last executing test programs: 2m3.368397113s ago: executing program 0 (id=5263): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) lsm_list_modules(0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) r4 = syz_open_dev$vim2m(&(0x7f0000001580), 0x57, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010800000000000000000b00000008000300", @ANYRES32=r3], 0x4c}}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) dup3(r6, r5, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) io_setup(0x22, &(0x7f00000003c0)=0x0) r8 = socket$rxrpc(0x21, 0x2, 0xa) io_submit(r7, 0x1, &(0x7f0000000500)=[&(0x7f0000000000)={0x0, 0x0, 0x87, 0x2, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x2}]) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r9 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r9, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mmap(&(0x7f00005dd000/0x3000)=nil, 0x3000, 0x1000000, 0x10, r4, 0x9bd75000) r10 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0x29, &(0x7f0000001500)=[{&(0x7f0000001580)="d80000001a0081044e81f782db4cb9040a1d08007b490d4f1e81f8d815000100ff12142603600e12080005007a010401a80016002000034004000000035c0461c9d67f6f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993c034e653fe8efe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9ee5350db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e", 0xd8}], 0x1}, 0x0) 1m41.484415574s ago: executing program 0 (id=5263): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) lsm_list_modules(0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) r4 = syz_open_dev$vim2m(&(0x7f0000001580), 0x57, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010800000000000000000b00000008000300", @ANYRES32=r3], 0x4c}}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) dup3(r6, r5, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) io_setup(0x22, &(0x7f00000003c0)=0x0) r8 = socket$rxrpc(0x21, 0x2, 0xa) io_submit(r7, 0x1, &(0x7f0000000500)=[&(0x7f0000000000)={0x0, 0x0, 0x87, 0x2, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x2}]) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r9 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r9, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mmap(&(0x7f00005dd000/0x3000)=nil, 0x3000, 0x1000000, 0x10, r4, 0x9bd75000) r10 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0x29, &(0x7f0000001500)=[{&(0x7f0000001580)="d80000001a0081044e81f782db4cb9040a1d08007b490d4f1e81f8d815000100ff12142603600e12080005007a010401a80016002000034004000000035c0461c9d67f6f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993c034e653fe8efe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9ee5350db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e", 0xd8}], 0x1}, 0x0) 1m6.656303036s ago: executing program 0 (id=5263): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) lsm_list_modules(0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) r4 = syz_open_dev$vim2m(&(0x7f0000001580), 0x57, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010800000000000000000b00000008000300", @ANYRES32=r3], 0x4c}}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) dup3(r6, r5, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) io_setup(0x22, &(0x7f00000003c0)=0x0) r8 = socket$rxrpc(0x21, 0x2, 0xa) io_submit(r7, 0x1, &(0x7f0000000500)=[&(0x7f0000000000)={0x0, 0x0, 0x87, 0x2, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x2}]) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r9 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r9, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mmap(&(0x7f00005dd000/0x3000)=nil, 0x3000, 0x1000000, 0x10, r4, 0x9bd75000) r10 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0x29, &(0x7f0000001500)=[{&(0x7f0000001580)="d80000001a0081044e81f782db4cb9040a1d08007b490d4f1e81f8d815000100ff12142603600e12080005007a010401a80016002000034004000000035c0461c9d67f6f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993c034e653fe8efe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9ee5350db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e", 0xd8}], 0x1}, 0x0) 55.74244059s ago: executing program 0 (id=5263): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) lsm_list_modules(0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) r4 = syz_open_dev$vim2m(&(0x7f0000001580), 0x57, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010800000000000000000b00000008000300", @ANYRES32=r3], 0x4c}}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) dup3(r6, r5, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) io_setup(0x22, &(0x7f00000003c0)=0x0) r8 = socket$rxrpc(0x21, 0x2, 0xa) io_submit(r7, 0x1, &(0x7f0000000500)=[&(0x7f0000000000)={0x0, 0x0, 0x87, 0x2, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x2}]) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r9 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r9, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mmap(&(0x7f00005dd000/0x3000)=nil, 0x3000, 0x1000000, 0x10, r4, 0x9bd75000) r10 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0x29, &(0x7f0000001500)=[{&(0x7f0000001580)="d80000001a0081044e81f782db4cb9040a1d08007b490d4f1e81f8d815000100ff12142603600e12080005007a010401a80016002000034004000000035c0461c9d67f6f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993c034e653fe8efe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9ee5350db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e", 0xd8}], 0x1}, 0x0) 27.87599038s ago: executing program 0 (id=5263): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) lsm_list_modules(0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) r4 = syz_open_dev$vim2m(&(0x7f0000001580), 0x57, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010800000000000000000b00000008000300", @ANYRES32=r3], 0x4c}}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) dup3(r6, r5, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) io_setup(0x22, &(0x7f00000003c0)=0x0) r8 = socket$rxrpc(0x21, 0x2, 0xa) io_submit(r7, 0x1, &(0x7f0000000500)=[&(0x7f0000000000)={0x0, 0x0, 0x87, 0x2, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x2}]) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r9 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r9, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mmap(&(0x7f00005dd000/0x3000)=nil, 0x3000, 0x1000000, 0x10, r4, 0x9bd75000) r10 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0x29, &(0x7f0000001500)=[{&(0x7f0000001580)="d80000001a0081044e81f782db4cb9040a1d08007b490d4f1e81f8d815000100ff12142603600e12080005007a010401a80016002000034004000000035c0461c9d67f6f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993c034e653fe8efe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9ee5350db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e", 0xd8}], 0x1}, 0x0) 14.367919329s ago: executing program 4 (id=5790): syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2) mbind(&(0x7f0000887000/0x1000)=nil, 0x1000, 0x1, 0x0, 0x0, 0x0) write$char_usb(r0, &(0x7f0000000000)='8', 0x1) 12.111080258s ago: executing program 2 (id=5793): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) keyctl$reject(0x13, 0x0, 0x9, 0x202, 0x0) r0 = gettid() r1 = socket$xdp(0x2c, 0x3, 0x0) dup(0xffffffffffffffff) r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) io_uring_setup(0x30d3, &(0x7f00000000c0)) r3 = getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(r0, 0x0, &(0x7f0000000300)=0x7fffffff) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) unshare(0x22020600) r6 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r7 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$sock_linger(r6, 0x1, 0xd, &(0x7f0000000040)={0x1}, 0x8) close_range(r7, 0xffffffffffffffff, 0x0) r8 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r9, r10, &(0x7f0000000200)=@IORING_OP_SPLICE={0x1e, 0x20, 0x0, @fd=r1, 0x3, {0x0, r8}, 0x4, 0x2, 0x0, {0x0, 0x0, r8}}) io_uring_enter(r8, 0x2def, 0x0, 0x0, 0x0, 0x0) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f0000000840)=[{{&(0x7f0000000240)=@nfc, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000340)=""/87, 0x57}, {&(0x7f0000000580)=""/231, 0xe7}, {&(0x7f00000003c0)=""/108, 0x6c}, {&(0x7f0000000180)=""/43, 0x2b}, {&(0x7f00000002c0)=""/52, 0x34}, {&(0x7f0000000440)=""/31, 0x1f}, {&(0x7f0000000680)=""/137, 0x89}, {&(0x7f0000000740)=""/144, 0x90}], 0x8, &(0x7f0000000800)=""/8, 0x8}, 0xfffff808}], 0x400003d, 0x2, 0x0) openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mknod(&(0x7f0000000540)='./file1\x00', 0x0, 0x0) mount$afs(&(0x7f0000000480)=ANY=[@ANYBLOB='#'], &(0x7f0000000040)='./file1\x00', &(0x7f0000000080), 0x0, 0x0) ioctl$sock_netrom_SIOCDELRT(r2, 0x890c, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x10, r2, 0x64d6c000) 10.49615601s ago: executing program 4 (id=5798): r0 = syz_open_dev$vim2m(&(0x7f0000000140), 0x0, 0x2) ioctl$vim2m_VIDIOC_EXPBUF(r0, 0xc0405668, &(0x7f0000000100)={0x0, 0x0, 0xc}) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000002000)=ANY=[@ANYBLOB="12010000facf01406e0510401c20000000010902120001000000000904"], 0x0) syz_usb_control_io(r1, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010400000000000000000100000008000240000000020900010073797a300000000014000000110001"], 0x50}}, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r3, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000001200)=[@in6={0xa, 0x4e28, 0xff, @local, 0x2}]}, &(0x7f00000001c0)=0x10) getsockopt$inet_sctp6_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000500)={r4}, &(0x7f0000000540)=0x8) sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={{0x14, 0x10, 0x9000, 0x6}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x48}}, 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) iopl(0x3) setsockopt$sock_int(r2, 0x1, 0x23, &(0x7f00000002c0), 0x4) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000900)=@bloom_filter={0x1e, 0x8, 0x873, 0x4, 0x4001, 0x1, 0xbf, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x5, 0x5, @void, @value, @void, @value}, 0x50) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000a80)={r5, &(0x7f0000000980)="88a757c54280e680dbcfcdc4326749d6bf14d0463cf234455752af1e004480b943f2b7a984265722fe4a1c02ac11427423b81428bc077467694a7854eb5f098c08117f17c99aadc9bb4041ab2e20b46cdf6c751f8195b27e3c9df6995336bb72ec51c4899723b6c5887916679202b3a5f60e3b106518705fdf3685e311b18665875ce91ff6f5138f4382ca20705c66f1350ac6bf626a1eced843f17159834a1328b08e19cc2efca74b5b", &(0x7f0000000a40)=""/30, 0x4}, 0x20) bpf$OBJ_PIN_PROG(0x6, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, &(0x7f0000000600)={0x2c, &(0x7f0000000180)={0x0, 0x0, 0x87, "f9b72111cb6464d18c1f33f12be13d35524f432de2f21db50da49d470897fae0d0b1d52566d8dc2e1ae75ef81e4a3d82e1bb93255b594ae34742d25c6a625cc343f9ebd5c40e7060c06b9b16c93136d507cd8862e46b1af9b14f0731e74ab2c99610a6f634e22aed24532df6e3b6f0289e8c3d59881418cebdbc36bd35f50c8cf81d6049321876"}, 0x0, 0x0, 0x0, 0x0}) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x25, 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_usb_control_io$uac1(r1, &(0x7f0000000380)={0x14, &(0x7f0000000300)={0x20, 0xa, 0x65, {0x65, 0x10, "cd6cc6c0776b93ebf6c35aa876062d5d135118b1ded2b505161a7e87b524eea27e36556d64cbc072a09dd382ff797cc16e8953c861b070120271ab54025579f6d1257aa37c27e96cad79853886e71cf59536be9abfbdee01e546f137c16d143721be75"}}, &(0x7f0000000500)={0x0, 0x3, 0xd5, @string={0xe0, 0x3, "faa27630b5860757f9b753818ca7da5dfcb51e5d57935ae46c6dd71e602944edebc8f87afed0547be79e32ebbb5dfa84f3e9836d07ff30090b6040b586a7f8e2a7ef37585d87f2a03509313cf68a25d460319621681486803a96fe4039f1ce07833f26f0bca9db9180d7120863866c3e74124196bd20067f22e38b3c43bbc58e7be0b9b2e6bfb0b17b18629d456cfb92f844fb4db5d63f9f508f9c0c168f01ffbdcd30c757407373c930abcbf180384c6a23a3e6e44464086a6038233198a6b829418b19bd31c71ead0c2747094975ebca64dbd70f3c092cb2cc11dc9da7"}}}, &(0x7f0000000880)={0x44, &(0x7f0000000640)={0x0, 0x16, 0x99, "9bb4478b4e3d3999b829b2c95a2be78502c7a1af0bb6f3ea9ecbe72232f2e14eb7c8d5c2229542ab0e2a9557b82d1e1e2b5ebac1c1bbf4d3699ada74167891c93068437087bf47325bd6c1144d67bd62415b1b1d661f0ab3b5a4dc06fe916e44abcf805948e9d9d7810a271d11462c3d1366e3af780257154c1190b313bd931e125908ae8b3e40741bfd48a1f8f1ca092a7f9173a97e469ef6"}, &(0x7f0000000400)={0x0, 0xa, 0x1, 0x29}, &(0x7f0000000700)={0x0, 0x8, 0x1, 0x1c}, &(0x7f0000000740)={0x20, 0x81, 0x3, "d799b8"}, &(0x7f0000000780)={0x20, 0x82, 0x1, "c6"}, &(0x7f00000007c0)={0x20, 0x83, 0x3, "4585cc"}, &(0x7f0000000800)={0x20, 0x84, 0x4, "35e9ee1a"}, &(0x7f0000000840)={0x20, 0x85, 0x3, "d4fc98"}}) sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000280)=ANY=[@ANYBLOB="340000003b0007010000000000000000047c0000040000000c00018006000600800a0000100002800c001700070001"], 0x34}, 0x1, 0x0, 0x0, 0x40}, 0xc000) syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000440)={0x44, &(0x7f00000003c0)={0x20, 0x16, 0x2, "f2ac"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 10.264029638s ago: executing program 0 (id=5263): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) lsm_list_modules(0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) r4 = syz_open_dev$vim2m(&(0x7f0000001580), 0x57, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010800000000000000000b00000008000300", @ANYRES32=r3], 0x4c}}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) dup3(r6, r5, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) io_setup(0x22, &(0x7f00000003c0)=0x0) r8 = socket$rxrpc(0x21, 0x2, 0xa) io_submit(r7, 0x1, &(0x7f0000000500)=[&(0x7f0000000000)={0x0, 0x0, 0x87, 0x2, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x2}]) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r9 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r9, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mmap(&(0x7f00005dd000/0x3000)=nil, 0x3000, 0x1000000, 0x10, r4, 0x9bd75000) r10 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r10, &(0x7f0000000000)={0x0, 0x29, &(0x7f0000001500)=[{&(0x7f0000001580)="d80000001a0081044e81f782db4cb9040a1d08007b490d4f1e81f8d815000100ff12142603600e12080005007a010401a80016002000034004000000035c0461c9d67f6f940071342e875fab7cb6cec6cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b141993c034e653fe8efe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9ee5350db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e", 0xd8}], 0x1}, 0x0) 10.220122593s ago: executing program 2 (id=5800): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = socket$l2tp(0x2, 0x2, 0x73) bind$l2tp(r0, &(0x7f00000000c0), 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), r1) sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)={0x44, r2, 0x917, 0x0, 0x0, {}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @multicast2}, @L2TP_ATTR_IP_DADDR={0x8, 0x19, @remote}]}, 0x44}}, 0x4000) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000f, 0x28011, r6, 0x0) utime(0x0, &(0x7f0000000540)={0x6, 0x6}) r7 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) getsockopt$llc_int(r7, 0x10c, 0x2, &(0x7f00000006c0), &(0x7f0000000700)=0x4) connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x28, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) close_range(r8, 0xffffffffffffffff, 0x0) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r9}, 0x38) 8.578251435s ago: executing program 1 (id=5801): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mkdir(&(0x7f0000000040)='./file0\x00', 0x18) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x40010, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, 0x0, 0x0) 8.577403021s ago: executing program 2 (id=5802): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000300)={0x76, 0x0, 0x1, 0x9, 0x0, {}, [@NLBL_CIPSOV4_A_TAGLST={0x4, 0x4, 0x0, 0x1, [{0x0, 0x3, 0x1}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MLSLVLLST={0x4}, @NLBL_CIPSOV4_A_MLSCATLST={0x18, 0xc, 0x0, 0x1, [{0xfffffdc9, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6d2c}]}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x0) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454c8, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x144000, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r4, &(0x7f0000000440)="6d1e32064a1c1b56ac979b017d5fb42c13bf4a0944ff24740c5c9dc7eb4c55a1cd8c6b2f2f49191e3864a08758ae36801c50cc5282613a8c55ee6dd588648bfc367aff70ad07e32ac84ff056e50e5cd53054edcde0d6ac150983c32f72e8bba1761e8ce0cb082db2d230b00e7465cbe29a0274e25910b7a6036dbda23f851320ebb0c2dc48698eb5d726f97b1c361e6397116a7a9d1c46b65e551adda98e73ac36d8b4e7ff6e7a8161c8768dc3a4b160b475d5963d911614c49232e04ca8ef", 0x20000000}, 0x20) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000000)={r4, &(0x7f0000000180), 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r9, r6, 0x25, 0x2, @val=@tcx={@void, @value}}, 0x40) syz_emit_ethernet(0x22, &(0x7f0000000100)=ANY=[], 0x0) 6.160267455s ago: executing program 1 (id=5803): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) io_setup(0x4, &(0x7f0000000280)) dup3(0xffffffffffffffff, r0, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000600)=[{{&(0x7f0000000c00)={0x2, 0x4e20, @multicast2}, 0x10, 0x0}}], 0x1, 0x2000c044) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9ecda75e2a7d49d5cbcb370c4d789390a328ba42c9c60cf2154d1b659aa709e8980a522cfb72f23ad87fb7019706ccae98cfe7c4fd23e8297b8cabc46ede1ac3da78f1b488c6357e7edfcd417df6660af20a54ecdcb02f689ae15ee655d4b7b1ea733e88ee9f53669388dff487c1c49953f3bc142112bd4b582b29b35d43962ed245c2cd5d5df40a3e0ed6beaf3b641e84b0f0dfa121a9efe05269f9f4a0e9bcbf43c7a90a711f453668c730c3badedca687b71a9c27bab9e724cc4a4918713031596ea6fd01124f973f257ccd9665aee7df4a9d64f079d176abc00000000d7af3e2dd4396f72373fb0a787a6129ca41181f5087fb843212550b58e3707d5a0399de36c2503836cbe2133de4f574e9e05c96788b0de1bd13e390445433d96737b964fa8af2ac4b2f0f9390ca93d8d3d810044d024359e067c4553230ab748947d33f8fc115ce9a49e6571c45a05d786cbd49342c236537dbbeec666b07baab917252113a5b9a77283189b518f356debe42d80cf2d0687b9c64d0253a6a09286fded6e4f8557b8fb4f25ca4fb138af8945c74bbc98748eaaa030be5317646f195e6e085ac6ddb29542e3581961259987241f7e7061526a7afec8962e74215fea43703a4e543ee9d1a3c3f5f2a41977ece8fdadcf89ce331ce59bebae5f53513d0e10485d7ddbda60513bf339602510b3a23ea29a0d5d03a61e34d12942ea4a847c884b27b5344a456d02a55f8929cc567e7c792c01fab7a7b32780a14c361000609b817dd91507b04d875279527946fdb8fb92a512485e234d092c28f1d0a0498731ccc0eb10515d510e8945839307b46512ceca6f495fdd2c6ae5eb2ef3b2a40ebdc7edf0048e3fb5e3d97a9ea5113a6b70d20ad5c43f0df95d88c0f121a1884da21a21f0ba47420f8391a97921cc51871dbb272e43710fe71d5e342c3afd10608a8b02f00e8fbd8d570b6faace86c494ecea8913233391e7b7cec3d571bb3032181ed58e1b513e511f79ee562c8cde9b3b74c2e95dcde7fadb5a666bdc0c1684794620ce8cf0c0aee8e90b3ef6e7160d3f055cb4d1ced32e4edc15e7d102952d3237e6c02c591a95a182bf190c0124abc7f1225332ff1c5e1b94e4e9bf02c1a18bd7bfce20707f7298da322560bc1a4cf298d46f5bf8ff41da21e25aa17f65f9ee43ca890b5ef6a3ccf3efedf3ca60a9acef1352ad0c43e6cf375108cf0974ce89a99adba7e6a3f8949dc573440fafe0e3abdd0066057a2d868e8386080f18a421568d8e7a89536a4173861bd55245c8fcf7dcba18edce36d2e85b9630fbc218db9ebd16abb11ac06fdbf2bc3e6394d4c6e7ae71813d30772d487743a2856348fee09989ce03331e7848770fc91e62191c20fe5f4a73c5dae467dd612bdb63b1e50921d38271305d7412103d5a6214d6d534d1d530b9169f882b6926bbd338f0282a8bd9a44603934e5249e83f1d0947b39f82a7843d2b6f796d8abf7ff3e66cfd4519324d71cebbf6580dffc10d555e479e9acaa12c3c59e3732c181aa4223d0fcdac514e9d7c7963c2634964520286b028f60a4ae612b8e6049315139e884cbffd6836253094ad023329183496cf663366ad4d7f7f5f1bd2db9b0d33f106c041fba4494c7da404d45d8955e5459ca4a62862721ec1fa534fd95e262c5814426816e60000000000000000001aa4fb6f40ec24f42f6949cc28d2a0d4eb61cb1664627582d962523586539445b81e9759321652280ecb", 