO(r0, 0xffffffff80000602, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6400000010000305160000000000000000008847", @ANYRES32=0x0, @ANYBLOB], 0xc3}, 0x1, 0x100000000000000}, 0x0) ioctl$VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f00000001c0)={0x5c, 0xa, 0x0, "b75c89e7a20c8eac82ad0416bb1844038d2cd97c945462f31638b5394c00"}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[], 0xa0}}, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000e3a000/0x2000)=nil, 0x2000, 0x17) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000080)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f00000001c0)={0x48, 0x2, r3}) set_mempolicy(0x6005, &(0x7f0000000080)=0xffffffffffff7ffd, 0x2) r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f0000000240)=ANY=[@ANYBLOB="010000ff0200000000000000ca"]) syz_clone3(&(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000740)=[0xffffffffffffffff], 0x1}, 0x58) kernel console output (not intermixed with test programs): fter parsing attributes in process `syz.0.1520'. [ 750.733643][ T952] hsr_slave_0: left promiscuous mode [ 750.772442][ T952] hsr_slave_1: left promiscuous mode [ 750.823504][ T952] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 750.843627][ T952] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 750.901547][ T952] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 750.938524][ T952] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 751.042245][ T952] veth1_macvtap: left promiscuous mode [ 751.070135][ T952] veth0_macvtap: left promiscuous mode [ 751.079385][ T952] veth1_vlan: left promiscuous mode [ 751.094150][ T952] veth0_vlan: left promiscuous mode [ 751.484236][ T5173] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 751.684237][ T5173] usb 1-1: Using ep0 maxpacket: 32 [ 751.696270][ T5173] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 751.719475][ T5173] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 751.733431][ T5173] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 751.753463][ T5173] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 751.773479][ T5173] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 751.786854][ T5173] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 751.796335][ T5173] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 751.805099][ T5173] usb 1-1: Product: syz [ 751.809479][ T5173] usb 1-1: Manufacturer: syz [ 751.814634][ T5173] usb 1-1: SerialNumber: syz [ 752.152951][ T952] team0 (unregistering): Port device team_slave_1 removed [ 752.208618][ T952] team0 (unregistering): Port device team_slave_0 removed [ 752.324285][ T5092] Bluetooth: hci3: command tx timeout [ 752.391688][ T29] kauditd_printk_skb: 64 callbacks suppressed [ 752.391705][ T29] audit: type=1326 audit(1720293684.860:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13975 comm="syz.2.1529" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x0 [ 753.067716][ T5173] cdc_ncm 1-1:1.0: bind() failure [ 753.084955][T13903] chnl_net:caif_netlink_parms(): no params data found [ 753.100525][ T5173] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 753.141738][ T5173] cdc_ncm 1-1:1.1: bind() failure [ 753.186803][ T5173] usb 1-1: USB disconnect, device number 39 [ 753.396195][T13987] program syz.4.1531 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 753.630328][T13994] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1533'. [ 753.912763][T14003] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1533'. [ 754.006333][T13903] bridge0: port 1(bridge_slave_0) entered blocking state [ 754.031585][T13903] bridge0: port 1(bridge_slave_0) entered disabled state [ 754.050054][T13903] bridge_slave_0: entered allmulticast mode [ 754.071942][T13903] bridge_slave_0: entered promiscuous mode [ 754.120844][T14007] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1534'. [ 754.133624][T13903] bridge0: port 2(bridge_slave_1) entered blocking state [ 754.171102][T13903] bridge0: port 2(bridge_slave_1) entered disabled state [ 754.212072][T13903] bridge_slave_1: entered allmulticast mode [ 754.248958][T13903] bridge_slave_1: entered promiscuous mode [ 754.408410][ T5092] Bluetooth: hci3: command tx timeout [ 754.449036][T13903] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 754.535519][T13903] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 754.740205][T13903] team0: Port device team_slave_0 added [ 754.784897][T13903] team0: Port device team_slave_1 added [ 754.864560][ T5154] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 754.947963][T13903] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 754.983595][T13903] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 755.030345][T13903] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 755.049817][T14022] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1538'. [ 755.089571][ T5154] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 755.093093][T13903] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 755.105195][ T5154] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 755.136702][ T5154] usb 5-1: config 0 descriptor?? [ 755.157793][T13903] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 755.216107][T13903] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 755.311989][T13903] hsr_slave_0: entered promiscuous mode [ 755.328834][T13903] hsr_slave_1: entered promiscuous mode [ 755.345908][T13903] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 755.353535][T13903] Cannot create hsr debugfs directory [ 755.382960][ T29] audit: type=1326 audit(1720293687.850:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14037 comm="syz.2.1542" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 755.420891][ T29] audit: type=1326 audit(1720293687.850:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14037 comm="syz.2.1542" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 755.474255][ T5155] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 755.501364][ T29] audit: type=1326 audit(1720293687.850:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14037 comm="syz.2.1542" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 755.550198][ T29] audit: type=1326 audit(1720293687.860:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14037 comm="syz.2.1542" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 755.550686][ T5151] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 755.594279][ T29] audit: type=1326 audit(1720293687.860:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14037 comm="syz.2.1542" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 755.674326][ T5155] usb 1-1: Using ep0 maxpacket: 32 [ 755.694232][ T29] audit: type=1326 audit(1720293687.860:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14037 comm="syz.2.1542" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 755.694718][ T5155] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 755.796584][ T29] audit: type=1326 audit(1720293687.860:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14037 comm="syz.2.1542" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 755.828808][ T5155] usb 1-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 755.844617][ T5151] usb 4-1: Using ep0 maxpacket: 32 [ 755.866204][ T5151] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 755.893366][ T5155] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 755.901836][ T5151] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 755.904580][ T29] audit: type=1326 audit(1720293687.860:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14037 comm="syz.2.1542" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 755.946604][ T5151] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 755.975277][ T5155] usb 1-1: config 0 descriptor?? [ 755.999253][ T5155] usb 1-1: bad CDC descriptors [ 756.016471][ T5151] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 756.040043][ T29] audit: type=1326 audit(1720293687.860:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14037 comm="syz.2.1542" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf742e579 code=0x7ffc0000 [ 756.084948][ T5151] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 756.138351][ T5151] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 756.156707][ T5151] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 756.193018][ T5151] usb 4-1: Product: syz [ 756.220760][ T5151] usb 4-1: Manufacturer: syz [ 756.245139][ T58] usb 1-1: USB disconnect, device number 40 [ 756.269860][ T5154] usb 5-1: Cannot read MAC address [ 756.287965][ T5151] usb 4-1: SerialNumber: syz [ 756.321728][ T5154] MOSCHIP usb-ethernet driver 5-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 756.375494][ T5154] usb 5-1: USB disconnect, device number 67 [ 756.474950][ T5092] Bluetooth: hci3: command tx timeout [ 756.571361][ T5151] cdc_ncm 4-1:1.0: bind() failure [ 756.614397][ T5151] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 756.623865][ T5151] cdc_ncm 4-1:1.1: bind() failure [ 756.626025][T14040] FAULT_INJECTION: forcing a failure. [ 756.626025][T14040] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 756.686143][ T5151] usb 4-1: USB disconnect, device number 45 [ 756.690563][T14040] CPU: 1 PID: 14040 Comm: syz.2.1543 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 756.702449][T14040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 756.712530][T14040] Call Trace: [ 756.715825][T14040] [ 756.718861][T14040] dump_stack_lvl+0x241/0x360 [ 756.723573][T14040] ? __pfx_dump_stack_lvl+0x10/0x10 [ 756.728800][T14040] ? __pfx__printk+0x10/0x10 [ 756.733409][T14040] should_fail_ex+0x3b0/0x4e0 [ 756.738117][T14040] prepare_alloc_pages+0x1da/0x5d0 [ 756.743253][T14040] __alloc_pages_noprof+0x166/0x6c0 [ 756.748464][T14040] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 756.754225][T14040] alloc_pages_mpol_noprof+0x3e8/0x680 [ 756.759734][T14040] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 756.765765][T14040] ? xas_load+0x58d/0x5c0 [ 756.770138][T14040] ? mpol_shared_policy_lookup+0x148/0x1f0 [ 756.775965][T14040] shmem_alloc_and_add_folio+0x24d/0xdb0 [ 756.781629][T14040] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 756.787798][T14040] ? filemap_map_pages+0x24f/0x1e70 [ 756.793103][T14040] ? __pfx_lock_release+0x10/0x10 [ 756.798143][T14040] shmem_get_folio_gfp+0x82d/0x1f50 [ 756.803355][T14040] ? mark_lock+0x9a/0x350 [ 756.807689][T14040] ? __pfx_lock_acquire+0x10/0x10 [ 756.812736][T14040] ? filemap_map_pages+0x18e0/0x1e70 [ 756.818305][T14040] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 756.823945][T14040] shmem_fault+0x252/0x6f0 [ 756.828394][T14040] ? __pfx_shmem_fault+0x10/0x10 [ 756.833351][T14040] ? __pfx_lock_release+0x10/0x10 [ 756.838375][T14040] ? pte_offset_map_nolock+0x137/0x1f0 [ 756.843848][T14040] __do_fault+0x135/0x460 [ 756.848180][T14040] ? handle_pte_fault+0x222c/0x7090 [ 756.853394][T14040] handle_pte_fault+0x3d15/0x7090 [ 756.858427][T14040] ? __pfx_validate_chain+0x10/0x10 [ 756.863655][T14040] ? __pfx_handle_pte_fault+0x10/0x10 [ 756.869076][T14040] ? __lock_acquire+0x1346/0x1fd0 [ 756.874160][T14040] ? __pfx_lock_release+0x10/0x10 [ 756.879316][T14040] handle_mm_fault+0x10df/0x1ba0 [ 756.884298][T14040] ? __pfx_handle_mm_fault+0x10/0x10 [ 756.889620][T14040] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 756.895962][T14040] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 756.901285][T14040] exc_page_fault+0x2b9/0x8c0 [ 756.905992][T14040] asm_exc_page_fault+0x26/0x30 [ 756.910937][T14040] RIP: 0010:strnlen_user+0xab/0x200 [ 756.916140][T14040] Code: 32 ae fc 48 89 d8 4c 01 f8 0f 88 4c 01 00 00 4c 39 f8 0f 82 43 01 00 00 48 89 6c 24 08 0f 01 cb 0f ae e8 4c 89 f8 48 83 e0 f8 <48> 8b 28 45 89 fc 41 83 e4 07 42 8d 0c e5 00 00 00 00 48 c7 c0 ff [ 756.935926][T14040] RSP: 0018:ffffc90008d97e50 EFLAGS: 00050202 [ 756.942099][T14040] RAX: 0000000020003340 RBX: 00000000000000fa RCX: ffff888026f11e00 [ 756.950086][T14040] RDX: 0000000000000000 RSI: 0000000020003340 RDI: 000000002000343a [ 756.958345][T14040] RBP: 00000000000000fa R08: ffffffff84e7f734 R09: 1ffffffff1f5a92d [ 756.966336][T14040] R10: dffffc0000000000 R11: fffffbfff1f5a92e R12: 000000002000343a [ 756.974331][T14040] R13: 0000000000000010 R14: dffffc0000000000 R15: 0000000020003340 [ 756.982330][T14040] ? strnlen_user+0x84/0x200 [ 756.986961][T14040] __se_sys_memfd_create+0x20a/0x850 [ 756.992280][T14040] __do_fast_syscall_32+0xb4/0x120 [ 756.997413][T14040] ? exc_page_fault+0x590/0x8c0 [ 757.002273][T14040] do_fast_syscall_32+0x34/0x80 [ 757.007148][T14040] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 757.013552][T14040] RIP: 0023:0xf742e579 [ 757.017636][T14040] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 757.037357][T14040] RSP: 002b:00000000f5d4757c EFLAGS: 00000206 ORIG_RAX: 0000000000000164 [ 757.045949][T14040] RAX: ffffffffffffffda RBX: 0000000020003340 RCX: 0000000000000000 [ 757.053946][T14040] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 757.061945][T14040] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 757.070098][T14040] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 757.078103][T14040] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 757.086123][T14040] [ 757.708575][ T63] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 757.765088][T14065] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1547'. [ 758.056323][ T63] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 758.403621][ T63] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 758.504439][T13903] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 758.631577][ T63] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 758.713335][ T29] kauditd_printk_skb: 6 callbacks suppressed [ 758.713357][ T29] audit: type=1326 audit(1720293691.180:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14063 comm="syz.0.1545" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73d0579 code=0x0 [ 758.754999][T13903] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 758.810440][T13903] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 758.890337][ T5102] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 758.901821][ T5102] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 758.920384][ T5102] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 758.934523][ T5102] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 758.952236][ T5102] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 758.964480][ T5102] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 758.987763][T13903] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 759.131421][ T29] audit: type=1326 audit(1720293691.600:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14089 comm="syz.0.1552" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73d0579 code=0x7ffc0000 [ 759.221945][ T29] audit: type=1326 