0xffe3, 0x0, 0x0, 0x0) pwritev2(0xffffffffffffffff, &(0x7f0000000780)=[{&(0x7f00000002c0)="1571dba375124448330d42bed5debc233f16e2e06d37bf5f75ea4dd16683239fecb7f86ec19c4c80dbb45ef42948bb886f2cb618fbf2256b0160ffa644e0dc9d224be65cdc22def45870366c0ee8e62f9740c1990b8e4aaf26d183ad6e1ff4989c9a8242b95768f30f95ee6f3ab6dad30d", 0x71}, {&(0x7f0000000340)="9dd37b6119d39523ba68313e0d834fc88f3661c5ee23db5124e9d5f0c6e96df9479422a30efbc2a239119d8a3ebc63fe487ee72b85d53e5c29f9d825695a4edf4a90e215b442a6c5a1d0ed8e9e8f164019457d5bcd386b8968e1a1286f94924c9a724de3", 0x64}, {&(0x7f00000003c0)="deca7371d99803788034248af68479db199a2ccb63f1f123ad440afcb9f5890c79eda40dd69e437568b1ca44021e1a1d8c2d631fb92bbda77cc641df2d7cf015838ced5d70ed447ccb8641ed2d2f9b7a609ce1ead51a265994e94c03827a0a7d7730061eb90efbce30495528b198f3e4f57c11fa9533e5bec77b110da30d49d133c83783d3ef9bb07da94b7ed60eada73d172f32f9526a69b0eec0f5fcd120145e7bdef0a51ac53599e84a84b35a7202c1e456496d14fadae5bb6cf1a4c63c13b79aba63cb44fbfc6c00c6db17bc4c4a0576e8d9c954c3c409edfef6f7e85b3059239678582c8a73502f68227fa376435d3fc386b3", 0xf5}, {&(0x7f00000004c0)="820bede1ffe53322ef73f417ebb23c1b6633aadc21842fb3a71ac7d842dcf5aa1296a689a06fe2088f534187ff17351bb067b9a9c17b76b4e6db7081cf95de74773844ad2445c354dbc631416ec4558fc2897a6e6bc770504fdcfe4361cc7719d09057ec28131790069d35eae433a0e61b64564c6e964092f3ab8dea30c036441a3991fa2e2ac47bf0d7f3830f070f8834d9c05a41b14f07a612845ac2ead17b1eb469aaf3c15c7e0dc13bcf1eb14bd82b4c3b41d1b02f143ea637675fd1d0dd308b0db585145a1947a2c1f36cb8fa56b6089a614a15fda9229f", 0xda}, {&(0x7f00000005c0)="0b069407fb4b7501e93ffab8256a817663d6067e6156f1068cd6ca6a0ffd6986b1a8ef1023abc93c53389afdc670029336c7ae69b96cb2d023c08547d948e4ddd5203562fb554eeb1c46d1ecb8b75117ff3ff4f2907dd10f75ae3e32882c66f15a6614654149cf5e04213c55b6c8fe205eac1e8dbcb69f7a5cb04cbdbd6759b10356a12934d75d270abc4e1ac34ed8db6544f74ef51b4d71a2ee302b326899dcd5574e2b25610f41f8a2ba8098b8648973369ef6e47d9418494751a953f6adaecdaf8b4f75b9edd731c6d393946ff54707669c0260a296da8f3cbc1befac11e9450adfc17850bebbdc2ea74545c5f1765b9f012785b4be4e79f950", 0xfb}, {&(0x7f00000006c0)="56275177c2d2c8153d6f93e63171592255d896bc833e52792284ae917d11e85764d3e1cd87f43e5653c327a134464900a2844be642d85ba85e24ae55fa7e5310dd168e10ad69d6ab11790d377820013c1429d8d18c3629d66d0b38674c47d59280a6dac449e2f08774b96ba60861c80184937ccdb644ce64c972d5477f7b193c7c7606382f297b9eb585ae7f9fbfb1d4530ced1ebdd4d411f8e256bd", 0x9c}], 0x6, 0x8, 0x5, 0x1) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_COMPAT_GET(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="14000000000b516d39e2240975f0ba4c1ff899ff"], 0x14}}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r5 = syz_open_dev$vim2m(&(0x7f0000000140), 0x8000, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x2}) write$binfmt_script(r5, &(0x7f0000000100), 0xfecc) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000040)='hybla\x00', 0x1a) connect$inet6(r6, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) sendmmsg$inet6(r6, &(0x7f0000005700)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000008c0)='F', 0x1}], 0x1, &(0x7f0000000a00)=ANY=[@ANYBLOB="14"], 0x18}}], 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c010000100001000000000000000000fe880000000000000000000000000001ffffffff00"/64, @ANYRES32=0x0, @ANYBLOB], 0x13c}}, 0x0) 6.158535171s ago: executing program 4 (id=5804): openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) madvise(&(0x7f00000e0000/0x2000)=nil, 0x2000, 0x15) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000500)={0xa, 0x2, 0x0, @empty}, 0x1c) shutdown(r1, 0x1) listen(r1, 0x0) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000000c0), 0x100, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x20, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee4, @void, @value}, 0x94) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000040)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000940)="a5", 0x1, 0x20004002, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) r3 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0xa2602, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r3, &(0x7f0000000040)={0x1, 0x5}, 0x2) write$USERIO_CMD_REGISTER(r3, &(0x7f0000000100), 0x2) preadv(r3, &(0x7f0000000000)=[{&(0x7f0000001180)=""/4100, 0x1004}], 0x1, 0x0, 0x0) 5.760145195s ago: executing program 2 (id=5806): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00') read$FUSE(r0, 0x0, 0x0) openat(r0, &(0x7f0000000000)='./file1\x00', 0x42, 0x4c) mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000180)='./file1\x00', &(0x7f0000000240)='v7\x00', 0x1c041, 0x0) 5.632063563s ago: executing program 2 (id=5807): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b18, &(0x7f0000000000)={'wlan1\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c090000560333"], 0x398}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x4c}}, 0x0) r9 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_STOP_AP(r9, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f00000028c0)={0x0, 0x28}}, 0x0) getsockname$packet(r9, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r11 = socket$nl_route(0x10, 0x3, 0x0) r12 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r12, 0x8933, &(0x7f0000000040)={'batadv0\x00', 0x0}) sendmsg$nl_route(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r10}]}}}, @IFLA_MASTER={0x8, 0xa, r13}]}, 0x48}}, 0x0) r14 = socket$nl_route(0x10, 0x3, 0x0) r15 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r15, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) sendmsg$nl_route_sched(r14, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x0, 0x0, {0x0, 0x0, 0x0, r16}}, 0x24}}, 0x0) r17 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r18 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r18, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r17, @ANYBLOB="0500000000f7ffffff000600000008000300", @ANYRES32=r19, @ANYBLOB="0800050003"], 0x24}}, 0x0) r20 = accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$packet_rx_ring(r20, 0x107, 0x5, &(0x7f0000000200)=@req3={0x5, 0x2, 0xb1, 0x8, 0x1ff, 0xfffffbf9, 0x6}, 0x1c) 5.61899719s ago: executing program 4 (id=5808): r0 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x5, 0x2) r1 = gettid() sigaltstack(&(0x7f00000000c0)={&(0x7f0000002400)=""/4102, 0x0, 0x1006}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x10012, r2, 0x0) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) rt_sigqueueinfo(r1, 0x23, &(0x7f0000000000)) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x400007, 0x1, 0x2, 0x0, 0x4}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000080)=0x1) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x8}}, './file0\x00'}) r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r4, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="0200a30d100007006000000002000020d3"]) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000ac0)={0x2004}) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r6, 0x560a, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0xffff, 0x200, 0x2}) mount$9p_fd(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f00000001c0), 0x2000004, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@access_any}, {@privport}, {@msize={'msize', 0x3d, 0x6385}}, {@posixacl}, {@access_any}, {@access_client}, {@version_9p2000}, {@cache_mmap}, {@noextend}], [{@obj_type={'obj_type', 0x3d, ':'}}]}}) epoll_pwait(r5, &(0x7f0000000080)=[{}], 0x1, 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000100)=@req={0x3, 0x7fff, 0x6, 0x1000}, 0x10) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c0000005e00", @ANYRESDEC], 0x4e}}, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x7, &(0x7f00000000c0)=0x8d2, 0x4) 5.097489993s ago: executing program 1 (id=5809): r0 = socket$netlink(0x10, 0x3, 0x10) sendmsg$rds(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000002c0)=""/188, 0xbc}], 0x1}, 0x0) r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x41}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x188}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) arch_prctl$ARCH_GET_MAX_TAG_BITS(0x4003, &(0x7f0000000940)) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000cc0)={'wlan0\x00', 0x0}) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_INTERFACE(r5, &(0x7f0000000e40)={0x0, 0xd, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="2508007a0000000000000700000008000300", @ANYRES32=r4, @ANYBLOB="1400140064756d6d7930000000000000000000001400040076657468315f746f5f626f016400000005005300010000000800050004"], 0x54}}, 0x0) syz_emit_ethernet(0x147, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x111, 0x0, 0x0, @private2, @local, {[], "223427d5c9a46b9fa14172170a013589317d2af31ba55431762f462a5abc3f46494ee91bfca594d52f8c3785143e92da5d2d81edc09f68f122fbf741257bf1319408347a17c89212dfe27a0fc65362487e5afe673f0954f60d9d08b61276ce0b3aa520b5f30a9f52c4aa53fc003f8570383ca63530d93b78a7875338b3d7645ef2c24ab05db63cfdcde7b3cac2248c9d1c73d0d4382b3f520ad6e9be698eaa9bf5b939ce09919c9485c4725690ee2483315829a196f85a5ae552ebe19a2d6768ce2a6bf60fbb53104c7919b7cf28fa555fc9460df11e72eddebb2fc4eb6f83b16e0d65307e4210dfc209f0c68df65b57f420fd215546b798af6b6ab7bfb2fe6bd6142f877852717370b1ca39d199c149c3"}}}}}, 0x0) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040e04de220c"], 0x7) r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000c80)=ANY=[@ANYBLOB="12010000000000406d0422c2000000000001090224000100000000090400000103000000092100000001220b0009058103"], 0x0) syz_usb_control_io$hid(r6, 0x0, 0x0) r7 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000300)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) syz_usb_connect$uac1(0x6, 0xf0, &(0x7f00000006c0)=ANY=[@ANYBLOB="12010002000000906b1d01014000010203010902de00030105000c0904000000010100000a2401400006000000092403020303030604062405040ae006240405253a0924070305007fb5c90904010000010200000000010101010200000e240201fa02800772ba52aab3a90d24020101010709022a4891970b2402010f030201de67fc090501091000050680074101810209000904020000010200000904020101010200000e2402020400ff01049ce9f61bd01124020203000cfce5d6a6bf647bccf4ad0c24020201ff040040b7c197102402010103fe00d76cfdf04aac17ae0905820900040608040725014229ff03"], &(0x7f0000000900)={0xa, &(0x7f0000000480)={0xa, 0x6, 0x250, 0x4a, 0xff, 0x6, 0xff, 0x81}, 0x35, &(0x7f0000000a00)=ANY=[@ANYBLOB="050f3500030710020a350500261001bc82f342dd34cf062d2f136f8e94008178cff02775799a13d6d52ccd4456fd8a0700cb03100bc9742b3fac30924a59a203513f682be52b22996772309d7f11f7dc224229a65d044288b33a1f52ef82e05205197c7cca374294004b80951bd5d95262a8987278e2f1b76cf09dedd9e7d3f0e21144c605bc5d"], 0x1, [{0x5a, &(0x7f0000000880)=@string={0x5a, 0x3, "f14243e4ce98a7a11de7d47cb1108480ad58293880155c8584ec737360b3e99acd09c22c1c7b3b5fc6c9061dd04b97c8ce61e1eb8abf96b9d7ff45c4fc4c6e7accd3f74cb8af1f26975c0482bb60dcc10df7e7b1e8128a2f"}}]}) r8 = add_key(&(0x7f0000000100)='big_key\x00', &(0x7f0000000180)={'syz', 0x2}, &(0x7f0000000340)="14", 0x1, r7) keyctl$KEYCTL_MOVE(0x1e, r8, r7, r8, 0x0) syz_usb_control_io(r6, &(0x7f0000000200)={0x18, &(0x7f00000000c0)={0x0, 0x0, 0xc, {0xc, 0x0, "6d5bcbc4049b50f2f091"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 3.228248495s ago: executing program 4 (id=5811): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000000040)=0x3, 0x4) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='net/ip6_mr_vif\x00') read$FUSE(r1, &(0x7f0000000b80)={0x2020}, 0x2020) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x1a, &(0x7f0000000200)={0x2, 'netdevsim0\x00', 0x40000000}, 0x48) syz_emit_ethernet(0xce, &(0x7f0000000240)=ANY=[@ANYBLOB], 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f0000000040), 0x4) setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x303}, "77746a315690a576", "07f217bd2e511e465bbbd5de32b495b2f9044677d4d588360663af84db44be59", "9bba8c07", "f37f20e2ff799aae"}, 0x38) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000004900)=@base={0xa, 0xbf, 0x4, 0x9, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000002140), &(0x7f00000021c0), 0xb80e, r3}, 0x38) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000001f00)=r3, 0x4) write$binfmt_aout(r2, 0x0, 0xfdef) r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r4, 0xc0045516, &(0x7f0000000b00)=0x6) poll(&(0x7f0000000b80)=[{r4}], 0x1, 0xffffffff) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc4c85513, &(0x7f0000000540)={{0x1, 0x0, 0x800, 0x0, 'syz0\x00'}, 0x0, [0xfffffffffffffe00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0xfffffffffffffff6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc4c85513, &(0x7f0000000040)={{0x1, 0x1, 0x0, 0x0, 'syz0\x00', 0x80}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0xfffffffffffffff8, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000, 0x0, 0x0, 0x3, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x801]}) close(r2) r5 = signalfd(r2, &(0x7f00000002c0)={[0x7fffffff]}, 0x8) read$FUSE(r5, &(0x7f00000008c0)={0x2020}, 0x2020) mount_setattr(r5, &(0x7f0000000a40)='./file0\x00', 0x8800, &(0x7f0000002bc0)={0x100072, 0xf8, 0x40000, {r1}}, 0x20) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x4030582b, 0x0) syz_kvm_setup_cpu$x86(r6, r7, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f0000000180)="0f01c565363e0f01cbba2100ed0fae24a7bad104ecd343000f47b1122a0fc7a800580f23cd", 0x25}], 0x1, 0x24, &(0x7f0000000140)=[@dstype0={0x6, 0xb}], 0x1) syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) 3.091322763s ago: executing program 3 (id=5812): r0 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af00", 0x14) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000440)='sample_threshold\x00'}, 0x10) close(0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000001000000000030000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0xc, &(0x7f0000000280)=0x2800, 0x4) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000040)=[{0x6, 0x2, 0x0, 0x3654}]}, 0x10) connect$inet(r1, 0x0, 0x0) sendmsg$inet(r1, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0) recvmsg(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000500)}, 0x700) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) getsockname$l2tp6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @empty}, &(0x7f0000000240)=0x20) madvise(&(0x7f000036c000/0x1000)=nil, 0x1000, 0x16) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xe) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r3, 0x0, 0x0) 2.430490596s ago: executing program 3 (id=5813): openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(0xffffffffffffffff, 0x2002) mount$9p_tcp(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=tcp,port=0x0000000000004e22']) 2.394670506s ago: executing program 1 (id=5814): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xc, 0x14, &(0x7f0000000140)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1e}}, @printk={@lu, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x23}}]}, &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_open_dev$dri(&(0x7f0000000000), 0x76e1, 0x282a40) (async, rerun: 64) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d80)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="76ea090000000000009ba56a88ca", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) (rerun: 64) 2.365720745s ago: executing program 2 (id=5815): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="120100009e173610ef171e7206de0102030109021200010000000009040000000206"], 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="00000700000035da084f"], 0x0, 0x0, 0x0, 0x0}) syz_usb_connect$cdc_ncm(0x2, 0x115, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x103, 0x2, 0x1, 0x0, 0xb0, 0x2, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xa, 0x24, 0x6, 0x0, 0x1, "56a1cc9261"}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x7, 0xfff7, 0xca, 0x93}, {0x6, 0x24, 0x1a, 0x2, 0x24}, [@country_functional={0x6, 0x24, 0x7, 0x8, 0xfffb}, @mbim={0xc, 0x24, 0x1b, 0xa0a, 0x5, 0xc, 0x5, 0x2, 0xf0}, @country_functional={0xc, 0x24, 0x7, 0x7, 0xeb, [0x7, 0x400, 0x3]}, @mdlm_detail={0x78, 0x24, 0x13, 0xd5, "f0e20dc656c0740a96efe74f3be3e91d6f3f2ead75c558727774741be3e0796d3401a58831ea2597e7c3a9810ab7f4f40af0dc279989da1c749960bf6d7ed47e670b171b096e21d669a08bb1fe4cf4c4b9e1711b4ab2c6201429106ffb7320ceb864daddffef5c071a96a87aec1f30695ed17cd5"}, @mbim={0xc, 0x24, 0x1b, 0xfffb, 0xfff9, 0x5, 0x4, 0xfffb, 0x9b}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x8, 0x1, 0x57}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x0, 0x2, 0x2, 0x6}}, {{0x9, 0x5, 0x3, 0x2, 0x48, 0x8, 0xf, 0xc3}}}}}}}]}}, &(0x7f0000000600)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x200, 0x8, 0x9, 0x26, 0x20, 0x4}, 0x105, &(0x7f0000000200)={0x5, 0xf, 0x105, 0x3, [@ptm_cap={0x3}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x6, 0x1, 0x800}, @generic={0xf3, 0x10, 0x4, "84bee9d04de93f35147266fa35a66663f736845a603419793115236a9de0a65a8eaf353bda6aa03ca95a007a71fde69e56bbf36e790635696e61b7d3f71d4e845b3cc817de5aef4c400113616cf13514e3e6bcd62108dc1287fea7aff7476488655b055496d7f005c6e63d12f46e51ec8f7d97b1e18b16f28a6effbc0c291aea09253de45ac94c8b0c7b695940512b8e34740cb77583a7e7a2314b85fdcd49688bbe3acade53d4bba2e73a3a61ea1c85f7cee3442b5dd3978c38ff32c869f7cc221126d7868c39649563c2117fbf7fd099c84835413afd9786754c5621ce78ef9ce00aaa85154d6ed9fb85d0a0b2e938"}]}, 0x4, [{0x8b, &(0x7f0000000340)=@string={0x8b, 0x3, "df701418dd8c19b0db33a091a9067ae01d41964641dd65708483410ac91ab4c030f6068cd5e77091258eb69eda1fa2c9a063c6eff76e95e11255c13d6f28a36fdb10286e947f976234a667a80dafe8796ae25c03f73cd348917d0df2da11477fe9710b55af23e9cb0d7de71230da808f0279f75c39c4c7c42057d483d97cd30dfab1ce05b642442c8b"}}, {0x3b, &(0x7f0000000400)=@string={0x3b, 0x3, "ef73c69b8a6b903d0c6e7457bad4f9bd154b5c41e306a4b322fe6743819b2e6456e94a47852d967df6897930510a30283eae03b57eca75d376"}}, {0x12, &(0x7f0000000440)=@string={0x12, 0x3, "990c6bd9ba6c9e654c98bff16ce68190"}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x3401}}]}) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r1, &(0x7f00000077c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000004200)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x207645a}}, 0x50) syz_fuse_handle_req(r1, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r1, &(0x7f0000002140)="c1b4d74fe267348f0012227ae90adc02753254f7beb1cb78415a82ba4ec36756ef50780ffc6ca55f73f3b2d8e317cc64633074d05a3e043e63a1076e1e26c3e5fb4910561c1e92fd14f6a625bca0cfddf8d0b711b4a953bc146ee200f09250e226be8b9342633b6973ac275bde20947dec6b69779063e6476a98f212db497c6e917336b1b3236f42b5cc956fa39cde1c13588d3867854aaea611818cb131dfd093a4ef16ee9a3feaefec96feb0675fcf13aeeb420d37d358d751dc2612513f4aef4b09cae4e54831eb599e4ca8ed6b97c77c87af36202410f770d627231ec05621ea53171fa69eeb0856f6159001175d6d2ffd276a234fcffbbad681a019f30cf599d466eba4438fae61a275bcfd74bfcbe6080c7b7a9a53323f6d49643a914f0a4dba47b2885ed47d0de71227c12151db80691d4ba91cebe3c4e60ea1f6b15e241da7633db4e3567c28f4b99445fbaec2e0d51729de94c123878b500866d767e478eb45c41b93d14cc4560e9618625af7056ae01566e8ca01c963f01c7cdaf2786a884bf69bd1469eeb70f6f2919560dff0a0de5814762dd73a82fe4af822cda8aaa20a755ad07e054de8669c83939bd940408cd683067695254358fea50ce6dcfd602b22a839bbd2665f38d426a4840216749395450350ca01c642a7d7d2e8a09314d9908ec1b61d505f90417549e783be2186d6a8bb938816867727c2e8b7afd31f25a9c9586538ceabe8f71d6dc398435e7458934e5f771d625ce4a335664c4cbbce7e3a5a1a5e51a74e4f5a01bacb910c8e67c32aec81908e1bc43229e9695711df3f9f8da106be8524b22e7e677c9472081dcf9d481dfb229e3e4ff8bd63992fb87f5e6e95d44602745be5694d993870aaf68f93d42bce7ea5d2fe6f51aa6f14674cbac55bbdb4a14708e8e13e23ed3ae28afad934e8a5598f1cb57690a9f047bdfdeb118a237e5f3e9f19d61a9d60bc57b3c917e4ede84ed8f8ec66b95a64d382f012ec7923bd8122799223f9514675f08f09f0a353c4783b81509536f838c828b60588b91c5f706adf86f4e6402dcc7c5edb3c67c89edd10c12146dc8b72d50f211593ab7f1e1436df8691fb659b152d5d7c222fb714f4be3a36685c0ea20d4259a0c43ab8156a0a4a4f3afde2d4fcf2efa24a528b3479cb6d0fb122a41fa82b3406ae324277a61f1cdc8f9618677e7c028e6f885bdd3f253ea63a740150fa5eac615f4ba9c071df9cb30fc4a36ca5aa321ab2a0d4418f66afec35749a54802232556411e212e1a666f34f4bd2148d601169a6a820a4c2433db947065bca5178976d51565ddc5feed4186439707f08719c92ad3512afce68a57680ba9289a58173469a63a943f7e4f15b475ebec545e8e8d8dded4286ae9d9e54859c63d9916c8b604f8e8ec4bb6bcd17b075269817213c2d325ff39f5eba6201539d91e33842d62f5a42b4b005799455bc201cccffac93278b28d0c27713dcec6c6df9c6c638d59638f496164dc9e5debb6a738335a3885df18f3b7f5812e21c37db90f7ad8c80b15968a2eac4bb41b7f734e1c6a57ed4f0993649c9efcde105943f69388c28455bf4a75707c63743ab69d3b75fc552f1fbc0d6690c1c5582d1195b115e3b24e48d3410f27c90dec1b0a70005a7e2e8e55d42e5a2712da6d88fddb9a2e4f3cdff9e0aac66a5c97572bc20c39aced36e4835b66f517f7a9e3dcdd5c7d29f3788cf0a27817c1423294d0ec41af303339c10061bc53228e8c9e260adf1ced32d91a2ae349ba1e4cdb6858092a88a9ebc1b6664953734e853d82144a85a656e56140c4eb756dd53defdd3381cf1fe4d3aeb0bed14472b0289fe66fa0e1685f04fefbf7fa0aee651e5f1a500e5beb36eb65541c5398bb90f52cf197a14b3a33cabeca910160eeeabea3799d70278095c730c68bd18220680fa86dc879382a6b6d5c794689b18555e00cf547200f9da7f65eaa4688babbc4cc5006eab087875c5a21ff3b63679ebd41666a4bdcefc300d512bc62fe0bf446b47feee72d24b20add317ee9490855d489049826725f6202160f65c6f266689a6cb071bac302214942c80cfa7805f2fc25e16514c917934784a6aa281aafcc30b7bd21582825f6f732566f27418fed714ce4fbc32ab7f055b343efb4856543f64270b6fcd86ee73db175389b8baf21494d628f0857d18d96ddff2a7ba84ca05abbb837454f3af7aa4cead32a651be8b22e77b59ad59cddbcad838c89c6de23594ef83452b9c499745da42b69154c850747a1fe6caef3b4cba5de819db700aae4d664c39ec74935b419e4a3cc200cdd20cf98fdb98a7b04fa66369ee20916cdbcd71dcbbc1e0f9c0a1b73b80dd5d21c10915aadf29167cfbab692b7ce54671f943e7f982dc985ef3de9ad1dc209783aa092788b5e5a6b311c62ca80787cbd94e4d16714e16a78f2eac49a65150177d6d4fdd0eb38580e882dae71e7c907dea6b4b17e0e76aa8a2d86f9c2ff7d7929d7854e93c82bc838707515b0bc3355aba6f05baa6de9aeb4e63f92933dc05f5bdf909d999c7909120bd46495f883f270c718e3214f5c64d50b810f5affcce3b00de29d50991386fe6b2ae40dfb44e6c84e674ecc9db069f27a1085b7be6fc370fc7034b7504d8d326e7546141a74bc888b0a34d9b638e2555aaa2cf6a37d1324e5e8c4a398555de72e1952daa38510a2bcf5c0a5f8aeaaf2ca09e9522e98ece77bec0be17dca07f946876f7f900ba68163014d82f25f4dcb9b8a797123b93f3351de37b80d08554a1bb67eb028ef4429d03a490031049684d6ae78dc110a3a020374e1c6ae44f10810f9496ee0edcfbd3ca33504bbabcfdf5ad24f9dbd5b20968bf82b2bc9eb667d9af299a635ed796d609bf52d7af5508a335da684a9f53bab703ff4e3d0e04900b70c4ef85a3036c7f63c511f546f7b2a5b5e9c61906099e56ced0a58360874081c8037a9831a7caff0c5afbeb8b1397de5ad7143354cc4c4498b4c3a8fb8786a583d54757c43c507774ee0eba428ac64701fea8eafa623ddc1d87cc3d21e1a7fec289957624bb9b38f91a0fbe8d78055916b0435f508a0f954eb7d7640ce3b88af779d65ebe5671040cad44044278e917da43b9ad8a5482b98bab33bef915302973158fb1eeac9ea182832fb56d4418b0e35ab227c58ec115aafc346b9bb8fab7f3ce507ce1a10f7beda82bd72bc549d023c7cf17cb6bfdbddcdfde3074d038f8a0174f75c01b2303aca67b349936145bb84afa7683f55a40e0304807bd56091a6a628270d16a2c080519719d54b693beb8b96a40d5ba81dace41d3c47ac6df34809d0842a983f40aa2e6b18dee092918f06532726fc3444353f6967ea80f9b9e2fb6e3d868af87bb49535ba242e7d5ea9eac09235db9fa4a814d88d54bd3ab838d4b5d3129216eaf6b509bc1046e31600fb839914560bc7a61cf23a1f6fd5fb707578ff7adbc0ef50a3a81b36bac0b599353f4bd5af6663807572248dc159fd16b3b8560f953dd335dd846974d1f6adacb4380c68220fafc2eccbdb50b4bb7f9451004eb78cfba9171b45cbe564ae59b5689f0390baf19cd3cacc00778ab5ab2471ac0cfd134822ed1b50e03255189f19f38298b09b45041e628274bbaeed8d0c2a34c896bc6935de57034585025a37301f8239313728b6457218455ed6537a3534fa8791cd08d4b0d1f8c8e8177bc8d597978def5b3ecb48c54a34f4356e3d9428bc9904a069a4e03a5cd46d3b0b3d1799800832b22678abb98906aa6d3f246ae8d31ac27c9385e0f9243cfcdfe79616d5465643bc8783d7f11d4fc4945effa638a516b39105fc8d45dbaafb58edbb98f1c8be4c4fa01a7aacde37d3af1518e2edaaab8faaa6eda27151265d3a25da1d014257fc33630fbba29166879f51d2d6461b9a4811e58f4163d8a4a2e10a4cdaa8870557588650848481969a10ed5dc142de7af907cb3257b81b0028061c234f500c84b2454ed0dd905740818557afd072fe91738a756d2c416dd948fd29ebc2a75ca11182ddb3d5a19dccf104bdd97425274043523ed790d82f9b01b36355a6a226674e41a8d6a2bec50015eb9705da5a9ef39fa19b7985a07893c8558b19b233d014d86a5467a7e4bad8b9cdccb1d33fc08d2ed582b6ca42c36e4203a92aaff18ce0766a9a3079fe357bd96ad33f9fe76970ee72fd21a23309fc306735de06096fdc02e7d53b2be6bdb62be502d0a7072f4f3934bb54afa0670266410dbef3b37fe0772f4f4ef28b0eb5d387e26eaec2e454ea131e69c4b56eb1bd6aa552de69ef2ff043e99bac33ade81488dc7ac253a801e12847e6f42cafb8415ad67692f08ea42a6f7b5bb7c9eca8c1820332e6f7b61c19f02874ae6209cc1278330464187f56c3832a4849f81cbe9df47cce4cc2f6043e1d2bf4cf2b6d8321af5e63321328c7fb44ef02a25cd8a715b75e87d752af238a867485f1f39ef7552e8aa1095ce34f8ed4b5a9dc18253432a5e29743e70c66d1319022cebb2a3feb04050cc1656901c4479bc838d2882234958dde5f9a891ead7f4f5b1272b71d835523b8c7277558cc2d3e35f6fc680e219e94ca06b292747c6c9cc56588cb2af137121a7a371f51f16fbd570e28a7117f956568a7d6ce426d1aa5204826b80b85cb2df943f51928017196f65ae1f523460c6a5b9b737092b0f64066e177de99410234757c8b01e4418132c293c26473675663b9543d9c1e4ec14d1ddd08e039d2f75c1034294fa24f8d0fe4274fd8816b645b094a7fa2b778a9126bac229ccf9f98415776d3d84d6cc46da08950b1f7a40f0d1fa6009e21cfc68736babd6d00ad21ea9de7e3d76178c96752164934108cbcde6b13f7ee66ca0441d1fb49e16e316c91a53e90982de9bee575d46c782b3498dd7921f8a5ac53f32f3ca0587d89d5a7fb348085f1c7605655e209d772cd092a5b0e03661b14fa5796c3e67f903063bca8470dd6d76adec0d444ba105174e8cde8f55a4ab44e37842677a9c186f91518b0056a24b744acf74b2f1e7da2916658fabde0ad7607ab0e93492964de258a7bea6054fb5f738a96216c5d9f2e0a8e43e2db7c9bca4b28fcd5d262fad4cab47515677cd41e133d8e104fa8ebbec3b1c5660ae3187e39c56de6c499860185fc10c7296329afa30b5234beaf5a1ab1487c1303ab1ed5b965b4ab51dd2918f3427a85901034a4b8813b223f0097563e82a064c1959e0fe151a14e15b420155688cfc14273935ea1f9f44c9bda18088f62ae3ade7834a4d63b05b3a49141efa9da92fc0f9c5ab0a0e13305d18988ff8341343fd2872fa98c5dd4dc57d598ded7fb93db645af6b5a9f9a00172dc1ba3d2e64643ec2e0a3da89c7ef392ffe4504c78eddaba5ab34c8885d35c5f5a21f3bb9ea2f71faff34364c3fc426da1d59b25e69a01c1e566064234d9449a4591630fc41f45e112f77fcbd0175b96f518ba1f31a06e5d129bfdcbbad653e3fb1a0c445019edbd3e4b167b2de2be586660e7448eefcea9f00c408fab5c6431a69eb94792566c52acd3cc60994bc916268de35bb38ce18f8ead03273aa8773f24319c7059b623e9ddac42f389ce58ff37f0d13925dec098ead5404f6e518575558ca170bad3c90bc2264ad75b0c6ff8be66e7a817a3f5a1a24072119aa8b63cf5533983a8e7b292102a7c70677869c08ef689acb52bd227b66e912255b526f29109b96b94c9feff6c395d7fbe3b81fccccd79d54f77fb828cb638276771e4c80f780f84d556670ca3006f908bb50ffcb7c7abc96399d77795a1bab3bb29de5c352492a45041981528007af0a9dbad3b09d5c1d6bc6c6643c7ea524e8cb46c05b7568da2ed1aa5b8a7c6da355fd15dfdb58213216d102f57e1f58fc3727911ccd608f25d9d899daf576613eb9e4ea58da674c443c37cb6c15dfc574706cab816b5548871afa6586e2b58f82c14107aea39f90c50f57f1d90bdebcf80719a0df1eaf6b492fe9bd9a3b1691f05bd45262efb57129d81820d3c3561c956398fcb0f42d92820142aa790c08809e7c6360a93661e468bfe3e77c2d6c4e2fdbb89a76a67e5250c5d19ed67b5b64ff2c393caeb12b650422b561c7282baeb5773fac75c04c54cec838a4663c7219c733d1b267609ef11ea27c165f35753a150c381869975b74afd0d936c6ea73f2e08988771b3f513fc8e382ba5f30bddba74a0ab5e8946adb8a81d0058845df592febd70575bea07930680b7c4f07be45f6008ac30a82fa94da1d4642fcf4b355a43bfc4d6b392713ed8f7af5b83155da848c4d2d8eb2f19748863196dd9b8cdb8376e5251ad2f7f73ba120df37afa1924a302780475f4464d6c6ad33c5bebd466fd733ff27462d23b4372bd35d9a001e8ba621186dcbdb4aea4f3fdd4ba1001d25291f2a5f19d3624ebbd05ba364dc3af44903d752ed5028ea0322218557f29b86ccc0488ef5b391e5aeb2da2d84cf605be5449191077c4271b25f461dea8dd923663d3e385c2ec6d6480892bf8b44933271bf3582bc94362cad1da63762dd3d418c93d52158fff63f018dfbb22cd486173bdcf8a12bdae7f9158371b023c595d68a022a81b56c082f8201892d54a961cfa70924856d3f98c785cf7b47800db74db1518a8f86fdb62a13babdbc570f5f9156d8e111bd835158f2a9fb48383905e4224720dd2c0e0e030e4c96d25b41b1c44ebca680903bd2250d4c7c6ab41c45e74845075b9f81767aa7c9a2b1e416b97e96684fcd87d553fd8dd106c9d4fb3ed76f907af3d4171f87221aabf32a66748d92d5a196b4615a7c4821573d58f45ffc3550b27af27d153841f5fc2d6313eaa3a06da0673e61fcc0ce6c4c164315c0bc3037a6814778a61b8ad233097406223cbc62ee3365eeb1c819f3829ec80be21096d1686be3a1fcf60f9599d4a4b10d19fa260a7ba0aa50bb10a063770e91d3b251788aa9cc91de0aae764b99dcd17a0d153778eacd0a3ad1672667c5a06d7095a1597185235e5e3b439b2fb1bdba22c486caba21eafaac87044a81a83049f0e81acef32063fd4c34daac092b0513e04fefd72fb54807998fd414d4dbb2b5709c9c53326520096b3b30899b8328f91346720c4f8a55345b93c0eac696653abaf57ae4d489f49bc3e3788289371faf80ca259d1f2ce46c60a5b8b9f7477f06e9eb73b7f0748eac9dfc9d285807dfeb3e8f24b59812be5654dbe574babaeaaa82c2d69f94e794611634eba2c9e71662a166de48a4725c9263f55a671dd409912c4c5ce7c20806c83d6c997496e67b02ff2b146d2456bb0c8b0019301af0c63f37d9da43b4002f318ffe6debcde8476eecb8f7e20a91260e03916af5943526b5f4e04b5470d51994e083d9fae6f209339fe254d6dc2e195a8b0b58ead3918efafcae575bec1321e039ad1400fcae7db6612cc4126f1ffb4bf662b84c5d2cf19be96b521959e52251371b915d412985148518a6c1d89fa5b9d0f10aacd01c90df46c497fc9bd5870c5e6f4e7ea61da6c4cb11ce5bf6910d45f3b58d74cac1712494a311467a4c3bf26f6ff14e8b538931cb37a71a3880af60d1aa4819920c2424d287d52b11389335d0fba588269ed0a428192a266d1cbde85fa305f26c9ee2553a11f7583b798a7b19850f065b483a7e1ebe21fd7d76696144858df0b2efdbdaff357cc6e716d4d044cdf5155d7d04b1e3d8477aaaf2612cf25e6aba0111fe072b1cf09e64510acc298d649dfe083c49f1b1433987d5c4cb5cfa775b99aefdec4435b3bd42bfcf16519aa0f1be77429b14f6d461d68cbe719c4a4d78780a405068b3a44ebc3bb1da56a5d903e539fd6ca8ffa3cb0427ef5c229e42f823e196f5a926711846fcfd03f5148d395d8dd7b3a4cc8f521d85d0339363bad027d66697ace5dfc17c598f5a7ace6296a0d0d55174837a41fbc254d5824483c62a3d08f9ce688bd980598a1b9b0234e49dba05376b449325b6666cefc991e66b1f8cd98b99a3fdffb061b780cbd8258e298b4e631f5fae168520e5ea21d13e074edb4f2469927611710c23075ee2ade5f791da1a6923eb15d8a66d28ac2a42b0cf48288773b978db623f547860de0034a118739f6e09659410c0e46dc184f58171089968954d9805418e9d0138f56e0e4214b1fd1858a3d713fdcb5b176acbbae285b77a75ee3a896205be4e7009361b60bf792c096096afe0e249b56bc09a6d380ceef24df45313a01dbbd0e0fc9829eb2d1536d7fdfc4d466057890f4dff60cbec88d361fb277c653f650ae1a763b77fa48cc8c371f74ee177a585bc321abfc2926cbfbdc79dd4271d138bf113a1c4efaf528d117429647825135b0da6af05012d9a4cfc03402efb3d72ca5f180f8c88c650a49c67fef490bda7ab36584cf0509ab0e20631a62863c1125559121fca5ad70c1a5b11acae91216df4b2a7fb3ff11bb6ada13f4ffc4d6bdb3e2451b2684fa0ec51a09ee0e5f81f27b41b65d06cd3846daeb16562a10d9a3cfdf3d18b50caac87b827b74a167cabefe286c5e621fd1deeb032951e8aeee8ce10290c7f2938e6369a52bc69e47cc431b0acdbc4382c5ec7a449f9fefa01eaae7342cf5e99757456e0a3912ddbe864e918ca585731d8e819596c8bba3e0d1676a824af3fbed70d889dca365dfe0823b101542f1fdbc1bff4f57b68bfb4899352fb2b963600f9c0fe15be6092a1fb167a362a340bc5a686a5fbb4838d70617629086f9adf0d92d8e13e198b555eb3cb71052e19e83663ef5dfd8a7c297b4d1f18217999efecc026ec24668173a2ebb7979499dcd9490863d1da82e7ea2c081c3d09f7e68c98faf75221f234640562b95aa5cf0abdd2f4282c85f49e9d9046afa0f38c41f4f9f821e78d0e5f7ce8c2f3855dce32d8d92b19d0f14a9dc9bc229fb34dc434abddb2d83758d31eaaf6315b107a3b6bbd4f72606da954cb98cb24d13c918eac106550a0fe35aeaf8d0fbae55870f83851cfa20eddec2d3c976f698665210e39669a4689e632b10f62ce3cd9718e13ef6a21438f88fd8b04c0bf03c672210b8a4a809b3bebfd551117a096d348bdbbc5036f0de7b24c09127332bfb7e75b32c25df7f2bcbd7cf8b1d1d3d0b80038566ffaaaf91bab423a4007bb9d19d652ad91d068daefb8216e81ca0af3f2a5d4549459b17e2de5a9eb03559abfff4288a83ba1c8f95af0e34fac4b63521b774aafa6eb8dc694434e2433625f42d584b9bdde97469845cdc8edf3922e4eee5bd74cd9314594a803edbfb488dfaad449de70eefc33b138342c02f74c5bde909465f5c0739df96885d997231af7620d9935cceed30cf05eb20e4834b091ea4c8557f75e19e4e9be4eaf9b10519baaf6e24c4183891c7c29c704a37852131b5868ece7f45b63b7343a19c7d09a51b60ae99b9b9319a2087a29dbbaf5e93c8335761efdd0c376df62df35f6540b198b45478b8d195e78e363c856dd37ed5c97a8cfb2b38af435e00c152908b3efdeea476124e8952dd2b881b87579973f10df4f1b2a81cd6d9227cfe533892e36549e45eed06b8a9452717d42a40a7ea451b13a366cbdb401474f9e55a467dc1cacda7b24e7e48eb47e65a8d35cda7a91162bb3dab2d3a615fa35f5425744166ee04e660fd4703bc6f26b81cd6a6e325674964169e3ba493805968212b613ed2455771b998c4b81596e954c8a770dfb287db1bdb2683f89c0c8351ce4a6ace5c4f7418a401299ec581105d04b5c0e17f9138f2f54b17f195db5354d1b11a26c3575b3cea62c2093d20d3bef8c0d3771c6ccacc785240658e38b0376247da653c00d0ec0c704cb0e351316dd978ee58463c6fee4b53fc3dfe90187c14ff69274a756e2fdc9deec1a243abfc63ec7396b812cb85cd5751352b67161417f447a395742d6517126b5cb4d08cd13cd3b45a1cfcc27e603a9966ef9a13924ca4bb67db063089996682f1aabf4030c1b4e5538b0ec65dab47a56df39ad9a11ea0d9de2362f2f01068844a30ef0eaed16b1d90f2162d3f33b6468c9ed4520512bb96dc4cd1673d9ca111f5b12315f876662625f517671ee654833370e2002d89bafab705b6a5235777047d6d0580d02e5d1993e1412e59c618ceccb31ecba09be0a1197f6a3e8d80dc4a07c4c0eed6a791d09efc7130547349bed9430cc76c1c82330516828d946fc5212d965d3eab5846cb156e4ab599417bf63e5f21fd1658c329e371f0dbde130f6c34dfb662b4fc6f36fe488c2af4ae9b0d2477ddc6ff9df0697d4bc3737a1f770082df5bfeb8b1c3a396376db784d706ef678422c6aad49c38f50bb5a116f7290c3f4e7dd04027aa883a3d9480cd74b4af324508b001936230245179a34c6ff9d0f84b2f22f538664a4dcf2157e4a2c8755b13635bfcf21a0df0f63bfa8c1c4a6effd1b5fc262f5353712157f51a94687c620a361d0b52bcd3e7f0b2cf295d64ad7e7b674c8d535762a3c87871e2de84a165cd1064e50592ae8081f6279f570d2c8b2be9d6e87732d3d680b8de551bcc80dd981e29000218d0a2d443f2e9ed4801d4602c5190139d61f59cf19e68bae3cdbd3a19af0ce5b3152764e253699a7b1abbbf6f7f01dc29b4a984aaf3d1193af10200231b346616960a4593b9155770943a555b9cbfb0716775ea069ffbcc6fdc9ebb8f8360f09c28dfa70859b3f523b7c2c8c5809023b2e48f317b93ec7ae3570adf66f9f54f80c1d2af9bc45d5b53864175f0f513fe1708e8372cff60a3b13efc6f51333ae97009efc1fc967f071e253a2b903498c0a6642aedb8ba6ab6a5a15e99e55838daeabb3e8761d18e81275a27115a66eeb048105ef6c7006a6102c2911945085b3e3d358606cb78824b52cee254dbbf4640132390a6af256b459d99bb5f7deee9940e1f10a7e7e66af63db24200be16af66283ec5ca3b62d94e707b72b66059eb4b0e4477bc3214f5dfcf613ac2baf9dd5a0f570668833c19826937cdda8b001ae27d332403b33874ad6332b5d2ef09b2c636a5828b85e83c5f1649e7472cb7b941f3768e08779affc0ed9d72ebea3adbb7cba1972a5ca19b3feb5206f4c5ebe9635da656700d49b6fbe72836b1321be654867f0a5eca8072e86887fe2f3ce08304679444bbba971ed7b4440e486e19f4fe9d16415d79816d75e685b95cf24b0925099b7fd09edfa183c2e4ffcc7a357fe35314f8d3082f56332059af2fc15c0a40f06c71d8aa037064320b1db03c4a30c1787af4b76eb02b5ac0bde245b0c8a1505e1419dc912b31a5b49d6b715ba40e4cf78f40689d028ac3729fcc782db9695c4a103f788954b04debeef6da02edbd42ada21cf02e24f37a71253e4b279fff60088fd8fc90229326aee453a7b163875db653b3ecd21854413e40dad40bff0bcba6e979d67e7fd58460eaaa03a8bccb46b3e9037fa6d055e38eaac79c9af7109ecce316897dc64c064aa7017663c7b80327f72b0163de62e1fce92859cc66720cea80c4ae17efe7e38ca2ed49cbfca1047bdd7e5b4bb6638eb442ff9ddbcf0a81276cbd49a72d76912db95e7eed926ecc0988dceb747b5a94eacdb456c66f84f0a525b49497558ab9c971cf9024e55a114", 0x2000, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="9002000000000000ffffff7f00000000040000000000000000000000000000000400000000000035028fcf0000000000ff0f00000000000000000000000000000000000000000000000000000000000004000000000000002ccc883d0000000000000000000000000000000085000000ff7f00"/124, @ANYRES32, @ANYBLOB='\b\x00'/19], 0x0, 0x0}) chmod(&(0x7f0000000040)='./file0\x00', 0x0) 2.176549867s ago: executing program 3 (id=5816): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000300)={0x76, 0x0, 0x1, 0x9, 0x0, {}, [@NLBL_CIPSOV4_A_TAGLST={0x4, 0x4, 0x0, 0x1, [{0x0, 0x3, 0x1}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MLSLVLLST={0x4}, @NLBL_CIPSOV4_A_MLSCATLST={0x18, 0xc, 0x0, 0x1, [{0xfffffdc9, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x6d2c}]}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x0) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454c8, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x144000, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r4, &(0x7f0000000440)="6d1e32064a1c1b56ac979b017d5fb42c13bf4a0944ff24740c5c9dc7eb4c55a1cd8c6b2f2f49191e3864a08758ae36801c50cc5282613a8c55ee6dd588648bfc367aff70ad07e32ac84ff056e50e5cd53054edcde0d6ac150983c32f72e8bba1761e8ce0cb082db2d230b00e7465cbe29a0274e25910b7a6036dbda23f851320ebb0c2dc48698eb5d726f97b1c361e6397116a7a9d1c46b65e551adda98e73ac36d8b4e7ff6e7a8161c8768dc3a4b160b475d5963d911614c49232e04ca8ef", 0x20000000}, 0x20) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f0000000000)={r4, &(0x7f0000000180), 0x0}, 0x20) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r9, r6, 0x25, 0x2, @val=@tcx={@void, @value}}, 0x40) syz_emit_ethernet(0x22, &(0x7f0000000100)=ANY=[], 0x0) 1.840291181s ago: executing program 1 (id=5817): socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x110b}) ioctl$BINDER_THREAD_EXIT(r6, 0x40046208, 0x0) r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) lseek(r7, 0x851, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "00000100ebffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00B\x00', "006e34e400"}, 0x28) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r5, 0x6, 0x16, &(0x7f0000000040), 0x4) bind$bt_sco(r4, 0x0, 0x0) r8 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r9 = epoll_create(0xcf1) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000000080)) ioctl$SNDCTL_DSP_GETISPACE(r8, 0x8010500d, &(0x7f00000001c0)) 947.118596ms ago: executing program 1 (id=5818): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80dc5521, &(0x7f0000002300)=""/4115) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) 724.314576ms ago: executing program 4 (id=5819): sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="580000000002000000000000000000000000000010000180f70002800500010000000000300003801700018014000300fc000000000000000000000011000000140004"], 0x58}}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x80, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @private}}}]}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_ORIG={0x1c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x4}, @CTA_SEQADJ_OFFSET_AFTER={0x8}]}]}, 