audit(1720293691.600:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14089 comm="syz.0.1552" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73d0579 code=0x7ffc0000 [ 759.279982][ T29] audit: type=1326 audit(1720293691.640:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14089 comm="syz.0.1552" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf73d0579 code=0x7ffc0000 [ 759.392020][ T29] audit: type=1326 audit(1720293691.650:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14089 comm="syz.0.1552" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73d0579 code=0x7ffc0000 [ 759.443068][ T5102] Bluetooth: hci2: unexpected event 0x0f length: 17 > 4 [ 759.455762][ T29] audit: type=1326 audit(1720293691.650:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14089 comm="syz.0.1552" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf73d0579 code=0x7ffc0000 [ 759.526254][ T63] bridge_slave_1: left allmulticast mode [ 759.542358][ T63] bridge_slave_1: left promiscuous mode [ 759.551580][ T63] bridge0: port 2(bridge_slave_1) entered disabled state [ 759.605893][ T63] bridge_slave_0: left allmulticast mode [ 759.614145][ T63] bridge_slave_0: left promiscuous mode [ 759.631113][ T63] bridge0: port 1(bridge_slave_0) entered disabled state [ 759.633061][ T29] audit: type=1326 audit(1720293691.650:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14089 comm="syz.0.1552" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73d0579 code=0x7ffc0000 [ 759.707289][ T29] audit: type=1326 audit(1720293691.650:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14089 comm="syz.0.1552" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73d0579 code=0x7ffc0000 [ 759.735561][ T29] audit: type=1326 audit(1720293691.650:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14089 comm="syz.0.1552" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf73d0579 code=0x7ffc0000 [ 759.759769][ T29] audit: type=1326 audit(1720293691.650:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14089 comm="syz.0.1552" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73d0579 code=0x7ffc0000 [ 759.894577][ T5154] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 759.944188][ T5152] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 760.114885][ T5154] usb 4-1: Using ep0 maxpacket: 32 [ 760.123244][ T5154] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 760.140362][ T5152] usb 3-1: Using ep0 maxpacket: 16 [ 760.145722][ T5154] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 760.173241][ T5152] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 760.174379][ T5154] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 760.219647][ T5154] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 760.222459][ T5152] usb 3-1: New USB device found, idVendor=0572, idProduct=0041, bcdDevice=d5.24 [ 760.238484][ T5154] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 760.248884][ T5152] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 760.248918][ T5152] usb 3-1: Product: syz [ 760.248937][ T5152] usb 3-1: Manufacturer: syz [ 760.248957][ T5152] usb 3-1: SerialNumber: syz [ 760.252486][ T5152] usb 3-1: config 0 descriptor?? [ 760.288211][T14102] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 760.299383][ T5152] gspca_main: conex-2.14.0 probing 0572:0041 [ 760.352445][ T5154] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 760.362618][ T5154] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 760.378759][ T5154] usb 4-1: Product: syz [ 760.386562][ T5154] usb 4-1: Manufacturer: syz [ 760.391217][ T5154] usb 4-1: SerialNumber: syz [ 760.397202][ T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 760.429519][ T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 760.434858][T14104] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1557'. [ 760.455980][ T63] bond0 (unregistering): Released all slaves [ 760.578406][T14094] netdevsim netdevsim2: Direct firmware load for ng failed with error -2 [ 760.596957][T14094] netdevsim netdevsim2: Falling back to sysfs fallback for: ng [ 760.754682][ T5154] cdc_ncm 4-1:1.0: bind() failure [ 760.809459][ T5154] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 760.854479][ T5154] cdc_ncm 4-1:1.1: bind() failure [ 760.916744][ T5154] usb 4-1: USB disconnect, device number 46 [ 761.034680][ T5102] Bluetooth: hci0: command tx timeout [ 761.382837][ T63] hsr_slave_0: left promiscuous mode [ 761.405013][ T63] hsr_slave_1: left promiscuous mode [ 761.432640][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 761.451918][ T63] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 761.480099][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 761.495007][ T63] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 761.549463][ T63] veth1_macvtap: left promiscuous mode [ 761.562045][ T63] veth0_macvtap: left promiscuous mode [ 761.575586][ T63] veth1_vlan: left promiscuous mode [ 761.581363][ T63] veth0_vlan: left promiscuous mode [ 762.449729][ T5152] usb 3-1: USB disconnect, device number 55 [ 762.857748][ T63] team0 (unregistering): Port device team_slave_1 removed [ 762.933566][ T63] team0 (unregistering): Port device team_slave_0 removed [ 763.044325][ T5152] usb 3-1: new full-speed USB device number 56 using dummy_hcd [ 763.114917][ T5102] Bluetooth: hci0: command tx timeout [ 763.248142][ T5152] usb 3-1: not running at top speed; connect to a high speed hub [ 763.281069][ T5152] usb 3-1: config 8 has an invalid interface number: 11 but max is 3 [ 763.292197][ T5152] usb 3-1: config 8 has an invalid interface number: 139 but max is 3 [ 763.317891][ T5152] usb 3-1: config 8 has an invalid interface number: 195 but max is 3 [ 763.326569][ T5152] usb 3-1: config 8 has an invalid interface number: 32 but max is 3 [ 763.336602][ T5152] usb 3-1: config 8 has no interface number 0 [ 763.342730][ T5152] usb 3-1: config 8 has no interface number 1 [ 763.364798][ T5152] usb 3-1: config 8 has no interface number 2 [ 763.370936][ T5152] usb 3-1: config 8 has no interface number 3 [ 763.390014][ T5152] usb 3-1: config 8 interface 11 altsetting 1 endpoint 0xF has invalid maxpacket 1024, setting to 64 [ 763.402779][ T5152] usb 3-1: config 8 interface 11 altsetting 1 endpoint 0x2 has invalid maxpacket 1023, setting to 64 [ 763.433850][ T5152] usb 3-1: config 8 interface 11 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 763.474392][ T5152] usb 3-1: config 8 interface 11 altsetting 1 has a duplicate endpoint with address 0xE, skipping [ 763.502791][ T5152] usb 3-1: config 8 interface 11 altsetting 1 endpoint 0xB has invalid maxpacket 512, setting to 64 [ 763.544137][ T5152] usb 3-1: config 8 interface 11 altsetting 1 has a duplicate endpoint with address 0x8F, skipping [ 763.555296][ T5152] usb 3-1: config 8 interface 11 altsetting 1 has a duplicate endpoint with address 0xB, skipping [ 763.581344][ T5152] usb 3-1: config 8 interface 11 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 763.603748][ T5152] usb 3-1: config 8 interface 11 altsetting 1 endpoint 0x9 has invalid maxpacket 1024, setting to 64 [ 763.640822][ T5152] usb 3-1: config 8 interface 139 altsetting 90 has a duplicate endpoint with address 0x9, skipping [ 763.680719][ T5152] usb 3-1: config 8 interface 139 altsetting 90 has a duplicate endpoint with address 0xE, skipping [ 763.692192][ T5152] usb 3-1: config 8 interface 139 altsetting 90 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 763.730034][ T5152] usb 3-1: config 8 interface 139 altsetting 90 has a duplicate endpoint with address 0xD, skipping [ 763.751476][ T5152] usb 3-1: config 8 interface 139 altsetting 90 endpoint 0x8 has invalid maxpacket 512, setting to 64 [ 763.778955][ T5152] usb 3-1: config 8 interface 139 altsetting 90 has a duplicate endpoint with address 0x7, skipping [ 763.798465][ T5152] usb 3-1: config 8 interface 139 altsetting 90 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 763.825875][ T5152] usb 3-1: config 8 interface 139 altsetting 90 has a duplicate endpoint with address 0x3, skipping [ 763.844594][ T5152] usb 3-1: config 8 interface 139 altsetting 90 has an invalid descriptor for endpoint zero, skipping [ 763.866939][ T5152] usb 3-1: config 8 interface 139 altsetting 90 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 763.893401][ T5152] usb 3-1: config 8 interface 195 altsetting 2 has a duplicate endpoint with address 0x8, skipping [ 763.920254][ T5152] usb 3-1: config 8 interface 195 altsetting 2 endpoint 0x5 has invalid maxpacket 991, setting to 64 [ 763.939715][ T5152] usb 3-1: config 8 interface 195 altsetting 2 has a duplicate endpoint with address 0xA, skipping [ 763.958505][ T5152] usb 3-1: config 8 interface 195 altsetting 2 endpoint 0x4 has an invalid bInterval 164, changing to 4 [ 763.990534][ T5152] usb 3-1: config 8 interface 195 altsetting 2 has a duplicate endpoint with address 0x5, skipping [ 764.018703][ T5152] usb 3-1: config 8 interface 195 altsetting 2 has a duplicate endpoint with address 0xC, skipping [ 764.031669][ T5152] usb 3-1: config 8 interface 195 altsetting 2 has a duplicate endpoint with address 0xF, skipping [ 764.062848][ T5152] usb 3-1: config 8 interface 32 altsetting 6 has a duplicate endpoint with address 0x2, skipping [ 764.075970][ T5152] usb 3-1: config 8 interface 32 altsetting 6 has a duplicate endpoint with address 0x7, skipping [ 764.088818][ T5152] usb 3-1: config 8 interface 32 altsetting 6 has a duplicate endpoint with address 0xD, skipping [ 764.100918][ T5152] usb 3-1: config 8 interface 32 altsetting 6 has a duplicate endpoint with address 0xB, skipping [ 764.116218][ T5152] usb 3-1: config 8 interface 32 altsetting 6 has a duplicate endpoint with address 0xC, skipping [ 764.152143][ T5152] usb 3-1: config 8 interface 32 altsetting 6 has a duplicate endpoint with address 0xA, skipping [ 764.171968][ T5152] usb 3-1: config 8 interface 32 altsetting 6 has a duplicate endpoint with address 0x1, skipping [ 764.172769][T13903] 8021q: adding VLAN 0 to HW filter on device bond0 [ 764.183421][ T5152] usb 3-1: config 8 interface 11 has no altsetting 0 [ 764.201518][ T5152] usb 3-1: config 8 interface 139 has no altsetting 0 [ 764.213370][ T5152] usb 3-1: config 8 interface 195 has no altsetting 0 [ 764.263692][ T5152] usb 3-1: config 8 interface 32 has no altsetting 0 [ 764.324949][ T5152] usb 3-1: Dual-Role OTG device on HNP port [ 764.350828][ T5152] usb 3-1: New USB device found, idVendor=1b80, idProduct=e349, bcdDevice=a4.ad [ 764.369247][ T29] kauditd_printk_skb: 7 callbacks suppressed [ 764.369268][ T29] audit: type=1326 audit(1720293696.840:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14189 comm="syz.3.1564" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b4579 code=0x7ffc0000 [ 764.381973][T13903] 8021q: adding VLAN 0 to HW filter on device team0 [ 764.402502][ T5152] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 764.413214][ T5152] usb 3-1: Product: ᒣ⪉⪂嶣ᮻ炏኿ꎯ࣎駃쀤빥䐺띢Ꮘ픥辁Ƶӡڭᣛ踜빭쫺될獩⇗閼呢싎Ⅵ쟗뢮೭㷹퉺嶜赵羾앾ā⟵虷뒗꼹㷤烐ꉟⱩꩈ祷氽軼芅䕠ⶖ氙㼲騏ヹꀺ﮾ꦄ㌄䕮ா㞢ﴉ幧錊핑烹뵫╧焺헦蕝䚮Ẍఎ墫횙⥅ [ 764.472154][ T5152] usb 3-1: Manufacturer: ࠔ [ 764.472804][ T29] audit: type=1326 audit(1720293696.840:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14189 comm="syz.3.1564" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b4579 code=0x7ffc0000 [ 764.477168][ T5152] usb 3-1: SerialNumber: 慤ꎹ䌱杨鑢毂鞱实զ愢畵⧝亟಩澜꾲캁ೡ‹閫ⱹⴹ⇻䊤枉牳羰戒捘䝙䗼煕〉ḿ蔤獩齛姷䂼潴ພ衠䔰຦ꛦ횵滘ᐸ⯽袅㊏䪶꒾젅袅㌒Ⓖ馦ؾ֏膡䷸䶫沛릈뉵熊㼴ꩇ둁鳱ൂ㡙奷䔝Ꝉ⇛ [ 764.511330][ T29] audit: type=1326 audit(1720293696.880:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14189 comm="syz.3.1564" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf73b4579 code=0x7ffc0000 [ 764.539217][T14086] chnl_net:caif_netlink_parms(): no params data found [ 764.583358][ T5151] bridge0: port 1(bridge_slave_0) entered blocking state [ 764.590660][ T5151] bridge0: port 1(bridge_slave_0) entered forwarding state [ 764.602711][ T29] audit: type=1326 audit(1720293696.880:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14189 comm="syz.3.1564" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b4579 code=0x7ffc0000 [ 764.651304][T14158] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 764.659512][ T29] audit: type=1326 audit(1720293696.880:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14189 comm="syz.3.1564" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b4579 code=0x7ffc0000 [ 764.693704][ T29] audit: type=1326 audit(1720293696.920:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14189 comm="syz.3.1564" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf73b4579 code=0x7ffc0000 [ 764.726756][ T29] audit: type=1326 audit(1720293696.920:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14189 comm="syz.3.1564" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b4579 code=0x7ffc0000 [ 764.760973][ T29] audit: type=1326 audit(1720293696.920:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14189 comm="syz.3.1564" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf73b4579 code=0x7ffc0000 [ 764.792422][ T29] audit: type=1326 audit(1720293696.920:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14189 comm="syz.3.1564" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b4579 code=0x7ffc0000 [ 764.825754][ T29] audit: type=1326 audit(1720293696.920:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14189 comm="syz.3.1564" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73b4579 code=0x7ffc0000 [ 764.918490][ T5154] bridge0: port 2(bridge_slave_1) entered blocking state [ 764.925761][ T5154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 764.935027][T14158] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 764.969496][T14158] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 765.011228][T14158] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 765.039941][T14158] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 765.194469][ T5102] Bluetooth: hci0: command tx timeout [ 765.201166][T14086] bridge0: port 1(bridge_slave_0) entered blocking state [ 765.231958][T14086] bridge0: port 1(bridge_slave_0) entered disabled state [ 765.260733][T14086] bridge_slave_0: entered allmulticast mode [ 765.287830][T14086] bridge_slave_0: entered promiscuous mode [ 765.311356][ T5152] usb 3-1: USB disconnect, device number 56 [ 765.330613][T14086] bridge0: port 2(bridge_slave_1) entered blocking state [ 765.369641][T14086] bridge0: port 2(bridge_slave_1) entered disabled state [ 765.390123][T14086] bridge_slave_1: entered allmulticast mode [ 765.417219][T14086] bridge_slave_1: entered promiscuous mode [ 765.545454][T14086] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 765.585117][T14086] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 765.727861][T14086] team0: Port device team_slave_0 added [ 765.737976][T14086] team0: Port device team_slave_1 added [ 765.927496][T14086] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 765.961664][T14086] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 766.021949][T14086] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 766.210912][ T51] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 766.315024][T14086] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 766.322052][T14086] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 766.406241][T14086] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 766.530661][ T51] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 766.623293][T13903] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 766.795453][ T51] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 766.911105][T14086] hsr_slave_0: entered promiscuous mode [ 766.944721][T14086] hsr_slave_1: entered promiscuous mode [ 766.984459][T14086] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 767.003869][T14086] Cannot create hsr debugfs directory [ 767.020927][ T5092] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 767.060455][ T5092] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 767.074720][ T5092] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 767.083032][ T5092] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 767.094451][ T5092] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 767.112165][ T5092] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 767.126050][ T51] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 767.293414][ T5092] Bluetooth: hci0: command tx timeout [ 767.473634][T14244] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1572'. [ 767.546641][T14249] input: syz0 as /devices/virtual/input/input55 [ 767.812186][T13903] veth0_vlan: entered promiscuous mode [ 768.040866][ T51] bridge_slave_1: left allmulticast mode [ 768.052987][ T51] bridge_slave_1: left promiscuous mode [ 768.058917][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 768.086485][ T51] bridge_slave_0: left allmulticast mode [ 768.092203][ T51] bridge_slave_0: left promiscuous mode [ 768.101286][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 768.718922][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 768.747343][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 768.770125][ T51] bond0 (unregistering): Released all slaves [ 769.075966][T14265] FAULT_INJECTION: forcing a failure. [ 769.075966][T14265] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 769.092746][T13903] veth1_vlan: entered promiscuous mode [ 769.144200][T14265] CPU: 0 PID: 14265 Comm: syz.0.1578 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 769.154440][T14265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 769.164515][T14265] Call Trace: [ 769.167809][T14265] [ 769.170748][T14265] dump_stack_lvl+0x241/0x360 [ 769.175481][T14265] ? __pfx_dump_stack_lvl+0x10/0x10 [ 769.180871][T14265] ? __pfx__printk+0x10/0x10 [ 769.185491][T14265] ? __pfx_lock_release+0x10/0x10 [ 769.190534][T14265] should_fail_ex+0x3b0/0x4e0 [ 769.195242][T14265] _copy_from_user+0x2f/0xe0 [ 769.200007][T14265] get_compat_msghdr+0xae/0x730 [ 769.204881][T14265] ? __fget_files+0x29/0x470 [ 769.209494][T14265] ? __pfx_get_compat_msghdr+0x10/0x10 [ 769.214986][T14265] ? __fget_files+0x3f6/0x470 [ 769.219691][T14265] __sys_sendmsg+0x273/0x3a0 [ 769.224299][T14265] ? __pfx___sys_sendmsg+0x10/0x10 [ 769.229446][T14265] ? vfs_write+0x7c4/0xc90 [ 769.233913][T14265] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 769.240519][T14265] ? lockdep_hardirqs_on+0x99/0x150 [ 769.245739][T14265] __do_fast_syscall_32+0xb4/0x120 [ 769.250876][T14265] ? exc_page_fault+0x590/0x8c0 [ 769.255782][T14265] do_fast_syscall_32+0x34/0x80 [ 769.260831][T14265] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 769.267170][T14265] RIP: 0023:0xf73d0579 [ 769.271247][T14265] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 769.290861][T14265] RSP: 002b:00000000f5ce957c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 769.299290][T14265] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000000 [ 769.307272][T14265] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 769.315278][T14265] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 769.323340][T14265] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 769.331316][T14265] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 769.339313][T14265] [ 769.343768][ T5092] Bluetooth: hci2: command tx timeout [ 769.427455][T14267] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1579'. [ 769.453128][T14267] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1579'. [ 769.738843][T13903] veth0_macvtap: entered promiscuous mode [ 769.782179][T13903] veth1_macvtap: entered promiscuous mode [ 769.864550][ T5162] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 770.053140][T13903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 770.075621][ T5162] usb 1-1: Using ep0 maxpacket: 32 [ 770.084222][T13903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 770.092611][ T5162] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 770.104795][T13903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 770.122717][ T5162] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 770.124415][T13903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 770.143326][ T5162] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 770.153871][T13903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 770.165316][T13903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 770.174504][ T5162] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 770.186484][ T5162] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 770.194206][T13903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 770.199976][ T5162] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 770.214794][T13903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 770.224055][ T5162] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 770.237137][T13903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 770.244070][ T5162] usb 1-1: Product: syz [ 770.251983][ T5162] usb 1-1: Manufacturer: syz [ 770.262153][ T5162] usb 1-1: SerialNumber: syz [ 770.262635][T13903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 770.300943][T13903] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 770.316271][T13903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 770.326986][T13903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 770.339139][T13903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 770.350123][T13903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 770.361780][T13903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 770.375451][T13903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 770.386944][T13903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 770.399453][T13903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 770.409914][T13903] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 770.429898][T13903] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 770.443701][T13903] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 770.523656][T13903] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 770.533509][T13903] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 770.545861][T13903] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 770.555187][T13903] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 770.568033][T14239] chnl_net:caif_netlink_parms(): no params data found [ 770.588919][ T5162] cdc_ncm 1-1:1.0: bind() failure [ 770.632965][ T5162] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 770.666334][ T5162] cdc_ncm 1-1:1.1: bind() failure [ 770.704840][ T5162] usb 1-1: USB disconnect, device number 41 [ 770.956935][T14239] bridge0: port 1(bridge_slave_0) entered blocking state [ 770.972532][T14239] bridge0: port 1(bridge_slave_0) entered disabled state [ 770.980721][T14239] bridge_slave_0: entered allmulticast mode [ 770.988988][T14239] bridge_slave_0: entered promiscuous mode [ 770.993506][T14296] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1582'. [ 771.004630][T14086] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 771.017558][T14086] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 771.031324][T14086] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 771.043076][T14239] bridge0: port 2(bridge_slave_1) entered blocking state [ 771.055981][T14239] bridge0: port 2(bridge_slave_1) entered disabled state [ 771.063525][T14239] bridge_slave_1: entered allmulticast mode [ 771.072044][T14239] bridge_slave_1: entered promiscuous mode [ 771.095995][T14086] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 771.115025][ T5092] Bluetooth: hci4: command 0x0c1a tx timeout [ 771.121440][ T5146] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 771.134748][ T5146] Bluetooth: hci4: Error when powering off device on rfkill (-110) [ 771.162817][T14239] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 771.184830][T14239] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 771.370795][T14239] team0: Port device team_slave_0 added [ 771.397607][ T29] kauditd_printk_skb: 23 callbacks suppressed [ 771.397626][ T29] audit: type=1326 audit(1720293703.870:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14301 comm="syz.0.1584" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73d0579 code=0x0 [ 771.441299][ T5092] Bluetooth: hci2: command tx timeout [ 771.491070][T14239] team0: Port device team_slave_1 added [ 771.666594][T14239] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 771.673874][T14239] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 771.710627][T14239] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 771.735744][T14239] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 771.742765][T14239] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 771.772596][T14239] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 771.885998][T14239] hsr_slave_0: entered promiscuous mode [ 771.895111][T14239] hsr_slave_1: entered promiscuous mode [ 771.914054][T14239] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 771.921695][T14239] Cannot create hsr debugfs directory [ 772.149140][T14086] 8021q: adding VLAN 0 to HW filter on device bond0 [ 772.244153][T14086] 8021q: adding VLAN 0 to HW filter on device team0 [ 772.279216][ T5173] bridge0: port 1(bridge_slave_0) entered blocking state [ 772.286687][ T5173] bridge0: port 1(bridge_slave_0) entered forwarding state [ 772.343590][ T5173] bridge0: port 2(bridge_slave_1) entered blocking state [ 772.350824][ T5173] bridge0: port 2(bridge_slave_1) entered forwarding state [ 772.495808][T14086] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 772.798234][T14086] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 772.962971][T14239] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 772.994824][T14239] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 773.011709][T14239] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 773.027809][T14086] veth0_vlan: entered promiscuous mode [ 773.038613][T14239] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 773.099234][T14086] veth1_vlan: entered promiscuous mode [ 773.223744][T14086] veth0_macvtap: entered promiscuous mode [ 773.244402][T14086] veth1_macvtap: entered promiscuous mode [ 773.306878][T14086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 773.329295][T14086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 773.342180][T14086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 773.353096][T14086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 773.363507][T14086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 773.376853][T14086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 773.386944][T14086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 773.397507][T14086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 773.407494][T14086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 773.419299][T14086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 773.429304][T14086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 773.441071][T14086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 773.453274][T14086] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 773.487018][T14086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 773.502042][T14086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 773.513106][T14086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 773.525441][T14086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 773.531353][ T5092] Bluetooth: hci2: command tx timeout [ 773.535481][T14086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 773.556566][T14086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 773.566676][T14086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 773.577291][T14086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 773.588401][T14086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 773.600106][T14086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 773.621756][T14086] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 773.643836][T14086] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 773.656755][T14086] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 773.676477][ T5092] Bluetooth: hci3: command 0x0c1a tx timeout [ 773.687081][ T5146] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 773.693222][ T5146] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 773.713632][T14086] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 773.736581][T14086] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 773.753614][T14086] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 773.765846][T14086] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 773.786610][T14239] 8021q: adding VLAN 0 to HW filter on device bond0 [ 773.870546][T14239] 8021q: adding VLAN 0 to HW filter on device team0 [ 773.901467][ T5150] bridge0: port 1(bridge_slave_0) entered blocking state [ 773.908723][ T5150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 773.927845][T14292] bridge0: port 2(bridge_slave_1) entered blocking state [ 773.935105][T14292] bridge0: port 2(bridge_slave_1) entered forwarding state [ 774.095266][T14239] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 774.188211][T14239] veth0_vlan: entered promiscuous mode [ 774.220757][T14239] veth1_vlan: entered promiscuous mode [ 774.324057][T14239] veth0_macvtap: entered promiscuous mode [ 774.351844][T14239] veth1_macvtap: entered promiscuous mode [ 774.393915][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 774.416857][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 774.429030][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 774.449683][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 774.463877][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 774.484335][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 