0x80}}, 0x0) r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="d824000028000100020000080000000006"], 0x24d8}], 0x1}, 0x0) 587.014349ms ago: executing program 3 (id=5820): r0 = syz_clone(0x0, 0x0, 0x9, 0x0, 0x0, 0x0) ptrace(0x10, r0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) pipe2$watch_queue(&(0x7f0000000000), 0x80) pipe2$watch_queue(&(0x7f0000000040), 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) clock_gettime(0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000300)=[@in6={0xa, 0x4e21, 0x81, @empty, 0x5}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000001300)={r5, 0x0, 0x0, 0x0, 0x5}, &(0x7f00000000c0)=0x18) 44.38402ms ago: executing program 3 (id=5821): openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=@ipmr_getroute={0x1c, 0x1a, 0x200, 0x70bd27, 0x25dfdbfd, {0x80, 0x10, 0x8ab42ac0f8bd3a83, 0x5a, 0xfe, 0x4, 0x0, 0x3, 0x1800}, ["", ""]}, 0x1c}}, 0x0) 0s ago: executing program 3 (id=5822): bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000000)={0x3}, 0x8) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file0\x00', 0x2a) mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000100)='./file0\x00', &(0x7f00000000c0)='ufs\x00', 0x8403, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) openat$nullb(0xffffffffffffff9c, &(0x7f0000000180), 0x2000, 0x0) syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) r0 = socket(0x848000000015, 0x805, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x21, 0x0, 0x9, 0x0, 0x4c, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) syz_open_dev$swradio(&(0x7f0000000080), 0x1, 0x2) unshare(0xa000600) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='contention_end\x00', r1}, 0x10) syz_io_uring_setup(0x7cfc, &(0x7f0000000080)={0x0, 0x4, 0x1046, 0x20}, 0x0, 0x0) kernel console output (not intermixed with test programs): mmand tx timeout [ 1887.969094][T27216] FAULT_INJECTION: forcing a failure. [ 1887.969094][T27216] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1887.982454][T27216] CPU: 0 UID: 0 PID: 27216 Comm: syz.4.5594 Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0 [ 1887.992917][T27216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1888.002995][T27216] Call Trace: [ 1888.006304][T27216] [ 1888.009267][T27216] dump_stack_lvl+0x241/0x360 [ 1888.013955][T27216] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1888.019260][T27216] ? __pfx__printk+0x10/0x10 [ 1888.023887][T27216] ? __pfx_lock_release+0x10/0x10 [ 1888.028915][T27216] ? validate_chain+0x11e/0x5920 [ 1888.033857][T27216] ? validate_chain+0x11e/0x5920 [ 1888.038807][T27216] should_fail_ex+0x3b0/0x4e0 [ 1888.043547][T27216] _copy_from_user+0x2f/0xe0 [ 1888.048176][T27216] do_sys_poll+0x249/0x1600 [ 1888.052732][T27216] ? __pfx_validate_chain+0x10/0x10 [ 1888.057970][T27216] ? _parse_integer_limit+0x1b5/0x200 [ 1888.063377][T27216] ? __pfx_do_sys_poll+0x10/0x10 [ 1888.068340][T27216] ? mark_lock+0x9a/0x360 [ 1888.072763][T27216] ? __lock_acquire+0x1384/0x2050 [ 1888.077834][T27216] ? __pfx___might_resched+0x10/0x10 [ 1888.083120][T27216] ? __might_fault+0xaa/0x120 [ 1888.087829][T27216] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1888.093835][T27216] ? __pfx_set_user_sigmask+0x10/0x10 [ 1888.099215][T27216] __se_sys_ppoll+0x2a0/0x330 [ 1888.103902][T27216] ? __pfx___se_sys_ppoll+0x10/0x10 [ 1888.109112][T27216] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1888.115444][T27216] ? do_syscall_64+0x100/0x230 [ 1888.120218][T27216] ? __x64_sys_ppoll+0x20/0xc0 [ 1888.124986][T27216] do_syscall_64+0xf3/0x230 [ 1888.129499][T27216] ? clear_bhb_loop+0x35/0x90 [ 1888.134182][T27216] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1888.140079][T27216] RIP: 0033:0x7ff402b7def9 [ 1888.144494][T27216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1888.164101][T27216] RSP: 002b:00007ff4039b6038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 1888.172517][T27216] RAX: ffffffffffffffda RBX: 00007ff402d36058 RCX: 00007ff402b7def9 [ 1888.180483][T27216] RDX: 0000000020000140 RSI: 0000000000000001 RDI: 0000000020000040 [ 1888.188456][T27216] RBP: 00007ff4039b6090 R08: 0000000000000000 R09: 0000000000000000 [ 1888.196440][T27216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1888.204413][T27216] R13: 0000000000000000 R14: 00007ff402d36058 R15: 00007ffcac514048 [ 1888.212397][T27216] [ 1888.260769][ T29] audit: type=1400 audit(1726833002.902:1461): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=27209 comm="syz.3.5595" [ 1888.278486][T27217] netlink: 44 bytes leftover after parsing attributes in process `syz.3.5595'. [ 1888.287466][T27217] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5595'. [ 1889.445675][T27227] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5597'. [ 1889.792254][T27093] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1889.829322][T27093] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1889.849506][T27093] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1889.869968][T27093] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1890.052355][T27093] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1890.079508][T27093] 8021q: adding VLAN 0 to HW filter on device team0 [ 1890.090990][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 1890.091063][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1890.103479][ T62] bridge0: port 2(bridge_slave_1) entered blocking state [ 1890.103556][ T62] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1890.562167][T27093] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1890.588079][T22906] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 1890.644239][T27263] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1890.655268][T27093] veth0_vlan: entered promiscuous mode [ 1890.669847][T27093] veth1_vlan: entered promiscuous mode [ 1890.730594][T27093] veth0_macvtap: entered promiscuous mode [ 1890.737617][T27093] veth1_macvtap: entered promiscuous mode [ 1890.738511][T22906] usb 5-1: Using ep0 maxpacket: 8 [ 1890.740640][T22906] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1890.740672][T22906] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1890.740701][T22906] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1890.740746][T22906] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1890.740785][T22906] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1890.740811][T22906] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1890.780638][T27093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1890.780677][T27093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1890.780691][T27093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1890.780707][T27093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1890.781977][T27093] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1890.795223][T27093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1890.795251][T27093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1890.795268][T27093] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1890.795285][T27093] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1890.800229][T27093] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1890.816184][T27093] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1890.816227][T27093] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1890.816289][T27093] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1890.816324][T27093] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1890.950711][T22906] usb 5-1: GET_CAPABILITIES returned 0 [ 1890.950754][T22906] usbtmc 5-1:16.0: can't read capabilities [ 1891.049708][T26611] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1891.049737][T26611] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1891.103872][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1891.103896][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1891.172539][T18839] usb 5-1: USB disconnect, device number 57 [ 1892.518881][ T9763] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 1892.688643][ T9763] usb 3-1: Using ep0 maxpacket: 16 [ 1892.697314][ T9763] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1892.706884][ T9763] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1892.718547][ T9763] usb 3-1: Product: syz [ 1892.723001][ T9763] usb 3-1: Manufacturer: syz [ 1892.728197][ T9763] usb 3-1: SerialNumber: syz [ 1892.755965][ T9763] r8152-cfgselector 3-1: Unknown version 0x0000 [ 1892.763921][ T9763] r8152-cfgselector 3-1: config 0 descriptor?? [ 1893.812270][T22906] r8152-cfgselector 3-1: USB disconnect, device number 62 [ 1893.941690][T27305] FAULT_INJECTION: forcing a failure. [ 1893.941690][T27305] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1893.955506][T27305] CPU: 0 UID: 0 PID: 27305 Comm: syz.1.5608 Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0 [ 1893.965955][T27305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1893.976019][T27305] Call Trace: [ 1893.979303][T27305] [ 1893.982238][T27305] dump_stack_lvl+0x241/0x360 [ 1893.986933][T27305] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1893.992139][T27305] ? __pfx__printk+0x10/0x10 [ 1893.996741][T27305] ? snprintf+0xda/0x120 [ 1894.000986][T27305] should_fail_ex+0x3b0/0x4e0 [ 1894.005675][T27305] _copy_to_user+0x2f/0xb0 [ 1894.010117][T27305] simple_read_from_buffer+0xca/0x150 [ 1894.015505][T27305] proc_fail_nth_read+0x1e9/0x250 [ 1894.020569][T27305] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1894.026128][T27305] ? rw_verify_area+0x568/0x6f0 [ 1894.030992][T27305] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1894.036546][T27305] vfs_read+0x201/0xbc0 [ 1894.040708][T27305] ? __pfx_lock_release+0x10/0x10 [ 1894.045750][T27305] ? __pfx_vfs_read+0x10/0x10 [ 1894.050443][T27305] ? __fget_files+0x3f3/0x470 [ 1894.055140][T27305] ? __fdget_pos+0x24e/0x320 [ 1894.059731][T27305] ksys_read+0x1a0/0x2c0 [ 1894.063983][T27305] ? __pfx_ksys_read+0x10/0x10 [ 1894.068752][T27305] ? do_syscall_64+0x100/0x230 [ 1894.073613][T27305] ? do_syscall_64+0xb6/0x230 [ 1894.078293][T27305] do_syscall_64+0xf3/0x230 [ 1894.082801][T27305] ? clear_bhb_loop+0x35/0x90 [ 1894.087488][T27305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1894.093384][T27305] RIP: 0033:0x7f12f4b7c93c [ 1894.097799][T27305] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 1894.117406][T27305] RSP: 002b:00007f12f592c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1894.125826][T27305] RAX: ffffffffffffffda RBX: 00007f12f4d35f80 RCX: 00007f12f4b7c93c [ 1894.133808][T27305] RDX: 000000000000000f RSI: 00007f12f592c0a0 RDI: 0000000000000004 [ 1894.141781][T27305] RBP: 00007f12f592c090 R08: 0000000000000000 R09: 0000000000000000 [ 1894.149757][T27305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1894.157743][T27305] R13: 0000000000000000 R14: 00007f12f4d35f80 R15: 00007ffd3b00dd98 [ 1894.165746][T27305] [ 1895.817700][ T5309] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 1896.577730][ T5309] usb 3-1: Using ep0 maxpacket: 8 [ 1896.584812][ T5309] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1896.597401][ T5309] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1896.630892][ T5309] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1896.642009][ T5309] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1896.659224][ T5309] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1896.668862][ T5309] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1896.907904][ T5309] usb 3-1: GET_CAPABILITIES returned 0 [ 1896.913445][ T5309] usbtmc 3-1:16.0: can't read capabilities [ 1897.008336][T26623] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1897.058188][T11067] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 1897.108894][T22906] usb 3-1: USB disconnect, device number 63 [ 1897.198778][T26623] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1897.217714][T11067] usb 5-1: Using ep0 maxpacket: 32 [ 1897.224437][T11067] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1897.236857][T11067] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1897.246519][T11067] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1897.255484][T11067] usb 5-1: Product: syz [ 1897.260378][T11067] usb 5-1: Manufacturer: syz [ 1897.265776][T11067] usb 5-1: SerialNumber: syz [ 1897.276287][T11067] usb 5-1: config 0 descriptor?? [ 1897.285749][T27334] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 1897.300982][T26623] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1897.382305][T26623] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1897.490265][T26623] bridge_slave_1: left allmulticast mode [ 1897.498284][T26623] bridge_slave_1: left promiscuous mode [ 1897.504021][T26623] bridge0: port 2(bridge_slave_1) entered disabled state [ 1897.515610][T26623] bridge_slave_0: left allmulticast mode [ 1897.522022][T26623] bridge_slave_0: left promiscuous mode [ 1897.527883][T26623] bridge0: port 1(bridge_slave_0) entered disabled state [ 1897.969641][T26623] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1897.983032][T26623] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1897.994970][T26623] bond0 (unregistering): Released all slaves [ 1898.011920][T27334] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5617'. [ 1898.398963][ T5290] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 1898.467792][ T9763] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 1898.618908][ T5290] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1898.648533][ T5290] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1898.658514][ T9763] usb 3-1: Using ep0 maxpacket: 8 [ 1898.676073][ T9763] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1898.700936][ T5290] usb 2-1: New USB device found, idVendor=05ac, idProduct=027c, bcdDevice= 0.00 [ 1898.712481][ T9763] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1898.737547][ T5290] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1898.751926][ T9763] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1898.785698][ T5290] usb 2-1: config 0 descriptor?? [ 1898.800729][ T9763] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1898.856524][ T9763] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1898.891803][ T9763] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1898.924801][T26623] hsr_slave_0: left promiscuous mode [ 1898.946321][T26623] hsr_slave_1: left promiscuous mode [ 1898.977774][T26623] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1899.025527][T26623] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1899.065239][T26623] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1899.074467][T22927] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1899.088224][T22927] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1899.097743][T22927] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1899.111481][T22927] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1899.122954][T22927] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1899.130941][T26623] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1899.138821][T22927] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1899.195836][ T9763] usb 3-1: GET_CAPABILITIES returned 0 [ 1899.206197][ T9763] usbtmc 3-1:16.0: can't read capabilities [ 1899.266886][ T5290] apple 0003:05AC:027C.00FD: unknown main item tag 0x4 [ 1899.303335][T26623] veth1_macvtap: left promiscuous mode [ 1899.309754][ T5290] apple 0003:05AC:027C.00FD: hidraw0: USB HID vff.ff Device [HID 05ac:027c] on usb-dummy_hcd.1-1/input0 [ 1899.327942][T26623] veth0_macvtap: left promiscuous mode [ 1899.333569][T26623] veth1_vlan: left promiscuous mode [ 1899.366701][T26623] veth0_vlan: left promiscuous mode [ 1899.446303][ T5290] usb 3-1: USB disconnect, device number 64 [ 1899.558146][T27341] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1899.573005][T27341] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1899.876246][T11067] usb 5-1: USB disconnect, device number 58 [ 1899.897430][ T29] audit: type=1400 audit(1726833014.532:1462): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=27340 comm="syz.1.5618" dest=20003 [ 1900.821549][T27371] netlink: 236 bytes leftover after parsing attributes in process `syz.4.5623'. [ 1900.830713][T27371] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5623'. [ 1900.840355][T27371] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5623'. [ 1901.300343][T22927] Bluetooth: hci0: command tx timeout [ 1901.318216][ T9] usb 2-1: USB disconnect, device number 92 [ 1903.237785][T26623] team0 (unregistering): Port device team_slave_1 removed [ 1903.335062][T22927] Bluetooth: hci0: command 0x041b tx timeout [ 1903.346806][T26623] team0 (unregistering): Port device team_slave_0 removed [ 1903.947691][ T9] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 1904.097777][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 1904.131336][ T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1904.158013][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1904.170740][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1904.182181][ T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1904.203641][ T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1904.223937][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1904.456505][ T9] usb 3-1: GET_CAPABILITIES returned 0 [ 1904.824665][T22906] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 1904.832409][ T9] usbtmc 3-1:16.0: can't read capabilities [ 1904.885931][ T9] usb 3-1: USB disconnect, device number 65 [ 1905.019778][T22906] usb 5-1: Using ep0 maxpacket: 32 [ 1905.047055][T22906] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 1905.083055][T22906] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 1905.092647][T22906] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 1905.104304][T22906] usb 5-1: Product: syz [ 1905.113798][T22906] usb 5-1: Manufacturer: syz [ 1905.120655][T22906] usb 5-1: SerialNumber: syz [ 1905.133314][T22906] usb 5-1: config 0 descriptor?? [ 1905.142626][T27402] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1905.397878][T17645] Bluetooth: hci0: command 0x041b tx timeout [ 1905.420345][ T29] audit: type=1326 audit(1726833020.062:1463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27406 comm="syz.1.5632" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f12f4b7def9 code=0x0 [ 1905.540125][T27414] syz.1.5632 (27414): /proc/27408/oom_adj is deprecated, please use /proc/27408/oom_score_adj instead. [ 1905.720399][T27359] chnl_net:caif_netlink_parms(): no params data found [ 1905.781877][T27359] bridge0: port 1(bridge_slave_0) entered blocking state [ 1905.789094][T27359] bridge0: port 1(bridge_slave_0) entered disabled state [ 1905.816700][T27359] bridge_slave_0: entered allmulticast mode [ 1905.827334][T27359] bridge_slave_0: entered promiscuous mode [ 1905.870160][T27402] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5631'. [ 1905.918124][T24857] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 1905.928142][T27359] bridge0: port 2(bridge_slave_1) entered blocking state [ 1905.935269][T27359] bridge0: port 2(bridge_slave_1) entered disabled state [ 1906.011550][T27359] bridge_slave_1: entered allmulticast mode [ 1906.045788][T27359] bridge_slave_1: entered promiscuous mode [ 1906.108456][T24857] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 1906.150984][T24857] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1906.180983][T27359] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1906.214034][T24857] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1906.240528][T27359] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1906.257880][T24857] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1906.290434][T24857] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1906.324109][T24857] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1906.374478][T24857] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1906.385577][T27359] team0: Port device team_slave_0 added [ 1906.403084][T24857] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1906.450352][T27359] team0: Port device team_slave_1 added [ 1906.547464][T24857] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1906.558992][T24857] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1906.584846][T24857] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1906.601183][T24857] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1906.654233][T24857] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1906.665068][T24857] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1906.682509][T27359] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1906.696861][T27359] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1906.722930][T24857] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1906.733837][T24857] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1906.750962][T24857] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1906.785785][T27359] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1906.797881][T24857] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1906.827704][T24857] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1906.840889][T27359] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1906.854064][T24857] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1906.866023][T27359] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1906.907170][T24857] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1906.964163][T24857] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1906.996441][T24857] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1907.017629][T27359] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1907.040171][T24857] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1907.109730][T24857] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1907.155604][T27359] hsr_slave_0: entered promiscuous mode [ 1907.168133][T24857] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1907.178394][T27359] hsr_slave_1: entered promiscuous mode [ 1907.200506][T24857] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1907.216508][T27359] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1907.301483][T27359] Cannot create hsr debugfs directory [ 1907.322691][T24857] usb 3-1: Product: syz [ 1907.349240][T24857] usb 3-1: Manufacturer: syz [ 1907.365187][T24857] usb 3-1: SerialNumber: syz [ 1907.399130][ T9] usb 5-1: USB disconnect, device number 59 [ 1908.279924][T17645] Bluetooth: hci0: command 0x041b tx timeout [ 1908.444332][T24857] usb 3-1: config 0 descriptor?? [ 1908.852337][T24857] usb 3-1: can't set config #0, error -71 [ 1908.867947][T24857] usb 3-1: USB disconnect, device number 66 [ 1910.359119][T17645] Bluetooth: hci0: command 0x041b tx timeout [ 1912.597125][ T35] tipc: Subscription rejected, illegal request [ 1913.315952][ T29] audit: type=1400 audit(1726833027.942:1464): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=27493 comm="syz.4.5646" dest=20004 [ 1914.186444][T27497] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1914.392981][T27497] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1914.410681][T27497] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1914.892768][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 1914.899966][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 1916.537740][T27524] ubi0: attaching mtd0 [ 1916.551908][T27524] ubi0: scanning is finished [ 1916.557194][T27524] ubi0: empty MTD device detected [ 1916.568553][T17645] Bluetooth: hci0: command 0x041b tx timeout [ 1918.609216][T22927] Bluetooth: hci0: command 0x041b tx timeout [ 1918.615277][T27359] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1919.657049][T27359] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1919.750067][T27359] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1919.761512][T27359] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1919.874722][T27524] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1919.887788][T24857] usb 2-1: new full-speed USB device number 93 using dummy_hcd [ 1919.898838][T27524] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1919.915523][T27524] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1919.943589][T27524] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1919.981321][T27524] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1919.988813][T10102] usb 4-1: dvb_usb_v2: Did not find the firmware file 'dvb-usb-terratec-h7-az6007.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 1920.044786][T27524] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1920.081315][T27524] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 4068515001 [ 1920.105064][T10102] dvb_usb_az6007 4-1:0.0: probe with driver dvb_usb_az6007 failed with error -110 [ 1920.126721][T27359] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1920.147774][T27524] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1920.169718][T10102] usb 4-1: USB disconnect, device number 17 [ 1920.217065][T27535] ubi0: background thread "ubi_bgt0d" started, PID 27535 [ 1920.279985][T27359] 8021q: adding VLAN 0 to HW filter on device team0 [ 1920.350770][T26606] bridge0: port 1(bridge_slave_0) entered blocking state [ 1920.358071][T26606] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1920.441750][T26606] bridge0: port 2(bridge_slave_1) entered blocking state [ 1920.448943][T26606] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1920.671922][T27552] IPVS: length: 4089 != 8 [ 1920.699200][T22927] Bluetooth: hci0: command 0x041b tx timeout [ 1920.822504][T17645] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1920.840983][T17645] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1920.854740][T17645] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1920.872887][T17645] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1920.881050][T17645] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1920.889214][T17645] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1921.088249][T27576] netlink: 'syz.1.5656': attribute type 10 has an invalid length. [ 1921.102154][T27576] netlink: 212412 bytes leftover after parsing attributes in process `syz.1.5656'. [ 1921.132245][T27576] openvswitch: netlink: Flow key attr not present in new flow. [ 1921.280778][ T62] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1921.326135][T27359] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1921.416098][ T62] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1921.561134][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1921.634081][ T62] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1921.944336][ T62] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1922.007418][T27359] veth0_vlan: entered promiscuous mode [ 1922.042026][T27359] veth1_vlan: entered promiscuous mode [ 1922.106050][T27556] chnl_net:caif_netlink_parms(): no params data found [ 1922.173111][T27359] veth0_macvtap: entered promiscuous mode [ 1922.197825][T24857] usb 2-1: new high-speed USB device number 94 using dummy_hcd [ 1922.236942][ T62] bridge_slave_1: left allmulticast mode [ 1922.252184][ T62] bridge_slave_1: left promiscuous mode [ 1922.272020][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 1922.298303][ T62] bridge_slave_0: left allmulticast mode [ 1922.305433][ T62] bridge_slave_0: left promiscuous mode [ 1922.313401][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 1922.369213][T24857] usb 2-1: Using ep0 maxpacket: 8 [ 1922.391425][T24857] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 1922.410080][T24857] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1922.448271][T24857] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1922.488472][T24857] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1922.531707][T24857] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1922.606442][T24857] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1922.825523][T24857] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1922.919188][T17645] Bluetooth: hci2: command tx timeout [ 1923.396066][T24857] usb 2-1: GET_CAPABILITIES returned 0 [ 1923.484623][T24857] usbtmc 2-1:16.0: can't read capabilities [ 1923.601051][ T29] audit: type=1326 audit(1726833038.232:1465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27611 comm="syz.1.5661" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f12f4b7def9 code=0x0 [ 1924.176338][T10102] usb 2-1: USB disconnect, device number 94 [ 1924.777306][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1924.789057][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1924.800174][ T62] bond0 (unregistering): Released all slaves [ 1924.956386][ T62] bond1 (unregistering): Released all slaves [ 1924.967794][T27359] veth1_macvtap: entered promiscuous mode [ 1924.983231][T27650] netlink: 'syz.1.5666': attribute type 3 has an invalid length. [ 1924.994150][T27650] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.5666'. [ 1925.005725][T17645] Bluetooth: hci2: command tx timeout [ 1925.014278][T27651] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5667'. [ 1925.206517][T27556] bridge0: port 1(bridge_slave_0) entered blocking state [ 1925.238046][T27556] bridge0: port 1(bridge_slave_0) entered disabled state [ 1925.262519][T27659] FAULT_INJECTION: forcing a failure. [ 1925.262519][T27659] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1925.264331][T27556] bridge_slave_0: entered allmulticast mode [ 1925.287086][T27659] CPU: 1 UID: 0 PID: 27659 Comm: syz.1.5669 Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0 [ 1925.297526][T27659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1925.307592][T27659] Call Trace: [ 1925.310875][T27659] [ 1925.313799][T27659] dump_stack_lvl+0x241/0x360 [ 1925.318481][T27659] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1925.323680][T27659] ? __pfx__printk+0x10/0x10 [ 1925.328276][T27659] ? __pfx_lock_release+0x10/0x10 [ 1925.333298][T27659] ? fcntl_getlk+0x69e/0xb20 [ 1925.337883][T27659] should_fail_ex+0x3b0/0x4e0 [ 1925.342569][T27659] _copy_to_user+0x2f/0xb0 [ 1925.347017][T27659] do_fcntl+0xdeb/0x1a60 [ 1925.351293][T27659] ? smack_file_fcntl+0x14e/0x360 [ 1925.356324][T27659] ? __pfx_do_fcntl+0x10/0x10 [ 1925.361021][T27659] ? __pfx_smack_file_fcntl+0x10/0x10 [ 1925.366405][T27659] ? tomoyo_file_fcntl+0x7d/0x200 [ 1925.371468][T27659] __se_sys_fcntl+0xd2/0x1e0 [ 1925.376069][T27659] do_syscall_64+0xf3/0x230 [ 1925.380595][T27659] ? clear_bhb_loop+0x35/0x90 [ 1925.385297][T27659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1925.391198][T27659] RIP: 0033:0x7f12f4b7def9 [ 1925.395711][T27659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1925.415353][T27659] RSP: 002b:00007f12f592c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 1925.416498][T27556] bridge_slave_0: entered promiscuous mode [ 1925.423784][T27659] RAX: ffffffffffffffda RBX: 00007f12f4d35f80 RCX: 00007f12f4b7def9 [ 1925.423804][T27659] RDX: 0000000020000140 RSI: 0000000000000024 RDI: 0000000000000003 [ 1925.423818][T27659] RBP: 00007f12f592c090 R08: 0000000000000000 R09: 0000000000000000 [ 1925.423832][T27659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1925.423845][T27659] R13: 0000000000000000 R14: 00007f12f4d35f80 R15: 00007ffd3b00dd98 [ 1925.423873][T27659] [ 1925.554538][T27359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1925.582598][T27359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1925.637854][T27359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1925.667805][T27359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1925.692831][T27359] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1925.731464][T27556] bridge0: port 2(bridge_slave_1) entered blocking state [ 1925.744961][T27556] bridge0: port 2(bridge_slave_1) entered disabled state [ 1925.783853][T27556] bridge_slave_1: entered allmulticast mode [ 1925.804552][T27556] bridge_slave_1: entered promiscuous mode [ 1926.061958][T27658] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1926.128571][T27658] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1926.135357][T27658] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1926.163762][T27556] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1926.178510][T27359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1926.200361][T27359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1926.221696][T27359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1926.235702][T27359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1926.277140][T27658] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1926.321354][T27359] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1926.396205][T27556] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1926.477466][T27359] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1926.537774][T27359] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1926.547659][ T25] usb 2-1: new high-speed USB device number 95 using dummy_hcd [ 1926.571167][T27359] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1926.612887][T27359] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1926.749570][ T25] usb 2-1: Using ep0 maxpacket: 32 [ 1926.819377][ T25] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 1926.837629][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1926.845855][ T25] usb 2-1: Product: syz [ 1926.871489][ T25] usb 2-1: Manufacturer: syz [ 1926.875089][T27556] team0: Port device team_slave_0 added [ 1926.883997][ T25] usb 2-1: SerialNumber: syz [ 1926.916247][T27556] team0: Port device team_slave_1 added [ 1926.924286][ T25] usb 2-1: config 0 descriptor?? [ 1926.950390][ T25] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 1926.979495][ T62] hsr_slave_0: left promiscuous mode [ 1926.998544][ T62] hsr_slave_1: left promiscuous mode [ 1927.007492][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1927.015797][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1927.029849][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1927.037390][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1927.075768][ T62] veth1_macvtap: left promiscuous mode [ 1927.083632][ T62] veth0_macvtap: left promiscuous mode [ 1927.093012][ T62] veth1_vlan: left promiscuous mode [ 1927.100652][ T62] veth0_vlan: left promiscuous mode [ 1927.622161][T27666] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5671'. [ 1927.862093][T17645] Bluetooth: hci0: command 0x041b tx timeout [ 1928.025060][T27691] IPVS: length: 4089 != 8 [ 1928.197833][T17645] Bluetooth: hci2: command 0x0419 tx timeout [ 1928.410103][T27666] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5671'. [ 1928.437523][ T25] gspca_ov534_9: reg_w failed -71 [ 1928.624820][ T62] team0 (unregistering): Port device team_slave_1 removed [ 1928.731680][ T62] team0 (unregistering): Port device team_slave_0 removed [ 1928.757969][ T25] gspca_ov534_9: Unknown sensor 0000 [ 1928.758040][ T25] ov534_9 2-1:0.0: probe with driver ov534_9 failed with error -22 [ 1928.815262][ T25] usb 2-1: USB disconnect, device number 95 [ 1929.199788][T27694] FAULT_INJECTION: forcing a failure. [ 1929.199788][T27694] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1929.213270][T27694] CPU: 0 UID: 0 PID: 27694 Comm: syz.4.5675 Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0 [ 1929.223712][T27694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1929.233781][T27694] Call Trace: [ 1929.237070][T27694] [ 1929.239995][T27694] dump_stack_lvl+0x241/0x360 [ 1929.244683][T27694] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1929.249908][T27694] ? __pfx__printk+0x10/0x10 [ 1929.254506][T27694] ? __pfx_lock_release+0x10/0x10 [ 1929.259543][T27694] should_fail_ex+0x3b0/0x4e0 [ 1929.264226][T27694] _copy_from_iter+0x1ed/0x1d60 [ 1929.269094][T27694] ? __virt_addr_valid+0x183/0x530 [ 1929.274205][T27694] ? __pfx_lock_release+0x10/0x10 [ 1929.279273][T27694] ? __alloc_skb+0x28f/0x440 [ 1929.283875][T27694] ? __pfx__copy_from_iter+0x10/0x10 [ 1929.289190][T27694] ? __virt_addr_valid+0x183/0x530 [ 1929.294293][T27694] ? __virt_addr_valid+0x183/0x530 [ 1929.299399][T27694] ? __virt_addr_valid+0x45f/0x530 [ 1929.304512][T27694] ? __check_object_size+0x49c/0x900 [ 1929.309801][T27694] pfkey_sendmsg+0x235/0x1050 [ 1929.314482][T27694] ? smack_socket_sendmsg+0x178/0x540 [ 1929.319861][T27694] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 1929.324981][T27694] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 1929.330703][T27694] ? tomoyo_socket_sendmsg_permission+0x288/0x420 [ 1929.337123][T27694] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 1929.343885][T27694] ? __might_fault+0xaa/0x120 [ 1929.348556][T27694] ? __pfx_lock_release+0x10/0x10 [ 1929.353584][T27694] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 1929.358689][T27694] __sock_sendmsg+0x221/0x270 [ 1929.363385][T27694] ____sys_sendmsg+0x52a/0x7e0 [ 1929.368186][T27694] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1929.373523][T27694] __sys_sendmsg+0x2aa/0x390 [ 1929.378126][T27694] ? __pfx___sys_sendmsg+0x10/0x10 [ 1929.383251][T27694] ? vfs_write+0x7bf/0xc90 [ 1929.387790][T27694] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1929.394146][T27694] ? do_syscall_64+0x100/0x230 [ 1929.398935][T27694] ? do_syscall_64+0xb6/0x230 [ 1929.403650][T27694] do_syscall_64+0xf3/0x230 [ 1929.408188][T27694] ? clear_bhb_loop+0x35/0x90 [ 1929.412883][T27694] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1929.418823][T27694] RIP: 0033:0x7ff402b7def9 [ 1929.423279][T27694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1929.442901][T27694] RSP: 002b:00007ff4039d7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1929.451311][T27694] RAX: ffffffffffffffda RBX: 00007ff402d35f80 RCX: 00007ff402b7def9 [ 1929.459285][T27694] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007 [ 1929.467259][T27694] RBP: 00007ff4039d7090 R08: 0000000000000000 R09: 0000000000000000 [ 1929.475248][T27694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1929.483223][T27694] R13: 0000000000000000 R14: 00007ff402d35f80 R15: 00007ffcac514048 [ 1929.491201][T27694] [ 1930.277641][T17645] Bluetooth: hci2: command 0x0419 tx timeout [ 1930.443278][T27700] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5676'. [ 1930.462550][T27709] tipc: Started in