774.504806][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 774.527703][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 774.544239][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 774.575716][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 774.586870][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 774.597967][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 774.609423][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 774.620999][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 774.635679][T14239] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 774.659447][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 774.671565][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 774.683465][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 774.696145][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 774.706681][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 774.718258][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 774.728731][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 774.741322][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 774.751724][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 774.762985][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 774.773543][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 774.785126][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 774.797141][T14239] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 774.808154][T14239] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 774.830681][T14239] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 774.872894][T14239] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 774.892976][T14239] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 774.912765][T14239] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 774.921863][T14239] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 775.594383][ T5092] Bluetooth: hci2: command tx timeout [ 775.754368][ T5092] Bluetooth: hci0: command 0x0c1a tx timeout [ 775.761928][ T5146] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 775.768936][ T5146] Bluetooth: hci0: Error when powering off device on rfkill (-110) [ 777.844563][ T5092] Bluetooth: hci2: command 0x0c1a tx timeout [ 777.854066][ T5146] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 777.860251][ T5146] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 778.157474][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 778.186122][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 778.245709][ T51] hsr_slave_0: left promiscuous mode [ 778.252105][ T51] hsr_slave_1: left promiscuous mode [ 778.269280][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 778.277507][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 778.286600][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 778.295588][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 778.325866][ T51] veth1_macvtap: left promiscuous mode [ 778.331475][ T51] veth0_macvtap: left promiscuous mode [ 778.337432][ T51] veth1_vlan: left promiscuous mode [ 778.342805][ T51] veth0_vlan: left promiscuous mode [ 779.086033][ T51] team0 (unregistering): Port device team_slave_1 removed [ 779.141379][ T51] team0 (unregistering): Port device team_slave_0 removed [ 779.340501][T14492] FAULT_INJECTION: forcing a failure. [ 779.340501][T14492] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 779.353967][T14492] CPU: 1 PID: 14492 Comm: syz.0.1589 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 779.364174][T14492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 779.374344][T14492] Call Trace: [ 779.377631][T14492] [ 779.380569][T14492] dump_stack_lvl+0x241/0x360 [ 779.385360][T14492] ? __pfx_dump_stack_lvl+0x10/0x10 [ 779.390576][T14492] ? __pfx__printk+0x10/0x10 [ 779.395185][T14492] ? __pfx_lock_release+0x10/0x10 [ 779.400225][T14492] should_fail_ex+0x3b0/0x4e0 [ 779.404954][T14492] _copy_from_user+0x2f/0xe0 [ 779.409557][T14492] get_compat_msghdr+0xae/0x730 [ 779.414431][T14492] ? __fget_files+0x29/0x470 [ 779.419039][T14492] ? __pfx_get_compat_msghdr+0x10/0x10 [ 779.424511][T14492] ? __fget_files+0x3f6/0x470 [ 779.429210][T14492] __sys_sendmsg+0x273/0x3a0 [ 779.433898][T14492] ? __pfx___sys_sendmsg+0x10/0x10 [ 779.439058][T14492] ? vfs_write+0x7c4/0xc90 [ 779.443530][T14492] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 779.450143][T14492] ? lockdep_hardirqs_on+0x99/0x150 [ 779.455361][T14492] __do_fast_syscall_32+0xb4/0x120 [ 779.460490][T14492] ? exc_page_fault+0x590/0x8c0 [ 779.465373][T14492] do_fast_syscall_32+0x34/0x80 [ 779.470253][T14492] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 779.476687][T14492] RIP: 0023:0xf73d0579 [ 779.480941][T14492] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 779.500571][T14492] RSP: 002b:00000000f5ce957c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 779.508997][T14492] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000140 [ 779.516992][T14492] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 779.524974][T14492] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 779.533044][T14492] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 779.541029][T14492] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 779.549021][T14492] [ 779.646955][ T29] audit: type=1326 audit(1720293712.110:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14493 comm="syz.0.1590" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73d0579 code=0x7ffc0000 [ 779.679153][ T29] audit: type=1326 audit(1720293712.110:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14493 comm="syz.0.1590" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73d0579 code=0x7ffc0000 [ 779.708617][ T29] audit: type=1326 audit(1720293712.110:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14493 comm="syz.0.1590" exe="/root/syz-executor" sig=0 arch=40000003 syscall=39 compat=1 ip=0xf73d0579 code=0x7ffc0000 [ 779.731107][ T29] audit: type=1326 audit(1720293712.110:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14493 comm="syz.0.1590" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73d0579 code=0x7ffc0000 [ 779.732468][T14496] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1590'. [ 779.765837][ T29] audit: type=1326 audit(1720293712.110:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14493 comm="syz.0.1590" exe="/root/syz-executor" sig=0 arch=40000003 syscall=299 compat=1 ip=0xf73d0579 code=0x7ffc0000 [ 779.803391][ T29] audit: type=1326 audit(1720293712.110:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14493 comm="syz.0.1590" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73d0579 code=0x7ffc0000 [ 779.807173][T14496] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1590'. [ 779.834603][ T29] audit: type=1326 audit(1720293712.110:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14493 comm="syz.0.1590" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73d0579 code=0x7ffc0000 [ 779.858773][ T29] audit: type=1326 audit(1720293712.110:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14493 comm="syz.0.1590" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf73d0579 code=0x7ffc0000 [ 779.883293][ T29] audit: type=1326 audit(1720293712.270:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14493 comm="syz.0.1590" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73d0579 code=0x7ffc0000 [ 779.913584][ T29] audit: type=1326 audit(1720293712.270:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14493 comm="syz.0.1590" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf73d0579 code=0x7ffc0000 [ 780.210277][ T1061] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 780.224730][ T1061] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 780.253660][T14500] bridge0: entered allmulticast mode [ 780.306666][ T1061] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 780.359705][ T1061] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 780.390313][ T1061] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 780.403063][ T1061] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 780.483248][ T1061] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 780.507626][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 780.521221][ T1061] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 780.534277][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 780.674620][T14508] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1546'. [ 780.704144][ T5162] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 780.832584][ T51] IPVS: stop unused estimator thread 0... [ 780.841384][T14513] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1510'. [ 780.871026][T14510] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1570'. [ 780.914256][T14508] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1546'. [ 780.914269][ T5162] usb 4-1: Using ep0 maxpacket: 32 [ 780.918725][ T5162] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 780.969737][T14513] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1510'. [ 781.001641][ T51] bridge_slave_1: left allmulticast mode [ 781.013558][T14513] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1510'. [ 781.028848][ T5162] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 781.039644][ T51] bridge_slave_1: left promiscuous mode [ 781.054340][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 781.073385][ T5162] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 781.092304][ T5162] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 781.104589][ T5162] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 781.122389][ T51] bridge_slave_0: left allmulticast mode [ 781.130240][ T51] bridge_slave_0: left promiscuous mode [ 781.137305][ T5162] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 781.147170][ T5162] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 781.156172][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 781.167264][ T5162] usb 4-1: Product: syz [ 781.177639][ T5162] usb 4-1: Manufacturer: syz [ 781.188392][ T5162] usb 4-1: SerialNumber: syz [ 781.776205][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 781.789574][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 781.802597][ T51] bond0 (unregistering): Released all slaves [ 781.821796][ T51] bond1 (unregistering): Released all slaves [ 781.888957][ T5162] cdc_ncm 4-1:1.0: bind() failure [ 781.938049][ T5162] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 781.952338][ T5162] cdc_ncm 4-1:1.1: bind() failure [ 782.014639][ T5162] usb 4-1: USB disconnect, device number 47 [ 782.463094][T14541] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1602'. [ 782.574891][T14545] FAULT_INJECTION: forcing a failure. [ 782.574891][T14545] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 782.623289][T14545] CPU: 0 PID: 14545 Comm: syz.0.1602 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 782.633523][T14545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 782.643708][T14545] Call Trace: [ 782.647023][T14545] [ 782.649985][T14545] dump_stack_lvl+0x241/0x360 [ 782.654728][T14545] ? __pfx_dump_stack_lvl+0x10/0x10 [ 782.659988][T14545] ? __pfx__printk+0x10/0x10 [ 782.664647][T14545] ? __pfx_lock_release+0x10/0x10 [ 782.669725][T14545] should_fail_ex+0x3b0/0x4e0 [ 782.674464][T14545] _copy_from_user+0x2f/0xe0 [ 782.679203][T14545] get_compat_msghdr+0xae/0x730 [ 782.684106][T14545] ? __fget_files+0x29/0x470 [ 782.688737][T14545] ? __pfx_get_compat_msghdr+0x10/0x10 [ 782.694219][T14545] ? __fget_files+0x3f6/0x470 [ 782.698931][T14545] __sys_sendmsg+0x273/0x3a0 [ 782.703555][T14545] ? __pfx___sys_sendmsg+0x10/0x10 [ 782.708679][T14545] ? vfs_write+0x7c4/0xc90 [ 782.713234][T14545] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 782.719848][T14545] ? lockdep_hardirqs_on+0x99/0x150 [ 782.725177][T14545] __do_fast_syscall_32+0xb4/0x120 [ 782.730403][T14545] ? exc_page_fault+0x590/0x8c0 [ 782.735275][T14545] do_fast_syscall_32+0x34/0x80 [ 782.740151][T14545] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 782.746582][T14545] RIP: 0023:0xf73d0579 [ 782.750660][T14545] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 782.770275][T14545] RSP: 002b:00000000f5ca757c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 782.778788][T14545] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000100 [ 782.786785][T14545] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 782.794875][T14545] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 782.802861][T14545] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 782.810859][T14545] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 782.818951][T14545] [ 782.822095][ C0] vkms_vblank_simulate: vblank timer overrun [ 783.047026][ T51] hsr_slave_0: left promiscuous mode [ 783.053464][ T51] hsr_slave_1: left promiscuous mode [ 783.070811][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 783.095623][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 783.149860][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 783.165237][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 783.253522][ T51] veth1_macvtap: left promiscuous mode [ 783.282443][ T51] veth0_macvtap: left promiscuous mode [ 783.302271][ T51] veth1_vlan: left promiscuous mode [ 783.317928][ T51] veth0_vlan: left promiscuous mode [ 783.440171][T14568] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1607'. [ 784.041494][ T51] team0 (unregistering): Port device team_slave_1 removed [ 784.103185][ T51] team0 (unregistering): Port device team_slave_0 removed [ 784.828886][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 784.828907][ T29] audit: type=1326 audit(1720293717.300:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14575 comm="syz.0.1610" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73d0579 code=0x0 [ 784.955006][T14292] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 785.104166][ T58] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 785.168702][T14292] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 785.193570][T14292] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 785.215363][T14292] usb 5-1: Product: syz [ 785.223590][T14292] usb 5-1: Manufacturer: syz [ 785.230018][T14292] usb 5-1: SerialNumber: syz [ 785.238850][T14292] usb 5-1: config 0 descriptor?? [ 785.279328][ T51] bridge_slave_1: left allmulticast mode [ 785.293218][ T51] bridge_slave_1: left promiscuous mode [ 785.301261][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 785.325068][ T58] usb 4-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 0 [ 785.341241][ T51] bridge_slave_0: left allmulticast mode [ 785.356401][ T58] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 785.367354][ T51] bridge_slave_0: left promiscuous mode [ 785.380419][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 785.400657][ T58] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 785.443708][ T58] usb 4-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 785.485110][ T58] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 785.494224][ T5162] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 785.532651][ T58] usb 4-1: Product: syz [ 785.537815][ T58] usb 4-1: Manufacturer: syz [ 785.547066][ T58] usb 4-1: SerialNumber: syz [ 785.567315][ T58] usb 4-1: config 0 descriptor?? [ 785.590544][ T58] usb-storage 4-1:0.0: USB Mass Storage device detected [ 785.667914][ T58] usb-storage 4-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 785.707239][ T5162] usb 3-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 785.719543][ T5173] usb 5-1: USB disconnect, device number 68 [ 785.801625][ T5162] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 785.866196][ T58] usb 4-1: USB disconnect, device number 48 [ 785.915815][ T5162] usb 3-1: config 0 descriptor?? [ 785.986359][ T5162] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 786.325488][T14609] __nla_validate_parse: 5 callbacks suppressed [ 786.325509][T14609] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1619'. [ 786.406353][T14612] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1619'. [ 786.791279][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 786.815830][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 786.865211][ T51] bond0 (unregistering): Released all slaves [ 786.906458][T14603] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1619'. [ 786.946011][ T5162] usb 3-1: USB disconnect, device number 57 [ 787.201794][T14622] FAULT_INJECTION: forcing a failure. [ 787.201794][T14622] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 787.225489][T14622] CPU: 1 PID: 14622 Comm: syz.4.1623 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 787.235834][T14622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 787.245954][T14622] Call Trace: [ 787.249246][T14622] [ 787.252192][T14622] dump_stack_lvl+0x241/0x360 [ 787.256903][T14622] ? __pfx_dump_stack_lvl+0x10/0x10 [ 787.262487][T14622] ? __pfx__printk+0x10/0x10 [ 787.267100][T14622] ? vfs_write+0x7c4/0xc90 [ 787.271545][T14622] should_fail_ex+0x3b0/0x4e0 [ 787.276268][T14622] _copy_from_user+0x2f/0xe0 [ 787.280884][T14622] move_addr_to_kernel+0x82/0x150 [ 787.285943][T14622] __sys_connect+0xc1/0x310 [ 787.290496][T14622] ? __pfx___sys_connect+0x10/0x10 [ 787.295662][T14622] __ia32_sys_connect+0x7a/0x90 [ 787.300530][T14622] __do_fast_syscall_32+0xb4/0x120 [ 787.305672][T14622] ? exc_page_fault+0x590/0x8c0 [ 787.310545][T14622] do_fast_syscall_32+0x34/0x80 [ 787.315428][T14622] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 787.321766][T14622] RIP: 0023:0xf73c7579 [ 787.325933][T14622] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 787.345649][T14622] RSP: 002b:00000000f5ce057c EFLAGS: 00000206 ORIG_RAX: 000000000000016a [ 787.354172][T14622] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020000040 [ 787.362256][T14622] RDX: 000000000000001e RSI: 0000000000000000 RDI: 0000000000000000 [ 787.370245][T14622] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 787.378241][T14622] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 787.386266][T14622] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 787.394283][T14622] [ 787.593235][ T29] audit: type=1326 audit(1720293720.050:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14626 comm="syz.4.1626" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73c7579 code=0x0 [ 787.697981][ T51] hsr_slave_0: left promiscuous mode [ 787.732144][ T51] hsr_slave_1: left promiscuous mode [ 787.753806][T14630] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1627'. [ 787.781830][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 787.801977][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 787.826321][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 787.833814][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 787.987015][ T51] veth1_macvtap: left promiscuous mode [ 787.992885][ T51] veth0_macvtap: left promiscuous mode [ 788.002568][ T51] veth1_vlan: left promiscuous mode [ 788.008609][ T51] veth0_vlan: left promiscuous mode [ 788.219377][ T29] audit: type=1326 audit(1720293720.690:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14637 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=31 arch=40000003 syscall=20 compat=1 ip=0xf7417579 code=0x0 [ 789.814749][T14654] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1634'. [ 789.881348][ T51] team0 (unregistering): Port device team_slave_1 removed [ 789.901490][T14657] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1634'. [ 790.038704][ T51] team0 (unregistering): Port device team_slave_0 removed [ 790.611127][T14652] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1634'. [ 791.014353][ T29] audit: type=1326 audit(1720293723.480:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14676 comm="syz.2.1641" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7417579 code=0x0 [ 791.059929][T14668] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 791.152304][T14668] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 791.491161][ T29] audit: type=1326 audit(1720293723.960:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14685 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=31 arch=40000003 syscall=20 compat=1 ip=0xf73eb579 code=0x0 [ 791.520622][ C1] vkms_vblank_simulate: vblank timer overrun [ 792.210045][T14698] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1647'. [ 792.305932][T14704] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1649'. [ 792.561558][T14706] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1650'. [ 792.747328][T14712] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1652'. [ 792.989584][ T29] audit: type=1326 audit(1720293725.460:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14720 comm="syz.4.1656" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73c7579 code=0x0 [ 793.221027][T14718] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 793.309100][T14718] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 793.816974][T14740] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1660'. [ 794.207897][T14752] program syz.4.1664 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 794.623311][T14759] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1665'. [ 794.678561][T14764] xt_TCPMSS: Only works on TCP SYN packets [ 794.981191][T14292] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 795.105318][ T5162] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 795.145291][ T29] audit: type=1326 audit(1720293727.620:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14773 comm="syz.1.1672" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x0 [ 795.166863][ C1] vkms_vblank_simulate: vblank timer overrun [ 795.174088][ T5150] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 795.204167][T14292] usb 4-1: Using ep0 maxpacket: 32 [ 795.215865][T14292] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 795.232711][T14292] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 795.253660][T14292] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 795.271636][T14292] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 795.282452][ T5162] usb 5-1: device descriptor read/64, error -71 [ 795.289147][T14292] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 795.308709][T14292] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 795.308747][T14292] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 795.308770][T14292] usb 4-1: Product: syz [ 795.308789][T14292] usb 4-1: Manufacturer: syz [ 795.308806][T14292] usb 4-1: SerialNumber: syz [ 795.384688][ T5150] usb 1-1: Using ep0 maxpacket: 32 [ 795.389750][ T5150] usb 1-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=cb.c8 [ 795.389777][ T5150] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 795.389794][ T5150] usb 1-1: Product: syz [ 795.389825][ T5150] usb 1-1: Manufacturer: syz [ 795.389838][ T5150] usb 1-1: SerialNumber: syz [ 795.392626][ T5150] usb 1-1: config 0 descriptor?? [ 795.548676][T14292] cdc_ncm 4-1:1.0: bind() failure [ 795.552070][T14292] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 795.552122][T14292] cdc_ncm 4-1:1.1: bind() failure [ 795.556587][T14292] usb 4-1: USB disconnect, device number 49 [ 795.565946][ T5162] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 795.692546][ T5146] usb 1-1: USB disconnect, device number 42 [ 795.714768][ T5162] usb 5-1: device descriptor read/64, error -71 [ 795.841666][T14780] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1673'. [ 795.865099][ T5162] usb usb5-port1: attempt power cycle [ 796.115520][T14786] program syz.1.1676 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 796.304204][ T5162] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 796.375403][ T5162] usb 5-1: device descriptor read/8, error -71 [ 796.404931][T14793] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1679'. [ 796.524244][ T5173] usb 2-1: new full-speed USB device number 43 using dummy_hcd [ 796.664412][ T5162] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 796.705165][ T5173] usb 2-1: device descriptor read/64, error -71 [ 796.720819][ T5162] usb 5-1: device descriptor read/8, error -71 [ 796.849882][T14801] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1681'. [ 796.874797][ T5162] usb usb5-port1: unable to enumerate USB device [ 796.993232][ T5173] usb 2-1: new full-speed USB device number 44 using dummy_hcd [ 797.164313][ T5173] usb 2-1: device descriptor read/64, error -71 [ 797.284777][ T5173] usb usb2-port1: attempt power cycle [ 797.307701][T14810] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1684'. [ 797.483201][ T29] audit: type=1326 audit(1720293729.950:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14815 comm="syz.2.1686" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7417579 code=0x0 [ 797.511415][ T5146] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 797.704944][ T5146] usb 1-1: Using ep0 maxpacket: 32 [ 797.706196][ T5173] usb 2-1: new full-speed USB device number 45 using dummy_hcd [ 797.725688][ T5146] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 797.740783][ T5146] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 797.751674][ T5146] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 797.758647][ T5173] usb 2-1: device descriptor read/8, error -71 [ 797.761987][ T5146] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 797.778596][ T5146] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 797.792199][ T5146] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 797.807344][ T5146] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 797.824696][ T5146] usb 1-1: Product: syz [ 797.838696][T14820] program syz.4.1687 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 797.854056][ T5146] usb 1-1: Manufacturer: syz [ 797.858837][ T5146] usb 1-1: SerialNumber: syz [ 798.044317][ T5173] usb 2-1: new full-speed USB device number 46 using dummy_hcd [ 798.084933][ T5173] usb 2-1: device descriptor read/8, error -71 [ 798.106386][ T5146] cdc_ncm 1-1:1.0: bind() failure [ 798.119215][ T5146] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 798.126369][ T5146] cdc_ncm 1-1:1.1: bind() failure [ 798.141680][ T5146] usb 1-1: USB disconnect, device number 43 [ 798.213610][ T5173] usb usb2-port1: unable to enumerate USB device [ 798.241590][ T29] audit: type=1326 audit(1720293730.710:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14823 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=31 arch=40000003 syscall=20 compat=1 ip=0xf73b4579 code=0x0 [ 798.334184][ T5162] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 798.509938][T14829] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1691'. [ 798.519918][ T5162] usb 5-1: Using ep0 maxpacket: 32 [ 798.531866][ T5162] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 798.542984][ T5162] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 798.552326][ T5162] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 798.564677][ T5162] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 798.580883][ T5162] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 798.591222][ T5162] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 798.610401][ T5162] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 798.623001][ T5162] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 798.653494][ T5162] usb 5-1: config 0 descriptor?? [ 798.881313][ T5162] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 73 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 798.953464][ T5162] usb 5-1: USB disconnect, device number 73 [ 798.999817][ T5162] usblp0: removed [ 799.114991][T14836] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1693'. [ 799.162249][T14838] xt_connbytes: Forcing CT accounting to be enabled [ 799.447230][ T5162] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 799.572689][T14843] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1695'. [ 799.662994][ T5162] usb 5-1: Using ep0 maxpacket: 32 [ 799.699273][ T5162] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 799.717040][ T5162] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 799.749750][ T5162] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 799.810441][ T5162] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 799.847571][ T5162] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 799.892450][ T5162] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 799.893871][T14852] program syz.2.1698 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 799.973035][ T5162] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 799.991806][ T5162] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 800.031637][ T5162] usb 5-1: config 0 descriptor?? [ 800.264595][ T5162] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 74 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 800.445341][ C1] usblp0: nonzero read bulk status received: -71 [ 800.455357][ T5162] usb 5-1: USB disconnect, device number 74 [ 800.490479][ T1061] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 800.548560][T14822] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 800.567727][T14822] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 800.618317][T14822] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 800.779939][T14822] usblp0: removed [ 800.876885][ T1061] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 801.031329][ T1061] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 801.100276][T14864] sch_tbf: burst 0 is lower than device veth1_to_bridge mtu (1514) ! [ 801.229938][ T1061] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 801.375717][T14871] tipc: Started in network mode [ 801.396710][T14871] tipc: Node identity , cluster identity 