network mode [ 1930.471157][T27709] tipc: Node identity 7f000001, cluster identity 4711 [ 1930.478763][T27709] tipc: New replicast peer: 172.20.20.53 [ 1930.488964][T27709] tipc: Enabled bearer , priority 10 [ 1930.512758][T27556] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1930.539398][T27556] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1930.594163][T27556] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1930.625263][T27701] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5676'. [ 1930.651078][T27702] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5676'. [ 1930.732653][T27556] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1930.741014][T27556] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1930.804271][T27556] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1931.004239][T27556] hsr_slave_0: entered promiscuous mode [ 1931.035197][T27556] hsr_slave_1: entered promiscuous mode [ 1931.066830][T27556] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1931.074831][T27556] Cannot create hsr debugfs directory [ 1931.095326][T27717] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5680'. [ 1931.145814][ T2895] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1931.177773][ T2895] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1931.295139][T17582] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1931.315030][T17582] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1931.345091][T27729] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5682'. [ 1931.359675][T27729] Bluetooth: MGMT ver 1.23 [ 1931.596775][T24857] tipc: Node number set to 2130706433 [ 1932.368274][T17645] Bluetooth: hci2: command 0x0419 tx timeout [ 1932.651262][ T62] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1932.718594][ T62] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1932.829186][ T62] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1932.841214][T27556] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1932.852612][T27556] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1932.861933][T27556] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1932.871776][T27556] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1932.902686][ T62] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1932.984944][T27556] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1933.031938][T27556] 8021q: adding VLAN 0 to HW filter on device team0 [ 1933.068814][T26606] bridge0: port 1(bridge_slave_0) entered blocking state [ 1933.075946][T26606] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1933.085807][T26606] bridge0: port 2(bridge_slave_1) entered blocking state [ 1933.092954][T26606] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1933.192354][ T62] bridge_slave_1: left allmulticast mode [ 1933.198679][ T62] bridge_slave_1: left promiscuous mode [ 1933.206899][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 1933.223333][ T62] bridge_slave_0: left allmulticast mode [ 1933.229443][ T62] bridge_slave_0: left promiscuous mode [ 1933.235166][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 1933.897082][ T5290] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 1933.961457][T22927] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1933.981464][T22927] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1933.994795][T22927] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1934.003450][T22927] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1934.003890][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1934.024529][T27789] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1934.033390][T22927] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1934.041008][T27789] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1934.049522][ T5290] usb 3-1: device descriptor read/64, error -71 [ 1934.056869][T22927] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1934.088432][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1934.106854][ T62] bond0 (unregistering): Released all slaves [ 1934.132788][T27770] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5686'. [ 1934.299009][ T5290] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 1934.437949][T22927] Bluetooth: hci2: command 0x0419 tx timeout [ 1934.468737][ T5290] usb 3-1: device descriptor read/64, error -71 [ 1934.573048][T27556] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1934.589159][ T5290] usb usb3-port1: attempt power cycle [ 1934.598197][ T25] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 1934.631154][T27784] chnl_net:caif_netlink_parms(): no params data found [ 1934.663956][ T62] hsr_slave_0: left promiscuous mode [ 1934.672148][ T62] hsr_slave_1: left promiscuous mode [ 1934.687457][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1934.695517][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1934.705312][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1934.716425][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1934.747550][ T62] veth1_macvtap: left promiscuous mode [ 1934.756605][ T62] veth0_macvtap: left promiscuous mode [ 1934.764766][ T62] veth1_vlan: left promiscuous mode [ 1934.774338][ T25] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1934.774427][ T62] veth0_vlan: left promiscuous mode [ 1934.787713][ T25] usb 5-1: can't read configurations, error -61 [ 1934.937694][ T25] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 1934.947760][ T5290] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 1934.971553][ T5290] usb 3-1: device descriptor read/8, error -71 [ 1935.115191][ T25] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1935.239941][ T5290] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 1935.309170][ T25] usb 5-1: can't read configurations, error -61 [ 1935.319015][ T25] usb usb5-port1: attempt power cycle [ 1935.331120][ T5290] usb 3-1: device descriptor read/8, error -71 [ 1935.448490][ T5290] usb usb3-port1: unable to enumerate USB device [ 1935.804987][ T62] team0 (unregistering): Port device team_slave_1 removed [ 1935.832036][ T25] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 1935.867148][ T62] team0 (unregistering): Port device team_slave_0 removed [ 1935.892807][ T25] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1935.903934][ T25] usb 5-1: can't read configurations, error -61 [ 1936.047735][ T25] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 1936.069836][ T25] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1936.081138][ T25] usb 5-1: can't read configurations, error -61 [ 1936.088400][ T25] usb usb5-port1: unable to enumerate USB device [ 1936.133019][T22927] Bluetooth: hci0: command tx timeout [ 1936.622048][T27556] veth0_vlan: entered promiscuous mode [ 1936.642222][T27784] bridge0: port 1(bridge_slave_0) entered blocking state [ 1936.667776][T27784] bridge0: port 1(bridge_slave_0) entered disabled state [ 1936.682112][T27784] bridge_slave_0: entered allmulticast mode [ 1936.695897][T27784] bridge_slave_0: entered promiscuous mode [ 1936.723054][T27556] veth1_vlan: entered promiscuous mode [ 1937.009959][T27834] UBIFS error (pid: 27834): cannot open "./file0", error -22 [ 1937.487100][T27784] bridge0: port 2(bridge_slave_1) entered blocking state [ 1937.505979][T27838] FAULT_INJECTION: forcing a failure. [ 1937.505979][T27838] name failslab, interval 1, probability 0, space 0, times 0 [ 1937.507590][T27784] bridge0: port 2(bridge_slave_1) entered disabled state [ 1937.519734][T27838] CPU: 0 UID: 0 PID: 27838 Comm: syz.2.5697 Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0 [ 1937.530853][T27784] bridge_slave_1: entered allmulticast mode [ 1937.536033][T27838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1937.543016][T27784] bridge_slave_1: entered promiscuous mode [ 1937.551944][T27838] Call Trace: [ 1937.551956][T27838] [ 1937.551966][T27838] dump_stack_lvl+0x241/0x360 [ 1937.568734][T27838] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1937.573975][T27838] ? __pfx__printk+0x10/0x10 [ 1937.578602][T27838] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 1937.584082][T27838] ? __pfx___might_resched+0x10/0x10 [ 1937.589375][T27838] should_fail_ex+0x3b0/0x4e0 [ 1937.594059][T27838] should_failslab+0xac/0x100 [ 1937.598740][T27838] ? alloc_bprm+0x2d6/0xe20 [ 1937.603248][T27838] __kmalloc_cache_noprof+0x6c/0x2c0 [ 1937.608629][T27838] alloc_bprm+0x2d6/0xe20 [ 1937.612971][T27838] ? __might_fault+0xaa/0x120 [ 1937.617679][T27838] ? __pfx_lock_release+0x10/0x10 [ 1937.622741][T27838] ? __pfx_alloc_bprm+0x10/0x10 [ 1937.627605][T27838] ? __virt_addr_valid+0x183/0x530 [ 1937.632737][T27838] ? __phys_addr_symbol+0x2f/0x70 [ 1937.637762][T27838] ? __check_object_size+0x49c/0x900 [ 1937.643064][T27838] do_execveat_common+0x18c/0x6f0 [ 1937.648101][T27838] __x64_sys_execveat+0xc4/0xe0 [ 1937.652959][T27838] do_syscall_64+0xf3/0x230 [ 1937.657479][T27838] ? clear_bhb_loop+0x35/0x90 [ 1937.662183][T27838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1937.668086][T27838] RIP: 0033:0x7feda5b7def9 [ 1937.672516][T27838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1937.692133][T27838] RSP: 002b:00007feda68ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 1937.700555][T27838] RAX: ffffffffffffffda RBX: 00007feda5d35f80 RCX: 00007feda5b7def9 [ 1937.708526][T27838] RDX: 0000000000000000 RSI: 0000000020000040 RDI: ffffffffffffff9c [ 1937.716512][T27838] RBP: 00007feda68ff090 R08: 0000000000000000 R09: 0000000000000000 [ 1937.724484][T27838] R10: 0000000020000640 R11: 0000000000000246 R12: 0000000000000001 [ 1937.732451][T27838] R13: 0000000000000000 R14: 00007feda5d35f80 R15: 00007ffd1d639f98 [ 1937.740433][T27838] [ 1937.791831][T27556] veth0_macvtap: entered promiscuous mode [ 1937.801634][T27556] veth1_macvtap: entered promiscuous mode [ 1937.829971][T27556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1937.840479][T27556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1937.853209][T27556] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1937.862862][T27556] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1937.862883][T27556] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1937.863799][T27556] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1937.867206][T27556] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1937.902178][T27556] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1937.910943][T27556] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1937.919853][T27556] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1937.984894][T13329] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1937.993546][T13329] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1938.033526][T13329] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1938.047859][T13329] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1938.059203][T27784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1938.157351][T27784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1938.198768][T22927] Bluetooth: hci0: command tx timeout [ 1938.251456][T27840] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5699'. [ 1938.260714][T24857] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 1938.326198][T27784] team0: Port device team_slave_0 added [ 1938.352347][T27784] team0: Port device team_slave_1 added [ 1938.391859][T27784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1938.400017][T27784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1938.428147][T27784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1938.441060][T24857] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1938.443573][T27868] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5702'. [ 1938.466957][T27868] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1938.469034][T24857] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1938.476467][T27868] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1938.496064][T27868] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1938.504905][T27868] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1938.507722][T24857] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1938.526622][T27868] vxlan0: entered promiscuous mode [ 1938.543202][T27784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1938.554378][T24857] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1938.570662][T27784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1938.600554][T24857] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1938.609741][ T25] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 1938.617513][T24857] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1938.625797][T27784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1938.640648][T24857] usb 5-1: config 0 descriptor?? [ 1938.704476][T27784] hsr_slave_0: entered promiscuous mode [ 1938.711341][T27784] hsr_slave_1: entered promiscuous mode [ 1938.717920][T27784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1938.725508][T27784] Cannot create hsr debugfs directory [ 1938.768137][ T25] usb 3-1: device descriptor read/64, error -71 [ 1939.028430][ T25] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 1939.189703][ T9763] usb 2-1: new high-speed USB device number 96 using dummy_hcd [ 1939.198999][ T25] usb 3-1: device descriptor read/64, error -71 [ 1939.330406][ T25] usb usb3-port1: attempt power cycle [ 1939.345682][T27784] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1939.357711][ T9763] usb 2-1: device descriptor read/64, error -71 [ 1939.372623][T27784] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1939.383925][T27784] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1939.399078][T27784] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1939.511326][T27784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1939.542628][T27784] 8021q: adding VLAN 0 to HW filter on device team0 [ 1939.562071][ T62] bridge0: port 1(bridge_slave_0) entered blocking state [ 1939.569232][ T62] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1939.591086][T17582] bridge0: port 2(bridge_slave_1) entered blocking state [ 1939.598323][T17582] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1939.609113][ T9763] usb 2-1: new high-speed USB device number 97 using dummy_hcd [ 1939.697788][ T25] usb 3-1: new high-speed USB device number 73 using dummy_hcd [ 1939.738878][ T25] usb 3-1: device descriptor read/8, error -71 [ 1939.767961][ T9763] usb 2-1: device descriptor read/64, error -71 [ 1939.878862][ T9763] usb usb2-port1: attempt power cycle [ 1939.916758][T27784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1939.988117][ T25] usb 3-1: new high-speed USB device number 74 using dummy_hcd [ 1940.011130][T27784] veth0_vlan: entered promiscuous mode [ 1940.030824][ T25] usb 3-1: device descriptor read/8, error -71 [ 1940.039833][T27784] veth1_vlan: entered promiscuous mode [ 1940.082473][T27784] veth0_macvtap: entered promiscuous mode [ 1940.102867][T27784] veth1_macvtap: entered promiscuous mode [ 1940.126430][T27784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1940.138113][T27784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1940.148641][ T25] usb usb3-port1: unable to enumerate USB device [ 1940.162615][T27784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1940.176761][T27784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1940.191893][T27784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1940.213305][T27784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1940.226000][T27784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1940.239939][T27784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1940.250726][ T9763] usb 2-1: new high-speed USB device number 98 using dummy_hcd [ 1940.262436][T27784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1940.276511][T27784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1940.278265][T22927] Bluetooth: hci0: command tx timeout [ 1940.297228][T27784] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1940.308897][ T9763] usb 2-1: device descriptor read/8, error -71 [ 1940.315315][T27784] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1940.326082][T27784] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1940.341831][T27784] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1940.484736][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1940.527621][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1940.557854][ T9763] usb 2-1: new high-speed USB device number 99 using dummy_hcd [ 1940.569783][T26606] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1940.589961][ T9763] usb 2-1: device descriptor read/8, error -71 [ 1940.591547][T26606] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1940.656859][T24857] usbhid 5-1:0.0: can't add hid device: -71 [ 1940.669371][T24857] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1940.691493][T24857] usb 5-1: USB disconnect, device number 64 [ 1940.698609][ T9763] usb usb2-port1: unable to enumerate USB device [ 1940.799093][T27934] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5705'. [ 1941.157801][T24857] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 1941.320522][T24857] usb 5-1: Using ep0 maxpacket: 8 [ 1941.333846][T24857] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1941.344601][T24857] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1941.358683][T24857] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1941.371313][T24857] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1941.394900][T24857] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1941.409134][T27938] FAULT_INJECTION: forcing a failure. [ 1941.409134][T27938] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1941.427982][T27938] CPU: 0 UID: 0 PID: 27938 Comm: syz.3.5707 Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0 [ 1941.438449][T27938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1941.448536][T27938] Call Trace: [ 1941.451839][T27938] [ 1941.454791][T27938] dump_stack_lvl+0x241/0x360 [ 1941.459516][T27938] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1941.464756][T27938] ? __pfx__printk+0x10/0x10 [ 1941.469388][T27938] ? snprintf+0xda/0x120 [ 1941.473658][T27938] should_fail_ex+0x3b0/0x4e0 [ 1941.478372][T27938] _copy_to_user+0x2f/0xb0 [ 1941.482824][T27938] simple_read_from_buffer+0xca/0x150 [ 1941.488237][T27938] proc_fail_nth_read+0x1e9/0x250 [ 1941.493299][T27938] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1941.498884][T27938] ? rw_verify_area+0x55e/0x6f0 [ 1941.503769][T27938] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1941.509344][T27938] vfs_read+0x201/0xbc0 [ 1941.513532][T27938] ? __pfx_lock_release+0x10/0x10 [ 1941.518597][T27938] ? __pfx_sock_write_iter+0x10/0x10 [ 1941.524104][T27938] ? __pfx_vfs_read+0x10/0x10 [ 1941.528840][T27938] ? __fget_files+0x3f3/0x470 [ 1941.533572][T27938] ? __fdget_pos+0x24e/0x320 [ 1941.538198][T27938] ksys_read+0x1a0/0x2c0 [ 1941.542506][T27938] ? __pfx_ksys_read+0x10/0x10 [ 1941.547394][T27938] ? do_syscall_64+0x100/0x230 [ 1941.552200][T27938] ? do_syscall_64+0xb6/0x230 [ 1941.556916][T27938] do_syscall_64+0xf3/0x230 [ 1941.561471][T27938] ? clear_bhb_loop+0x35/0x90 [ 1941.566186][T27938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1941.572118][T27938] RIP: 0033:0x7f3fcb57c93c [ 1941.576561][T27938] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 1941.596201][T27938] RSP: 002b:00007f3fcc339030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1941.604655][T27938] RAX: ffffffffffffffda RBX: 00007f3fcb735f80 RCX: 00007f3fcb57c93c [ 1941.612646][T27938] RDX: 000000000000000f RSI: 00007f3fcc3390a0 RDI: 0000000000000004 [ 1941.620634][T27938] RBP: 00007f3fcc339090 R08: 0000000000000000 R09: 0000000000000000 [ 1941.628627][T27938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1941.636624][T27938] R13: 0000000000000000 R14: 00007f3fcb735f80 R15: 00007ffc5a890128 [ 1941.644628][T27938] [ 1941.658284][T24857] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1941.991607][T24857] usb 5-1: usb_control_msg returned -32 [ 1941.999287][T24857] usbtmc 5-1:16.0: can't read capabilities [ 1942.317524][T24857] usb 5-1: USB disconnect, device number 65 [ 1944.834434][ T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1945.944029][T27970] IPVS: length: 4089 != 8 [ 1945.987424][T27972] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5717'. [ 1946.027676][T27972] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5717'. [ 1946.081929][ T5267] usb 3-1: new high-speed USB device number 75 using dummy_hcd [ 1946.107669][ T9] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 1946.165112][T17645] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1946.182996][T17645] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1946.193211][T17645] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1946.205006][T17645] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1946.213834][T17645] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1946.226893][T17645] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1946.257727][ T5267] usb 3-1: device descriptor read/64, error -71 [ 1946.309932][ T9] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1946.337808][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1946.353859][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1946.397619][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1946.424853][ T9] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1946.434529][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1946.448264][ T9] usb 5-1: config 0 descriptor?? [ 1946.520902][ T5267] usb 3-1: new high-speed USB device number 76 using dummy_hcd [ 1946.534953][ T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1946.558436][T27973] chnl_net:caif_netlink_parms(): no params data found [ 1946.662627][ T5267] usb 3-1: device descriptor read/64, error -71 [ 1946.672686][ T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1946.713520][T22906] usb 2-1: new high-speed USB device number 100 using dummy_hcd [ 1946.777959][ T5267] usb usb3-port1: attempt power cycle [ 1946.813166][ T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1946.847761][T27973] bridge0: port 1(bridge_slave_0) entered blocking state [ 1946.866444][T27973] bridge0: port 1(bridge_slave_0) entered disabled state [ 1946.877694][T22906] usb 2-1: device descriptor read/64, error -71 [ 1946.885079][T27973] bridge_slave_0: entered allmulticast mode [ 1946.893061][T27973] bridge_slave_0: entered promiscuous mode [ 1946.902770][T27973] bridge0: port 2(bridge_slave_1) entered blocking state [ 1946.910484][T27973] bridge0: port 2(bridge_slave_1) entered disabled state [ 1946.929462][T27973] bridge_slave_1: entered allmulticast mode [ 1946.936689][T27973] bridge_slave_1: entered promiscuous mode [ 1946.991997][T27973] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1947.014035][T27973] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1947.117749][T22906] usb 2-1: new high-speed USB device number 101 using dummy_hcd [ 1947.121930][T27973] team0: Port device team_slave_0 added [ 1947.132072][ T5267] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 1947.151888][T27973] team0: Port device team_slave_1 added [ 1947.160746][ T5267] usb 3-1: device descriptor read/8, error -71 [ 1947.242242][ T35] bridge_slave_1: left allmulticast mode [ 1947.248654][T22906] usb 2-1: device descriptor read/64, error -71 [ 1947.267682][ T35] bridge_slave_1: left promiscuous mode [ 1947.273464][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 1947.300266][ T35] bridge_slave_0: left allmulticast mode [ 1947.305933][ T35] bridge_slave_0: left promiscuous mode [ 1947.327821][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 1947.360131][T22906] usb usb2-port1: attempt power cycle [ 1947.407723][ T5267] usb 3-1: new high-speed USB device number 78 using dummy_hcd [ 1947.443668][ T5267] usb 3-1: device descriptor read/8, error -71 [ 1947.558338][ T5267] usb usb3-port1: unable to enumerate USB device [ 1947.727658][T22906] usb 2-1: new high-speed USB device number 102 using dummy_hcd [ 1947.772209][T22906] usb 2-1: device descriptor read/8, error -71 [ 1948.031630][T22906] usb 2-1: new high-speed USB device number 103 using dummy_hcd [ 1948.104315][ T29] audit: type=1400 audit(1726833062.742:1466): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=27986 comm="syz.3.5719" [ 1948.279257][T17645] Bluetooth: hci0: command tx timeout [ 1948.336847][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1948.436337][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1948.500461][ T35] bond0 (unregistering): Released all slaves [ 1948.642767][T27973] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1948.653573][T27973] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1948.687014][T27973] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1948.712561][T27973] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1948.724149][T27973] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1948.755330][T27973] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1948.824121][T27973] hsr_slave_0: entered promiscuous mode [ 1948.881252][T22906] usb 2-1: device descriptor read/8, error -71 [ 1948.889451][T27973] hsr_slave_1: entered promiscuous mode [ 1948.897796][T27973] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1948.905468][T27973] Cannot create hsr debugfs directory [ 1949.007638][T22906] usb usb2-port1: unable to enumerate USB device [ 1950.383050][T22927] Bluetooth: hci0: command tx timeout [ 1950.505039][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 1950.525386][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1950.559940][ T9] usb 5-1: USB disconnect, device number 66 [ 1950.597786][T24857] usb 3-1: new high-speed USB device number 79 using dummy_hcd [ 1950.670392][ T35] hsr_slave_0: left promiscuous mode [ 1950.680417][ T35] hsr_slave_1: left promiscuous mode [ 1950.697860][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1950.717653][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1950.725352][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1950.738021][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1950.759762][T24857] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1950.772266][ T5290] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 1950.787927][T24857] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1950.803133][ T35] veth1_macvtap: left promiscuous mode [ 1950.807762][T22906] usb 2-1: new high-speed USB device number 104 using dummy_hcd [ 1950.809611][T24857] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 1950.825873][ T35] veth0_macvtap: left promiscuous mode [ 1950.831774][ T35] veth1_vlan: left promiscuous mode [ 1950.837253][ T35] veth0_vlan: left promiscuous mode [ 1950.844941][T24857] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1950.858790][T24857] usb 3-1: config 0 descriptor?? [ 1950.957876][ T5290] usb 4-1: Using ep0 maxpacket: 32 [ 1950.976304][ T5290] usb 4-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=66.3d [ 1951.029993][ T5290] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1951.239023][ T5290] usb 4-1: config 0 descriptor?? [ 1951.429806][ T5290] cx82310_eth 4-1:0.0: probe with driver cx82310_eth failed with error -22 [ 1951.469213][ T5290] cxacru 4-1:0.0: usbatm_usb_probe: bind failed: -19! [ 1951.565150][T28011] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1951.604724][T28011] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1951.939613][T24857] hid-multitouch 0003:1FD2:6007.00FE: unbalanced collection at end of report description [ 1951.950964][T24857] hid-multitouch 0003:1FD2:6007.00FE: probe with driver hid-multitouch failed with error -22 [ 1952.660896][T22927] Bluetooth: hci0: command 0x040f tx timeout [ 1952.860858][T28020] erofs: (device nbd3): erofs_read_superblock: cannot find valid erofs superblock [ 1952.873935][ T29] audit: type=1400 audit(1726833067.502:1467): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=28012 comm="syz.4.5726" daddr=::ffff:172.20.20.187 [ 1952.979447][ T5290] usb 3-1: USB disconnect, device number 79 [ 1954.747835][ T9] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 1954.785108][ T35] team0 (unregistering): Port device team_slave_1 removed [ 1954.853582][ T35] team0 (unregistering): Port device team_slave_0 removed [ 1954.897840][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 1954.910422][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1954.937267][ T9] usb 5-1: New USB device found, idVendor=08ca, idProduct=2060, bcdDevice=c6.58 [ 1954.952009][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1954.960532][ T9] usb 5-1: Product: syz [ 1954.964775][ T9] usb 5-1: Manufacturer: syz [ 1954.974729][ T9] usb 5-1: SerialNumber: syz [ 1954.998832][ T9] usb 5-1: config 0 descriptor?? [ 1955.011320][ T9] gspca_main: sunplus-2.14.0 probing 08ca:2060 [ 1955.562289][T28018] syzkaller1: entered promiscuous mode [ 1955.568237][T28018] syzkaller1: entered allmulticast mode [ 1955.727876][ T9] gspca_sunplus: reg_w_1 err -110 [ 1955.733093][T28033] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5729'. [ 1955.746091][T22906] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1955.762418][T22906] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 1955.772163][T22906] usb 2-1: can't read configurations, error -71 [ 1955.792587][T28035] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5729'. [ 1955.850588][ T25] usb 4-1: USB disconnect, device number 18 [ 1955.996679][T28040] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5730'. [ 1956.141007][T28036] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5729'. [ 1956.202731][T28029] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1956.212682][T28029] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 1956.347766][ T25] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 1956.487663][ T25] usb 4-1: device descriptor read/64, error -71 [ 1956.809160][ T25] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 1957.452908][ T35] bridge_slave_1: left allmulticast mode [ 1957.472731][ T35] bridge_slave_1: left promiscuous mode [ 1957.500022][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 1957.508646][ T9] sunplus 5-1:0.0: probe with driver sunplus failed with error -110 [ 1957.529216][ T35] bridge_slave_0: left allmulticast mode [ 1957.532122][ T9] usb 5-1: USB disconnect, device number 67 [ 1957.534877][ T35] bridge_slave_0: left promiscuous mode [ 1957.548436][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 1957.577714][ T25] usb 4-1: device descriptor read/64, error -71 [ 1957.608493][T22906] usb 2-1: new high-speed USB device number 106 using dummy_hcd [ 1957.689482][ T25] usb usb4-port1: attempt power cycle [ 1957.737849][T22906] usb 2-1: device descriptor read/64, error -71 [ 1957.826144][ T35] erspan0 (unregistering): left promiscuous mode [ 1957.853955][ T35] gretap0 (unregistering): left promiscuous mode [ 1957.935439][ T9] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 1957.977746][T22906] usb 2-1: new high-speed USB device number 107 using dummy_hcd [ 1958.217833][ T25] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 1958.240160][ T25] usb 4-1: device descriptor read/8, error -71 [ 1958.552028][ T25] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 1958.593984][ T25] usb 4-1: device descriptor read/8, error -71 [ 1958.622241][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1958.635281][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1958.637735][T22906] usb 2-1: device descriptor read/64, error -71 [ 1958.654724][ T35] bond0 (unregistering): Released all slaves [ 1958.673765][ T9] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1958.692801][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1958.705475][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1958.717965][ T25] usb usb4-port1: unable to enumerate USB device [ 1958.720860][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1958.763610][T22906] usb usb2-port1: attempt power cycle [ 1958.779537][ T9] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1958.790164][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1958.819824][ T9] usb 5-1: config 0 descriptor?? [ 1958.983998][T28081] binder: 28080:28081 unknown command 0 [ 1958.992194][T28081] binder: 28080:28081 ioctl c0306201 20000140 returned -22 [ 1959.066627][T27973] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1959.084998][T27973] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1959.120163][T22906] usb 2-1: new high-speed USB device number 108 using dummy_hcd [ 1959.136594][T27973] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1959.179346][ T35] hsr_slave_0: left promiscuous mode [ 1959.184863][T22906] usb 2-1: device descriptor read/8, error -71 [ 1959.405594][ T35] hsr_slave_1: left promiscuous mode [ 1959.445818][ T35] veth1_macvtap: left promiscuous mode [ 1959.530616][ T35] veth0_macvtap: left promiscuous mode [ 1959.536675][ T35] veth1_vlan: left promiscuous mode [ 1959.563539][ T35] veth0_vlan: left promiscuous mode [ 1960.215813][T28104] ntfs3: nullb0: Primary boot signature is not NTFS. [ 1960.223891][T28104] ntfs3: nullb0: try to read out of volume at offset 0x3e7ffffe00 [ 1960.991169][ T9] plantronics 0003:047F:FFFF.00FF: No inputs registered, leaving [ 1961.075037][T28109] Option ' ' to dns_resolver key: bad/missing value [ 1961.089330][ T9] plantronics 0003:047F:FFFF.00FF: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 1961.398206][ T25] usb 5-1: USB disconnect, device number 68 [ 1961.528245][T22906] usb 2-1: new high-speed USB device number 109 using dummy_hcd [ 1961.548383][T22906] usb 2-1: Using ep0 maxpacket: 16 [ 1961.555458][T22906] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 1961.566391][T22906] usb 2-1: config 0 has no interface number 0 [ 1961.573562][T22906] usb 2-1: too many endpoints for config 0 interface 1 altsetting 10: 113, using maximum allowed: 30 [ 1961.588705][T22906] usb 2-1: config 0 interface 1 altsetting 10 has 0 endpoint descriptors, different from the interface descriptor's value: 113 [ 1961.603067][T22906] usb 2-1: config 0 interface 1 has no altsetting 0 [ 1961.613981][T22906] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 1961.623320][T22906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1961.631601][T22906] usb 2-1: Product: syz [ 1961.635788][T22906] usb 2-1: Manufacturer: syz [ 1961.640593][T22906] usb 2-1: SerialNumber: syz [ 1961.654300][T22906] usb 2-1: config 0 descriptor?? [ 1961.744912][ T35] team0 (unregistering): Port device team_slave_1 removed [ 1961.804436][ T35] team0 (unregistering): Port device team_slave_0 removed [ 1965.133491][T27973] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1965.253863][T28113] tipc: Enabled bearer , priority 10 [ 1965.306279][T28120] IPVS: length: 4089 != 8 [ 1965.479622][T22906] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 1965.527761][T22906] gspca_spca1528: reg_w err -71 [ 1965.547758][T22906] spca1528 2-1:0.1: probe with driver spca1528 failed with error -71 [ 1965.566825][T27973] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1965.592316][T22906] usb 2-1: USB disconnect, device number 109 [ 1965.641963][T27973] 8021q: adding VLAN 0 to HW filter on device team0 [ 1965.693296][T26621] bridge0: port 1(bridge_slave_0) entered blocking state [ 1965.700450][T26621] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1965.752834][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 1965.759985][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1966.018807][T22906] usb 2-1: new high-speed USB device number 110 using dummy_hcd [ 1966.177758][T22906] usb 2-1: Using ep0 maxpacket: 32 [ 1966.212760][T22906] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1966.268480][T22906] usb 2-1: New USB device found, idVendor=08ca, idProduct=2060, bcdDevice=c6.58 [ 1966.302362][T22906] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1966.327816][T11067] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 1966.360016][T22906] usb 2-1: Product: syz [ 1966.384449][T22906] usb 2-1: Manufacturer: syz [ 1966.410600][T22906] usb 2-1: SerialNumber: syz [ 1966.450417][T22906] usb 2-1: config 0 descriptor?? [ 1966.479525][T22906] gspca_main: sunplus-2.14.0 probing 08ca:2060 [ 1966.501557][T11067] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1966.557664][T11067] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1966.578522][T11067] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1966.629171][T11067] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1966.640723][T27973] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1966.647767][T11067] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1966.669674][T11067] usb 5-1: config 0 descriptor?? [ 1966.756133][T27973] veth0_vlan: entered promiscuous mode [ 1966.792792][T27973] veth1_vlan: entered promiscuous mode [ 1966.878252][T27973] veth0_macvtap: entered promiscuous mode [ 1966.887282][T27973] veth1_macvtap: entered promiscuous mode [ 1966.932202][T27973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1966.962955][T27973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1966.987590][T27973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1967.017592][T27973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1967.039783][T27973] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1967.074237][T28140] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5746'. [ 1967.095313][T28124] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5746'. [ 1967.115761][T27973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1967.127323][T11067] plantronics 0003:047F:FFFF.0100: ignoring exceeding usage max [ 1967.139621][T11067] plantronics 0003:047F:FFFF.0100: No inputs registered, leaving [ 1967.146763][T27973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1967.168164][T27973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1967.181533][T27973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1967.206346][T11067] plantronics 0003:047F:FFFF.0100: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 1967.226529][T27973] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1967.252167][T28124] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5746'. [ 