4711 [ 801.437667][T14871] tipc: Failed to set node id, please configure manually [ 801.474607][T14871] tipc: Enabling of bearer rejected, failed to enable media [ 801.577411][ T5102] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 801.588570][ T5102] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 801.598609][ T5102] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 801.608293][ T5102] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 801.635869][ T5102] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 801.656511][ T5102] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 801.686309][T14879] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1706'. [ 801.835156][T14878] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1707'. [ 801.869631][ T1061] bridge_slave_1: left allmulticast mode [ 801.877506][ T1061] bridge_slave_1: left promiscuous mode [ 801.909803][ T1061] bridge0: port 2(bridge_slave_1) entered disabled state [ 801.923820][T14878] netlink: 'syz.3.1707': attribute type 1 has an invalid length. [ 801.953845][T14878] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.1707'. [ 801.968634][ T1061] bridge_slave_0: left allmulticast mode [ 801.977946][ T1061] bridge_slave_0: left promiscuous mode [ 801.983709][ T1061] bridge0: port 1(bridge_slave_0) entered disabled state [ 802.325368][T14888] input: syz0 as /devices/virtual/input/input63 [ 802.442973][ T29] audit: type=1326 audit(1720293734.910:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14889 comm="syz.2.1710" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7417579 code=0x0 [ 802.515106][ T1061] bridge0 (unregistering): left allmulticast mode [ 802.670925][ T1061] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 802.682840][ T1061] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 802.695974][ T1061] bond0 (unregistering): Released all slaves [ 802.726902][T14884] tipc: Enabling of bearer rejected, failed to enable media [ 802.908635][ T29] audit: type=1326 audit(1720293735.370:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14894 comm="syz.1.1711" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x0 [ 803.031101][T14897] program syz.4.1712 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 803.755086][ T5092] Bluetooth: hci1: command tx timeout [ 803.790025][T14880] chnl_net:caif_netlink_parms(): no params data found [ 803.884315][ T5104] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 804.006110][T14931] sch_tbf: burst 0 is lower than device veth1_to_bridge mtu (1514) ! [ 804.114238][ T5104] usb 3-1: Using ep0 maxpacket: 32 [ 804.137127][ T5104] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 804.190843][ T5104] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 804.214872][ T29] audit: type=1326 audit(1720293736.690:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14924 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73b4579 code=0x0 [ 804.238213][ T5104] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 804.238292][ T5104] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 804.238337][ T5104] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 804.238379][ T5104] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 804.238427][ T5104] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 804.238460][ T5104] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 804.255279][ T5104] usb 3-1: config 0 descriptor?? [ 804.336345][T14880] bridge0: port 1(bridge_slave_0) entered blocking state [ 804.343568][T14880] bridge0: port 1(bridge_slave_0) entered disabled state [ 804.373883][T14880] bridge_slave_0: entered allmulticast mode [ 804.404584][T14880] bridge_slave_0: entered promiscuous mode [ 804.424308][T14880] bridge0: port 2(bridge_slave_1) entered blocking state [ 804.451793][T14880] bridge0: port 2(bridge_slave_1) entered disabled state [ 804.503892][T14880] bridge_slave_1: entered allmulticast mode [ 804.537186][T14880] bridge_slave_1: entered promiscuous mode [ 804.711535][ T5104] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 58 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 804.787570][ T5104] usb 3-1: USB disconnect, device number 58 [ 804.792611][T14880] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 804.825928][ T5104] usblp0: removed [ 804.843589][T14880] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 805.043108][T14880] team0: Port device team_slave_0 added [ 805.068185][T14880] team0: Port device team_slave_1 added [ 805.196415][T14947] tipc: Enabling of bearer rejected, failed to enable media [ 805.240606][T14880] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 805.255253][T14880] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 805.312858][T14880] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 805.339011][T14880] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 805.347784][ T5104] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 805.356377][T14880] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 805.399958][T14880] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 805.418276][T14952] program syz.3.1723 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 805.431951][T14950] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1722'. [ 805.492739][T14953] input: syz0 as /devices/virtual/input/input64 [ 805.530234][ T5155] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 805.556737][ T5155] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 805.564917][ T5104] usb 3-1: Using ep0 maxpacket: 32 [ 805.575839][ T5104] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 805.604256][ T5104] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 805.615210][ T5104] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 805.631508][T14880] hsr_slave_0: entered promiscuous mode [ 805.659938][ T5104] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 805.676068][ T5104] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 805.696504][T14880] hsr_slave_1: entered promiscuous mode [ 805.721394][ T5104] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 805.761011][ T5104] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 805.776440][ T5104] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 805.830128][ T5104] usb 3-1: config 0 descriptor?? [ 806.115089][ T29] audit: type=1326 audit(1720293738.590:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14962 comm="syz.1.1725" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x0 [ 806.289351][ T5104] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 59 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 806.304110][ T5146] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 806.425287][ T1061] hsr_slave_0: left promiscuous mode [ 806.435761][ T1061] hsr_slave_1: left promiscuous mode [ 806.458814][ T1061] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 806.475708][ T1061] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 806.504717][ T1061] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 806.523910][ T1061] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 806.549027][ T5146] usb 4-1: Using ep0 maxpacket: 32 [ 806.568328][ T5146] usb 4-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=cb.c8 [ 806.588306][ T5146] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 806.611061][ T1061] veth1_macvtap: left promiscuous mode [ 806.618218][ T5146] usb 4-1: Product: syz [ 806.622528][ T5146] usb 4-1: Manufacturer: syz [ 806.628583][ T1061] veth0_macvtap: left promiscuous mode [ 806.648650][ T5146] usb 4-1: SerialNumber: syz [ 806.662029][ T1061] veth1_vlan: left promiscuous mode [ 806.674330][ T1061] veth0_vlan: left promiscuous mode [ 806.686269][ T5146] usb 4-1: config 0 descriptor?? [ 806.843883][ C0] usblp0: nonzero read bulk status received: -71 [ 806.895057][ T5173] usb 3-1: USB disconnect, device number 59 [ 806.996751][ T29] audit: type=1326 audit(1720293739.470:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14978 comm="syz.4.1727" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73c7579 code=0x0 [ 807.078149][ T29] audit: type=1326 audit(1720293739.550:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14980 comm="syz.1.1728" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x0 [ 807.116990][T14982] FAULT_INJECTION: forcing a failure. [ 807.116990][T14982] name failslab, interval 1, probability 0, space 0, times 0 [ 807.133704][T14982] CPU: 0 PID: 14982 Comm: syz.4.1727 Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 807.143919][T14982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 807.154012][T14982] Call Trace: [ 807.157329][T14982] [ 807.160287][T14982] dump_stack_lvl+0x241/0x360 [ 807.165002][T14982] ? __pfx_dump_stack_lvl+0x10/0x10 [ 807.170211][T14982] ? __pfx__printk+0x10/0x10 [ 807.174897][T14982] ? _copy_from_iter+0x26b/0x1960 [ 807.179943][T14982] should_fail_ex+0x3b0/0x4e0 [ 807.184635][T14982] ? build_skb+0x52/0x2a0 [ 807.188990][T14982] should_failslab+0x9/0x20 [ 807.193506][T14982] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 807.198910][T14982] ? __pfx_lock_release+0x10/0x10 [ 807.204044][T14982] build_skb+0x52/0x2a0 [ 807.208242][T14982] ? __tun_build_skb+0x25/0x2f0 [ 807.213111][T14982] __tun_build_skb+0x33/0x2f0 [ 807.217812][T14982] tun_get_user+0x2084/0x4560 [ 807.222587][T14982] ? tun_get_user+0x84c/0x4560 [ 807.227392][T14982] ? __pfx_tun_get_user+0x10/0x10 [ 807.232431][T14982] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 807.237998][T14982] ? tun_get+0x1e/0x2f0 [ 807.242186][T14982] ? tun_get+0x1e/0x2f0 [ 807.246376][T14982] ? tun_get+0x27d/0x2f0 [ 807.250629][T14982] tun_chr_write_iter+0x113/0x1f0 [ 807.255664][T14982] vfs_write+0xa72/0xc90 [ 807.259933][T14982] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 807.265509][T14982] ? __pfx_vfs_write+0x10/0x10 [ 807.270292][T14982] ksys_write+0x1a0/0x2c0 [ 807.274651][T14982] ? __pfx_ksys_write+0x10/0x10 [ 807.279507][T14982] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 807.286115][T14982] ? lockdep_hardirqs_on+0x99/0x150 [ 807.291340][T14982] __do_fast_syscall_32+0xb4/0x120 [ 807.296483][T14982] ? exc_page_fault+0x590/0x8c0 [ 807.301359][T14982] do_fast_syscall_32+0x34/0x80 [ 807.306238][T14982] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 807.312683][T14982] RIP: 0023:0xf73c7579 [ 807.316854][T14982] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 807.336482][T14982] RSP: 002b:00000000f5b3e540 EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 807.344913][T14982] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 0000000020000100 [ 807.352898][T14982] RDX: 000000000000008e RSI: 00000000f73b2ff4 RDI: 0000000000000000 [ 807.360896][T14982] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 807.368888][T14982] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 807.376877][T14982] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 807.384873][T14982] [ 807.473554][T14975] usblp0: removed [ 807.934916][ T1061] team0 (unregistering): Port device team_slave_1 removed [ 807.984832][ T1061] team0 (unregistering): Port device team_slave_0 removed [ 808.486907][T14911] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 808.499865][T14911] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 808.515651][T14911] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 808.654658][ T5162] usb 4-1: USB disconnect, device number 50 [ 808.726106][ T29] audit: type=1326 audit(1720293741.200:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14987 comm="syz.1.1731" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73eb579 code=0x0 [ 808.751458][T14990] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1730'. [ 808.823894][T14990] sch_tbf: burst 0 is lower than device veth1_to_bridge mtu (1514) ! [ 809.125396][ T1252] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.131814][ T1252] ieee802154 phy1 wpan1: encryption failed: -22 [ 810.136826][ T5102] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 810.148137][ T5102] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 810.185154][ T5102] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 810.212599][ T5102] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 810.230918][ T5102] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 810.244530][ T5102] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 810.279128][ T5092] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 810.294227][ T5092] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 810.305173][ T5092] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 810.335887][ T5092] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 810.343922][ T5092] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 810.354448][ T5092] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 810.546950][ T1061] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 810.793472][ T1061] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 810.866000][T14880] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 810.901160][T14880] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 811.010129][ T1061] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 811.050048][T14880] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 811.100514][T14880] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 811.207772][ T5092] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 811.230659][ T5092] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 811.243502][ T5092] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 811.254899][ T5092] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 811.264560][ T5092] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 811.272627][ T5092] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 811.376871][ T1061] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 811.694220][ T5146] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 811.859938][ T1061] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 811.894481][ T5146] usb 4-1: Using ep0 maxpacket: 16 [ 811.908510][ T5146] usb 4-1: New USB device found, idVendor=0b05, idProduct=1736, bcdDevice= d.b1 [ 811.964781][ T5146] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 811.972843][ T5146] usb 4-1: Product: syz [ 812.005594][ T5146] usb 4-1: Manufacturer: syz [ 812.010275][ T5146] usb 4-1: SerialNumber: syz [ 812.032392][ T5146] usb 4-1: config 0 descriptor?? [ 812.076517][ T1061] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 812.176637][ T29] audit: type=1326 audit(1720293744.650:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15034 comm="syz.2.1740" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7417579 code=0x0 [ 812.204728][ T1061] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 812.221845][T15017] chnl_net:caif_netlink_parms(): no params data found [ 812.283719][ T1061] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 812.298177][ T5146] dvb-usb: found a 'Asus My Cinema-U3000Hybrid' in cold state, will try to load a firmware [ 812.394194][ T5102] Bluetooth: hci0: command tx timeout [ 812.428587][ T5146] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 812.437249][ T5146] dib0700: firmware download failed at 7 with -22 [ 812.448660][ T5146] usb 4-1: USB disconnect, device number 51 [ 812.533392][T15025] chnl_net:caif_netlink_parms(): no params data found [ 812.593313][T15017] bridge0: port 1(bridge_slave_0) entered blocking state [ 812.601117][T15017] bridge0: port 1(bridge_slave_0) entered disabled state [ 812.610870][T15017] bridge_slave_0: entered allmulticast mode [ 812.619984][T15017] bridge_slave_0: entered promiscuous mode [ 812.684349][T15017] bridge0: port 2(bridge_slave_1) entered blocking state [ 812.695065][T15017] bridge0: port 2(bridge_slave_1) entered disabled state [ 812.713217][T15017] bridge_slave_1: entered allmulticast mode [ 812.733791][T15017] bridge_slave_1: entered promiscuous mode [ 812.924899][T15017] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 812.977286][T15017] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 813.012109][T14880] 8021q: adding VLAN 0 to HW filter on device bond0 [ 813.084663][ T1061] bridge_slave_1: left allmulticast mode [ 813.090851][ T1061] bridge_slave_1: left promiscuous mode [ 813.104401][ T1061] bridge0: port 2(bridge_slave_1) entered disabled state [ 813.143330][ T1061] bridge_slave_0: left allmulticast mode [ 813.152256][ T1061] bridge_slave_0: left promiscuous mode [ 813.174465][ T1061] bridge0: port 1(bridge_slave_0) entered disabled state [ 813.179144][T15057] kvm: pic: non byte read [ 813.190223][T15057] kvm: pic: non byte read [ 813.200440][ T1061] bridge_slave_1: left allmulticast mode [ 813.206738][T15057] kvm: pic: non byte read [ 813.211706][T15057] kvm: pic: non byte read [ 813.216322][ T1061] bridge_slave_1: left promiscuous mode [ 813.222526][T15057] kvm: pic: non byte read [ 813.227629][ T1061] bridge0: port 2(bridge_slave_1) entered disabled state [ 813.241662][T15057] kvm: pic: non byte read [ 813.249142][ T1061] bridge_slave_0: left allmulticast mode [ 813.255247][ T1061] bridge_slave_0: left promiscuous mode [ 813.261938][T15057] kvm: pic: level sensitive irq not supported [ 813.262104][T15057] kvm: pic: non byte read [ 813.273484][ T1061] bridge0: port 1(bridge_slave_0) entered disabled state [ 813.283026][T15057] kvm: pic: non byte read [ 813.289339][T15057] kvm: pic: single mode not supported [ 813.289430][T15057] kvm: pic: non byte read [ 813.319140][T15057] kvm: pic: level sensitive irq not supported [ 813.319220][T15057] kvm: pic: non byte read [ 813.340988][T15057] kvm: pic: level sensitive irq not supported [ 813.341197][T15057] kvm: pic: level sensitive irq not supported [ 813.355463][ T5102] Bluetooth: hci3: command tx timeout [ 813.379453][T15057] kvm: pic: level sensitive irq not supported [ 813.504155][ T5173] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 813.702457][ T5173] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 813.723474][ T5173] usb 3-1: New USB device found, idVendor=22b8, idProduct=4b48, bcdDevice=3f.f0 [ 813.734612][ T5173] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 813.742685][ T5173] usb 3-1: Product: syz [ 813.753384][ T5173] usb 3-1: Manufacturer: syz [ 813.759222][ T5173] usb 3-1: SerialNumber: syz [ 814.474511][ T5102] Bluetooth: hci0: command tx timeout [ 814.637331][ T1061] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 814.663293][ T1061] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 814.687721][ T1061] bond0 (unregistering): Released all slaves [ 814.913688][ T1061] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 814.937696][ T1061] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 814.950839][ T1061] bond0 (unregistering): Released all slaves [ 815.250863][T15017] team0: Port device team_slave_0 added [ 815.260684][T15017] team0: Port device team_slave_1 added [ 815.313860][T15025] bridge0: port 1(bridge_slave_0) entered blocking state [ 815.331285][T15025] bridge0: port 1(bridge_slave_0) entered disabled state [ 815.351984][T15025] bridge_slave_0: entered allmulticast mode [ 815.377171][T15025] bridge_slave_0: entered promiscuous mode [ 815.391179][T15114] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1743'. [ 815.403060][T15025] bridge0: port 2(bridge_slave_1) entered blocking state [ 815.410480][T15025] bridge0: port 2(bridge_slave_1) entered disabled state [ 815.426823][T15025] bridge_slave_1: entered allmulticast mode [ 815.434495][ T5102] Bluetooth: hci3: command tx timeout [ 815.442459][T15025] bridge_slave_1: entered promiscuous mode [ 815.521974][T15117] sch_tbf: burst 0 is lower than device veth1_to_bridge mtu (1514) ! [ 815.736962][T15025] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 815.778469][T15025] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 815.797677][T15017] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 815.812647][T15017] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 815.859611][T15017] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 815.969330][T15017] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 815.992951][T15017] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 816.070039][T15017] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 816.121826][T14880] 8021q: adding VLAN 0 to HW filter on device team0 [ 816.190537][ T5173] qmi_wwan 3-1:1.0: skipping garbage [ 816.211274][ T5173] qmi_wwan 3-1:1.0: probe with driver qmi_wwan failed with error -22 [ 816.251310][T15025] team0: Port device team_slave_0 added [ 816.252939][ T5173] usb 3-1: USB disconnect, device number 60 [ 816.292125][T15025] team0: Port device team_slave_1 added [ 816.523507][T15017] hsr_slave_0: entered promiscuous mode [ 816.530858][T15017] hsr_slave_1: entered promiscuous mode [ 816.564087][ T5102] Bluetooth: hci0: command tx timeout [ 816.584702][T15017] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 816.592415][T15017] Cannot create hsr debugfs directory [ 816.645913][T15025] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 816.660689][T15025] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 816.683583][T15130] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1744'. [ 816.687323][T15025] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 816.712933][ T5104] bridge0: port 1(bridge_slave_0) entered blocking state [ 816.720173][ T5104] bridge0: port 1(bridge_slave_0) entered forwarding state [ 816.731924][ T5104] bridge0: port 2(bridge_slave_1) entered blocking state [ 816.739169][ T5104] bridge0: port 2(bridge_slave_1) entered forwarding state [ 816.762953][T15132] input: syz0 as /devices/virtual/input/input65 [ 816.829830][T15025] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 816.839627][T15025] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 816.935285][T15025] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 817.041974][ T1061] hsr_slave_0: left promiscuous mode [ 817.055400][ T1061] hsr_slave_1: left promiscuous mode [ 817.095360][ T1061] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 817.102945][ T1061] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 817.119740][ T1061] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 817.134230][ T1061] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 817.164817][ T1061] hsr_slave_0: left promiscuous mode [ 817.177777][ T1061] hsr_slave_1: left promiscuous mode [ 817.212028][ T1061] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 817.224242][ T1061] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 817.323457][ T1061] veth1_macvtap: left promiscuous mode [ 817.334575][ T1061] veth0_macvtap: left promiscuous mode [ 817.345668][ T1061] veth1_vlan: left promiscuous mode [ 817.361274][ T1061] veth0_vlan: left promiscuous mode [ 817.393010][ T1061] veth1_macvtap: left promiscuous mode [ 817.398790][ T1061] veth0_macvtap: left promiscuous mode [ 817.406323][ T1061] veth1_vlan: left promiscuous mode [ 817.414522][ T1061] veth0_vlan: left promiscuous mode [ 817.525409][ T5102] Bluetooth: hci3: command tx timeout [ 818.456258][ T1061] team0 (unregistering): Port device team_slave_1 removed [ 818.512870][ T1061] team0 (unregistering): Port device team_slave_0 removed [ 818.635268][ T5102] Bluetooth: hci0: command tx timeout [ 819.034546][ T5155] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 819.043680][ T5155] Bluetooth: hci0: Error when powering off device on rfkill (-110) [ 819.355647][ T1061] team0 (unregistering): Port device team_slave_1 removed [ 819.433028][ T1061] team0 (unregistering): Port device team_slave_0 removed [ 819.595185][ T5102] Bluetooth: hci3: command tx timeout [ 820.257688][T15025] hsr_slave_0: entered promiscuous mode [ 820.264844][ T29] audit: type=1326 audit(1720293752.730:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15146 comm="syz.3.1749" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73b4579 code=0x0 [ 820.296161][T15025] hsr_slave_1: entered promiscuous mode [ 820.303746][T15025] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 820.311833][T15025] Cannot create hsr debugfs directory [ 820.603437][ T29] audit: type=1326 audit(1720293753.070:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15148 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7417579 code=0x0 [ 820.643214][T14880] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 821.126867][ T5155] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 821.143137][ T5155] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 821.358148][T14880] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 821.590198][T15172] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1752'. [ 821.639267][T15172] sch_tbf: burst 0 is lower than device veth1_to_bridge mtu (1514) ! [ 821.879584][T14880] veth0_vlan: entered promiscuous mode [ 821.912179][T15017] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 821.968928][T15017] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 822.162797][T14880] veth1_vlan: entered promiscuous mode [ 822.195104][T15017] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 822.281181][T15017] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 822.798595][T15191] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1753'. [ 822.846676][T14880] veth0_macvtap: entered promiscuous mode [ 822.923541][T14880] veth1_macvtap: entered promiscuous mode [ 823.023205][T14880] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 823.049471][T14880] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 823.071040][T14880] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 823.086861][T14880] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 823.110593][T15196] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1754'. [ 823.128017][T14880] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 823.139656][T14880] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 823.154586][T14880] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 823.172497][T14880] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 823.196112][T15197] input: syz0 as /devices/virtual/input/input66 [ 823.228050][T14880] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 823.261260][T14880] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 823.280143][T14880] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 823.289920][T14880] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 823.431185][T15017] 8021q: adding VLAN 0 to HW filter on device bond0 [ 823.510623][T15025] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 823.560859][T15025] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 823.579315][T15025] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 823.611934][T15025] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 823.762865][T15017] 8021q: adding VLAN 0 to HW filter on device team0 [ 823.851236][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 823.858522][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 823.971832][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 823.979131][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 824.043522][ T1061] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 824.064805][ T1061] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 824.118942][ T29] audit: type=1326 audit(1720293756.580:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15211 comm="syz.2.1758" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7417579 code=0x0 [ 824.164724][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 824.172620][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 824.480927][T15017] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 824.510352][T15025] 8021q: adding VLAN 0 to HW filter on device bond0 [ 824.610638][T15025] 8021q: adding VLAN 0 to HW filter on device team0 [ 824.648514][ T5162] bridge0: port 1(bridge_slave_0) entered blocking state [ 824.655809][ T5162] bridge0: port 1(bridge_slave_0) entered forwarding state [ 824.712166][ T5162] bridge0: port 2(bridge_slave_1) entered blocking state [ 824.719445][ T5162] bridge0: port 2(bridge_slave_1) entered forwarding state [ 824.780047][T15017] veth0_vlan: entered promiscuous mode [ 824.799627][ T8] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 824.847112][T15017] veth1_vlan: entered promiscuous mode [ 825.009139][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 825.022681][ T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 825.035332][T15017] veth0_macvtap: entered promiscuous mode [ 825.064417][ T8] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 825.069336][T15017] veth1_macvtap: entered promiscuous mode [ 825.105143][ T8] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 825.125004][ T8] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 825.139510][T15025] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 825.147626][ T8] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 825.169945][ T8] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 825.190158][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 825.224367][ T8] usb 1-1: Product: syz [ 825.231911][ T8] usb 1-1: Manufacturer: syz [ 825.244040][ T8] usb 1-1: SerialNumber: syz [ 825.270766][T15017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 825.314107][T15017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 825.341781][T15017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 825.370456][T15017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 825.392419][T15017] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 825.438509][T15017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 825.463195][T15017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 825.504166][T15017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 825.532591][T15017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 825.561202][T15017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 825.604098][T15017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 825.636101][T15017] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 825.649814][ T8] cdc_ncm 1-1:1.0: bind() failure [ 825.682111][T15017] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.683806][ T8] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 825.709248][T15017] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.728245][ T8] cdc_ncm 1-1:1.1: bind() failure [ 825.744075][T15017] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.760711][ T8] usb 1-1: USB disconnect, device number 44 [ 825.764159][T15017] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.831040][T15230] picdev_read: 9 callbacks suppressed [ 825.831064][T15230] kvm: pic: non byte read [ 825.865492][T15230] kvm: pic: level sensitive irq not supported [ 825.865577][T15230] kvm: pic: non byte read [ 825.929524][T15230] kvm: pic: non byte read [ 825.943149][T15025] veth0_vlan: entered promiscuous mode [ 825.950074][T15230] kvm: pic: level sensitive irq not supported [ 825.950151][T15230] kvm: pic: non byte read [ 825.963311][T15230] kvm: pic: level sensitive irq not supported [ 825.963385][T15230] kvm: pic: non byte read [ 825.976767][T15230] kvm: pic: non byte read [ 825.981440][T15230] kvm: pic: non byte read [ 825.990229][T15230] kvm: pic: non byte read [ 825.997605][T15230] kvm: pic: single mode not supported [ 825.997629][T15230] kvm: pic: level sensitive irq not supported [ 826.003219][T15230] kvm: pic: non byte read [ 826.038816][T15025] veth1_vlan: entered promiscuous mode [ 826.184834][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 826.197030][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 826.253745][T15025] veth0_macvtap: entered promiscuous mode [ 826.278877][ T1061] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 826.298917][T15025] veth1_macvtap: entered promiscuous mode [ 826.315112][ T1061] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 826.407316][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 826.430281][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 826.448305][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 826.456167][T15253] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1761'. [ 826.467724][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 826.467753][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 826.467774][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 826.509267][T15025] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 826.532423][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 826.543349][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 826.573401][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 826.620930][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 826.669408][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 826.693117][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 826.737270][T15025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 826.788561][T15025] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 826.823173][T15260] program syz.4.1733 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 826.834782][T15025] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 826.936659][T15025] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 826.974156][T15025] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 826.983007][T15025] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.014118][T15025] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 827.345028][T15264] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1763'. [ 827.422273][T15266] input: syz0 as /devices/virtual/input/input67 [ 827.826455][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 827.860208][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 828.028348][ T29] audit: type=1326 audit(1720293760.500:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15273 comm="syz.4.1767" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7489579 code=0x0 [ 828.096461][T15272] netlink: 'syz.0.1766': attribute type 1 has an invalid length. [ 828.427957][ T29] audit: type=1326 audit(1720293760.900:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15278 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=31 arch=40000003 syscall=20 compat=1 ip=0xf7498579 code=0x0 [ 829.271786][ T63] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 829.610427][ T63] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 829.792651][ T63] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 829.977217][ T63] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 830.361681][T15310] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1775'. [ 830.420800][T15310] input: syz0 as /devices/virtual/input/input68 [ 830.436591][ T5092] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 830.447200][ T5092] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 830.464190][ T5092] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 830.482645][ T5092] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 830.499486][ T5092] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 830.508505][ T5092] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 830.526354][ T5102] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 830.535995][ T5102] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 830.544203][ T5102] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 830.590677][ T5102] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 830.647792][ T5102] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 830.667926][ T5102] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 830.678910][ T63] bridge_slave_1: left allmulticast mode [ 830.694488][T15292] ------------[ cut here ]------------ [ 830.700018][T15292] WARNING: CPU: 1 PID: 15292 at kernel/workqueue.c:2282 __queue_work+0xc5e/0xee0 [ 830.709180][T15292] Modules linked in: [ 830.713104][T15292] CPU: 1 PID: 15292 Comm: syz-executor Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 830.723475][T15292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 830.733565][T15292] RIP: 0010:__queue_work+0xc5e/0xee0 [ 830.738892][T15292] Code: ff e8 76 83 36 00 90 0f 0b 90 e9 20 fd ff ff e8 68 83 36 00 eb 13 e8 61 83 36 00 eb 0c e8 5a 83 36 00 eb 05 e8 53 83 36 00 90 <0f> 0b 90 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc [ 830.758519][T15292] RSP: 0018:ffffc900033ef750 EFLAGS: 00010002 [ 830.764600][T15292] RAX: ffffffff815fa44f RBX: ffff888022111e00 RCX: ffff888022111e00 [ 830.772581][T15292] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000 [ 830.780559][T15292] RBP: 0000000000000000 R08: ffffffff815f9923 R09: 0000000000000000 [ 830.788537][T15292] R10: ffffc900033ef820 R11: fffff5200067df05 R12: ffff88807d01b1c0 [ 830.796605][T15292] R13: dffffc0000000000 R14: ffff88807d01b000 R15: 0000000000000008 [ 830.804599][T15292] FS: 0000000000000000(0000) GS:ffff8880b9500000(0063) knlGS:0000000058532440 [ 830.813630][T15292] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 830.820220][T15292] CR2: 00007ffdcdbbcc48 CR3: 0000000061e46000 CR4: 00000000003526f0 [ 830.828202][T15292] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 830.836185][T15292] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 830.844182][T15292] Call Trace: [ 830.847479][T15292] [ 830.850428][T15292] ? __warn+0x163/0x4e0 [ 830.854616][T15292] ? __queue_work+0xc5e/0xee0 [ 830.859341][T15292] ? report_bug+0x2b3/0x500 [ 830.863882][T15292] ? __queue_work+0xc5e/0xee0 [ 830.868582][T15292] ? handle_bug+0x3e/0x70 [ 830.872951][T15292] ? exc_invalid_op+0x1a/0x50 [ 830.877660][T15292] ? asm_exc_invalid_op+0x1a/0x20 [ 830.882717][T15292] ? __queue_work+0x123/0xee0 [ 830.887406][T15292] ? __queue_work+0xc4f/0xee0 [ 830.892095][T15292] ? __queue_work+0xc5e/0xee0 [ 830.896792][T15292] queue_work_on+0x1c2/0x380 [ 830.901571][T15292] ? __pfx_queue_work_on+0x10/0x10 [ 830.906706][T15292] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 830.912716][T15292] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 830.919058][T15292] ? skb_queue_tail+0x36/0x120 [ 830.923834][T15292] __hci_cmd_sync_sk+0x7b1/0x1130 [ 830.928875][T15292] ? __pfx___hci_cmd_sync_sk+0x10/0x10 [ 830.934345][T15292] ? __pfx_lock_release+0x10/0x10 [ 830.939375][T15292] ? aa_get_newest_label+0xff/0x6f0 [ 830.944628][T15292] __hci_cmd_sync_status+0x37/0x130 [ 830.949840][T15292] hci_dev_cmd+0x51c/0xa50 [ 830.954270][T15292] ? __pfx_hci_dev_cmd+0x10/0x10 [ 830.959219][T15292] ? proc_do_large_bitmap+0x110/0x13c0 [ 830.964695][T15292] ? hci_sock_ioctl+0x6c4/0xa40 [ 830.969558][T15292] compat_sock_ioctl+0x18b/0xf20 [ 830.974521][T15292] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 830.980010][T15292] ? __fget_files+0x29/0x470 [ 830.984618][T15292] ? __fget_files+0x3f6/0x470 [ 830.989322][T15292] ? bpf_lsm_file_ioctl_compat+0x9/0x10 [ 830.994889][T15292] ? security_file_ioctl_compat+0x87/0xb0 [ 831.000632][T15292] __se_compat_sys_ioctl+0x51c/0xca0 [ 831.005945][T15292] ? __pfx___se_compat_sys_ioctl+0x10/0x10 [ 831.011852][T15292] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 831.017850][T15292] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 831.023856][T15292] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 831.030202][T15292] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 831.036828][T15292] ? lockdep_hardirqs_on+0x99/0x150 [ 831.042087][T15292] __do_fast_syscall_32+0xb4/0x120 [ 831.047239][T15292] do_fast_syscall_32+0x34/0x80 [ 831.052111][T15292] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 831.058449][T15292] RIP: 0023:0xf743a579 [ 831.062526][T15292] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 831.082139][T15292] RSP: 002b:00000000ffa4a3b4 EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 831.090563][T15292] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000400448dd [ 831.098540][T15292] RDX: 00000000ffa4a404 RSI: 00000000f7425ff4 RDI: 0000000000000003 [ 831.106524][T15292] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 831.114527][T15292] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 831.122530][T15292] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 831.130522][T15292] [ 831.133549][T15292] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 831.140916][T15292] CPU: 1 PID: 15292 Comm: syz-executor Not tainted 6.10.0-rc6-syzkaller-00212-g1dd28064d416 #0 [ 831.151245][T15292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 831.161309][T15292] Call Trace: [ 831.164596][T15292] [ 831.167531][T15292] dump_stack_lvl+0x241/0x360 [ 831.172227][T15292] ? __pfx_dump_stack_lvl+0x10/0x10 [ 831.177526][T15292] ? __pfx__printk+0x10/0x10 [ 831.182128][T15292] ? _printk+0xd5/0x120 [ 831.186306][T15292] ? vscnprintf+0x5d/0x90 [ 831.190732][T15292] panic+0x349/0x860 [ 831.194642][T15292] ? __warn+0x172/0x4e0 [ 831.198815][T15292] ? __pfx_panic+0x10/0x10 [ 831.203240][T15292] ? show_trace_log_lvl+0x4e6/0x520 [ 831.208500][T15292] __warn+0x346/0x4e0 [ 831.212506][T15292] ? __queue_work+0xc5e/0xee0 [ 831.217205][T15292] report_bug+0x2b3/0x500 [ 831.221671][T15292] ? __queue_work+0xc5e/0xee0 [ 831.226385][T15292] handle_bug+0x3e/0x70 [ 831.230557][T15292] exc_invalid_op+0x1a/0x50 [ 831.235076][T15292] asm_exc_invalid_op+0x1a/0x20 [ 831.239940][T15292] RIP: 0010:__queue_work+0xc5e/0xee0 [ 831.245237][T15292] Code: ff e8 76 83 36 00 90 0f 0b 90 e9 20 fd ff ff e8 68 83 36 00 eb 13 e8 61 83 36 00 eb 0c e8 5a 83 36 00 eb 05 e8 53 83 36 00 90 <0f> 0b 90 48 83 c4 58 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc [ 831.265126][T15292] RSP: 0018:ffffc900033ef750 EFLAGS: 00010002 [ 831.271201][T15292] RAX: ffffffff815fa44f RBX: ffff888022111e00 RCX: ffff888022111e00 [ 831.279181][T15292] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000 [ 831.287157][T15292] RBP: 0000000000000000 R08: ffffffff815f9923 R09: 0000000000000000 [ 831.295143][T15292] R10: ffffc900033ef820 R11: fffff5200067df05 R12: ffff88807d01b1c0 [ 831.303117][T15292] R13: dffffc0000000000 R14: ffff88807d01b000 R15: 0000000000000008 [ 831.311115][T15292] ? __queue_work+0x123/0xee0 [ 831.315800][T15292] ? __queue_work+0xc4f/0xee0 [ 831.320500][T15292] queue_work_on+0x1c2/0x380 [ 831.325100][T15292] ? __pfx_queue_work_on+0x10/0x10 [ 831.330223][T15292] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 831.336131][T15292] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 831.342646][T15292] ? skb_queue_tail+0x36/0x120 [ 831.347423][T15292] __hci_cmd_sync_sk+0x7b1/0x1130 [ 831.352466][T15292] ? __pfx___hci_cmd_sync_sk+0x10/0x10 [ 831.357946][T15292] ? __pfx_lock_release+0x10/0x10 [ 831.362981][T15292] ? aa_get_newest_label+0xff/0x6f0 [ 831.368294][T15292] __hci_cmd_sync_status+0x37/0x130 [ 831.373525][T15292] hci_dev_cmd+0x51c/0xa50 [ 831.377952][T15292] ? __pfx_hci_dev_cmd+0x10/0x10 [ 831.382898][T15292] ? proc_do_large_bitmap+0x110/0x13c0 [ 831.388392][T15292] ? hci_sock_ioctl+0x6c4/0xa40 [ 831.393254][T15292] compat_sock_ioctl+0x18b/0xf20 [ 831.398219][T15292] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 831.403703][T15292] ? __fget_files+0x29/0x470 [ 831.408306][T15292] ? __fget_files+0x3f6/0x470 [ 831.413009][T15292] ? bpf_lsm_file_ioctl_compat+0x9/0x10 [ 831.418736][T15292] ? security_file_ioctl_compat+0x87/0xb0 [ 831.424483][T15292] __se_compat_sys_ioctl+0x51c/0xca0 [ 831.429954][T15292] ? __pfx___se_compat_sys_ioctl+0x10/0x10 [ 831.435771][T15292] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 831.441767][T15292] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 831.447755][T15292] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 831.454202][T15292] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 831.460826][T15292] ? lockdep_hardirqs_on+0x99/0x150 [ 831.466058][T15292] __do_fast_syscall_32+0xb4/0x120 [ 831.471192][T15292] do_fast_syscall_32+0x34/0x80 [ 831.476060][T15292] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 831.482392][T15292] RIP: 0023:0xf743a579 [ 831.486468][T15292] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 831.506082][T15292] RSP: 002b:00000000ffa4a3b4 EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 831.514503][T15292] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000400448dd [ 831.522477][T15292] RDX: 00000000ffa4a404 RSI: 00000000f7425ff4 RDI: 0000000000000003 [ 831.530448][T15292] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 [ 831.538424][T15292] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 831.546401][T15292] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 831.554412][T15292] [ 831.557821][T15292] Kernel Offset: disabled [ 831.562245][T15292] Rebooting in 86400 seconds..