1967.257944][T22906] gspca_sunplus: reg_w_1 err -110 [ 1967.286979][T27973] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1967.308818][T27973] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1967.322036][T27973] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1967.331520][T27973] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1967.469927][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1967.478250][ T25] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 1967.488974][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1967.524799][ T2895] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1967.535510][ T2895] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1967.629853][ T25] usb 4-1: device descriptor read/64, error -71 [ 1967.819522][T28145] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5752'. [ 1967.829125][T28145] netlink: 92 bytes leftover after parsing attributes in process `syz.2.5752'. [ 1967.867819][ T25] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 1968.008247][ T25] usb 4-1: device descriptor read/64, error -71 [ 1968.128274][ T25] usb usb4-port1: attempt power cycle [ 1968.831399][T28126] delete_channel: no stack [ 1968.888385][T22906] sunplus 2-1:0.0: probe with driver sunplus failed with error -110 [ 1968.909435][T22906] usb 2-1: USB disconnect, device number 110 [ 1968.980073][T28159] ecryptfs_parse_options: eCryptfs: unrecognized option [&@] [ 1968.991311][T28159] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 1969.005126][T28159] Error parsing options; rc = [-22] [ 1969.090177][T28159] netlink: 'syz.1.5756': attribute type 10 has an invalid length. [ 1969.098492][T28159] bridge0: port 2(bridge_slave_1) entered disabled state [ 1969.105626][T28159] bridge0: port 1(bridge_slave_0) entered disabled state [ 1969.107651][ T25] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 1969.141461][ T25] usb 4-1: device descriptor read/8, error -71 [ 1969.219566][T11067] usb 3-1: new high-speed USB device number 80 using dummy_hcd [ 1969.377759][T11067] usb 3-1: Using ep0 maxpacket: 32 [ 1969.386130][T11067] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 1969.407776][ T25] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 1969.416365][T11067] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 1969.431918][ T25] usb 4-1: device descriptor read/8, error -71 [ 1969.433943][T11067] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1969.438229][ T5267] usb 2-1: new high-speed USB device number 111 using dummy_hcd [ 1969.447852][T11067] usb 3-1: Product: syz [ 1969.462822][T11067] usb 3-1: Manufacturer: syz [ 1969.467508][T11067] usb 3-1: SerialNumber: syz [ 1969.477847][T11067] usb 3-1: config 0 descriptor?? [ 1969.489837][T28161] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1969.498256][T11067] hub 3-1:0.0: bad descriptor, ignoring hub [ 1969.504553][T11067] hub 3-1:0.0: probe with driver hub failed with error -5 [ 1969.516861][T11067] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input73 [ 1969.681566][ T25] usb usb4-port1: unable to enumerate USB device [ 1969.684870][ T9] usb 5-1: USB disconnect, device number 69 [ 1969.761624][ T5267] usb 2-1: New USB device found, idVendor=0403, idProduct=da73, bcdDevice=dc.8d [ 1969.806990][ T5267] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1969.924247][ T5267] usb 2-1: config 0 descriptor?? [ 1970.026632][ T5267] usb 2-1: NDI device with a latency value of 1 [ 1970.438413][ T25] usb 3-1: USB disconnect, device number 80 [ 1970.438533][ C0] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 1970.980547][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1971.002220][ T5267] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 1971.527468][ T5267] ftdi_sio ttyUSB0: unknown device type: 0xdc8d [ 1971.554448][ T5267] usb 2-1: USB disconnect, device number 111 [ 1971.571193][ T5267] ftdi_sio 2-1:0.0: device disconnected [ 1971.814223][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1971.888174][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1971.962491][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1972.073284][ T11] bridge_slave_1: left allmulticast mode [ 1972.079684][ T11] bridge_slave_1: left promiscuous mode [ 1972.085416][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1972.095963][ T11] bridge_slave_0: left allmulticast mode [ 1972.102127][ T11] bridge_slave_0: left promiscuous mode [ 1972.108321][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1972.485516][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1972.496893][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1972.509607][ T11] bond0 (unregistering): Released all slaves [ 1972.819892][T28197] FAULT_INJECTION: forcing a failure. [ 1972.819892][T28197] name failslab, interval 1, probability 0, space 0, times 0 [ 1972.867613][T28197] CPU: 1 UID: 0 PID: 28197 Comm: syz.2.5762 Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0 [ 1972.878072][T28197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1972.888146][T28197] Call Trace: [ 1972.891447][T28197] [ 1972.894403][T28197] dump_stack_lvl+0x241/0x360 [ 1972.899143][T28197] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1972.904382][T28197] ? __pfx__printk+0x10/0x10 [ 1972.909013][T28197] ? ref_tracker_alloc+0x332/0x490 [ 1972.914157][T28197] should_fail_ex+0x3b0/0x4e0 [ 1972.918871][T28197] ? skb_clone+0x20c/0x390 [ 1972.923322][T28197] should_failslab+0xac/0x100 [ 1972.928034][T28197] ? skb_clone+0x20c/0x390 [ 1972.932470][T28197] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 1972.937871][T28197] skb_clone+0x20c/0x390 [ 1972.942139][T28197] __netlink_deliver_tap+0x3cc/0x7c0 [ 1972.947469][T28197] ? netlink_deliver_tap+0x2e/0x1b0 [ 1972.952715][T28197] netlink_deliver_tap+0x19d/0x1b0 [ 1972.957866][T28197] netlink_unicast+0x7c4/0x990 [ 1972.962665][T28197] ? __pfx_netlink_unicast+0x10/0x10 [ 1972.967971][T28197] ? __virt_addr_valid+0x183/0x530 [ 1972.973108][T28197] ? __check_object_size+0x49c/0x900 [ 1972.978423][T28197] netlink_sendmsg+0x8e4/0xcb0 [ 1972.983237][T28197] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1972.988583][T28197] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1972.993898][T28197] __sock_sendmsg+0x221/0x270 [ 1972.998604][T28197] ____sys_sendmsg+0x52a/0x7e0 [ 1973.003400][T28197] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1973.008730][T28197] __sys_sendmsg+0x2aa/0x390 [ 1973.013356][T28197] ? __pfx___sys_sendmsg+0x10/0x10 [ 1973.018488][T28197] ? vfs_write+0x7bf/0xc90 [ 1973.022984][T28197] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1973.029380][T28197] ? do_syscall_64+0x100/0x230 [ 1973.034187][T28197] ? do_syscall_64+0xb6/0x230 [ 1973.038911][T28197] do_syscall_64+0xf3/0x230 [ 1973.043450][T28197] ? clear_bhb_loop+0x35/0x90 [ 1973.048166][T28197] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1973.054086][T28197] RIP: 0033:0x7feda5b7def9 [ 1973.058519][T28197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1973.078149][T28197] RSP: 002b:00007feda68ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1973.086599][T28197] RAX: ffffffffffffffda RBX: 00007feda5d35f80 RCX: 00007feda5b7def9 [ 1973.094598][T28197] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1973.102594][T28197] RBP: 00007feda68ff090 R08: 0000000000000000 R09: 0000000000000000 [ 1973.110599][T28197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1973.118601][T28197] R13: 0000000000000000 R14: 00007feda5d35f80 R15: 00007ffd1d639f98 [ 1973.126618][T28197] [ 1973.140808][T28197] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5762'. [ 1973.164200][T27099] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1973.180188][T27099] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1973.181703][ T11] hsr_slave_0: left promiscuous mode [ 1973.193007][T27099] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1973.228334][ T11] hsr_slave_1: left promiscuous mode [ 1973.239936][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1973.248975][T28206] netlink: 203516 bytes leftover after parsing attributes in process `syz.1.5765'. [ 1973.260676][T27099] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1973.262369][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1973.277337][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1973.292862][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1973.300467][T28207] netlink: 'syz.1.5765': attribute type 2 has an invalid length. [ 1973.307712][ T5267] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 1973.319691][T27099] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1973.328700][T27099] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1973.369365][ T11] veth1_macvtap: left promiscuous mode [ 1973.375024][T17645] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1973.375050][ T11] veth0_macvtap: left promiscuous mode [ 1973.388238][T17645] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1973.390938][ T11] veth1_vlan: left promiscuous mode [ 1973.401120][T17645] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1973.401174][ T11] veth0_vlan: left promiscuous mode [ 1973.415610][T17645] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1973.423641][T17645] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1973.431271][T17645] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1973.468877][ T5267] usb 4-1: Using ep0 maxpacket: 32 [ 1973.476246][ T5267] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1973.502549][ T5267] usb 4-1: New USB device found, idVendor=08ca, idProduct=2060, bcdDevice=c6.58 [ 1973.559910][ T5267] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1974.217461][ T5267] usb 4-1: Product: syz [ 1974.221780][ T5267] usb 4-1: Manufacturer: syz [ 1974.226445][ T5267] usb 4-1: SerialNumber: syz [ 1974.233732][ T5267] usb 4-1: config 0 descriptor?? [ 1974.241848][ T5267] gspca_main: sunplus-2.14.0 probing 08ca:2060 [ 1974.834392][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1974.908315][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1974.947788][ T5267] gspca_sunplus: reg_w_1 err -110 [ 1975.480088][T27099] Bluetooth: hci0: command tx timeout [ 1975.956806][T28206] netlink: 6324 bytes leftover after parsing attributes in process `syz.1.5765'. [ 1975.990965][T28198] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5763'. [ 1976.091029][ T5267] sunplus 4-1:0.0: probe with driver sunplus failed with error -110 [ 1976.102100][T28226] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1976.120296][T28226] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1976.158301][T28226] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1976.164825][ T9] usb 4-1: USB disconnect, device number 27 [ 1976.283161][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 1976.292101][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 1976.466327][T28240] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1976.506580][ T29] audit: type=1326 audit(1726833091.122:1468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28234 comm="syz.3.5772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fcb57def9 code=0x7ffc0000 [ 1976.547913][T22906] usb 2-1: new high-speed USB device number 112 using dummy_hcd [ 1976.787976][ T9] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 1977.150503][T28203] chnl_net:caif_netlink_parms(): no params data found [ 1977.181344][ T29] audit: type=1326 audit(1726833091.122:1469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28234 comm="syz.3.5772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fcb57def9 code=0x7ffc0000 [ 1977.253130][ T29] audit: type=1326 audit(1726833091.122:1470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28234 comm="syz.3.5772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3fcb57def9 code=0x7ffc0000 [ 1977.277804][T22906] usb 2-1: device descriptor read/64, error -71 [ 1977.284682][T28246] FAULT_INJECTION: forcing a failure. [ 1977.284682][T28246] name failslab, interval 1, probability 0, space 0, times 0 [ 1977.305517][ T29] audit: type=1326 audit(1726833091.122:1471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28234 comm="syz.3.5772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fcb57def9 code=0x7ffc0000 [ 1977.327509][T28246] CPU: 0 UID: 0 PID: 28246 Comm: syz.2.5774 Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0 [ 1977.327543][T28246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1977.327557][T28246] Call Trace: [ 1977.327565][T28246] [ 1977.327575][T28246] dump_stack_lvl+0x241/0x360 [ 1977.327614][T28246] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1977.327646][T28246] ? __pfx__printk+0x10/0x10 [ 1977.327683][T28246] ? ref_tracker_alloc+0x332/0x490 [ 1977.327713][T28246] should_fail_ex+0x3b0/0x4e0 [ 1977.327742][T28246] ? skb_clone+0x20c/0x390 [ 1977.327765][T28246] should_failslab+0xac/0x100 [ 1977.348833][ T29] audit: type=1326 audit(1726833091.122:1472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28234 comm="syz.3.5772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fcb57def9 code=0x7ffc0000 [ 1977.351497][T28246] ? skb_clone+0x20c/0x390 [ 1977.377775][ T29] audit: type=1326 audit(1726833091.122:1473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28234 comm="syz.3.5772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f3fcb57fe17 code=0x7ffc0000 [ 1977.378638][T28246] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 1977.383052][ T29] audit: type=1326 audit(1726833091.122:1474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28234 comm="syz.3.5772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f3fcb57fd8c code=0x7ffc0000 [ 1977.387697][T28246] skb_clone+0x20c/0x390 [ 1977.387728][T28246] __netlink_deliver_tap+0x3cc/0x7c0 [ 1977.387772][T28246] ? netlink_deliver_tap+0x2e/0x1b0 [ 1977.418250][ T29] audit: type=1326 audit(1726833091.122:1475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28234 comm="syz.3.5772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f3fcb57fcc4 code=0x7ffc0000 [ 1977.435340][T28246] netlink_deliver_tap+0x19d/0x1b0 [ 1977.435387][T28246] netlink_unicast+0x7c4/0x990 [ 1977.435428][T28246] ? __pfx_netlink_unicast+0x10/0x10 [ 1977.435458][T28246] ? __virt_addr_valid+0x183/0x530 [ 1977.435485][T28246] ? __check_object_size+0x49c/0x900 [ 1977.435517][T28246] netlink_sendmsg+0x8e4/0xcb0 [ 1977.435564][T28246] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1977.435612][T28246] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1977.435644][T28246] __sock_sendmsg+0x221/0x270 [ 1977.435678][T28246] ____sys_sendmsg+0x52a/0x7e0 [ 1977.435714][T28246] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1977.435754][T28246] __sys_sendmsg+0x2aa/0x390 [ 1977.435782][T28246] ? __pfx___sys_sendmsg+0x10/0x10 [ 1977.500845][ T29] audit: type=1326 audit(1726833091.122:1476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28234 comm="syz.3.5772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f3fcb57fcc4 code=0x7ffc0000 [ 1977.504012][T28246] ? vfs_write+0x7bf/0xc90 [ 1977.504089][T28246] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1977.509369][ T29] audit: type=1326 audit(1726833091.122:1477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28234 comm="syz.3.5772" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f3fcb57cb8a code=0x7ffc0000 [ 1977.514054][T28246] ? do_syscall_64+0x100/0x230 [ 1977.622790][T28246] ? do_syscall_64+0xb6/0x230 [ 1977.627520][T28246] do_syscall_64+0xf3/0x230 [ 1977.632064][T28246] ? clear_bhb_loop+0x35/0x90 [ 1977.636781][T28246] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1977.642718][T28246] RIP: 0033:0x7feda5b7def9 [ 1977.647158][T28246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1977.666785][T28246] RSP: 002b:00007feda68ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1977.675233][T28246] RAX: ffffffffffffffda RBX: 00007feda5d35f80 RCX: 00007feda5b7def9 [ 1977.683253][T28246] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000003 [ 1977.691246][T28246] RBP: 00007feda68ff090 R08: 0000000000000000 R09: 0000000000000000 [ 1977.699239][T28246] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1977.707230][T28246] R13: 0000000000000000 R14: 00007feda5d35f80 R15: 00007ffd1d639f98 [ 1977.715243][T28246] [ 1977.725155][ T9] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 1977.733978][ T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1977.744211][ T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1977.753197][ T9] usb 4-1: config 1 has no interface number 0 [ 1977.759365][ T9] usb 4-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30 [ 1977.770150][ T9] usb 4-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32 [ 1977.786766][ T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1977.800378][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1977.823494][ T9] usb 4-1: Product: syz [ 1977.830357][ T9] usb 4-1: Manufacturer: syz [ 1977.845229][ T9] usb 4-1: SerialNumber: syz [ 1977.867733][T22906] usb 2-1: new high-speed USB device number 113 using dummy_hcd [ 1977.889321][ T9] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 1977.916798][ T9] cdc_ncm 4-1:1.1: bind() failure [ 1978.146954][T17645] Bluetooth: hci0: command 0x040f tx timeout [ 1978.468590][T22906] usb 2-1: device descriptor read/64, error -71 [ 1978.863821][T28203] bridge0: port 1(bridge_slave_0) entered blocking state [ 1978.877128][T28203] bridge0: port 1(bridge_slave_0) entered disabled state [ 1978.885027][T28203] bridge_slave_0: entered allmulticast mode [ 1978.905821][T28203] bridge_slave_0: entered promiscuous mode [ 1978.969302][T22906] usb usb2-port1: attempt power cycle [ 1978.976845][T28203] bridge0: port 2(bridge_slave_1) entered blocking state [ 1979.010197][T28203] bridge0: port 2(bridge_slave_1) entered disabled state [ 1979.023868][T28203] bridge_slave_1: entered allmulticast mode [ 1979.042238][T28203] bridge_slave_1: entered promiscuous mode [ 1979.111274][T28203] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1979.121190][T28278] netlink: 'syz.2.5779': attribute type 1 has an invalid length. [ 1979.130929][T28278] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5779'. [ 1979.387162][ T25] usb 4-1: USB disconnect, device number 28 [ 1979.470981][T28203] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1979.872689][T28286] FAULT_INJECTION: forcing a failure. [ 1979.872689][T28286] name failslab, interval 1, probability 0, space 0, times 0 [ 1979.890346][T28286] CPU: 1 UID: 0 PID: 28286 Comm: syz.3.5781 Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0 [ 1979.900797][T28286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1979.910903][T28286] Call Trace: [ 1979.914205][T28286] [ 1979.917161][T28286] dump_stack_lvl+0x241/0x360 [ 1979.921884][T28286] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1979.927118][T28286] ? __pfx__printk+0x10/0x10 [ 1979.931770][T28286] ? __kmalloc_noprof+0xb0/0x400 [ 1979.937136][T28286] ? __pfx___might_resched+0x10/0x10 [ 1979.942473][T28286] ? __mutex_lock+0x2ef/0xd70 [ 1979.947192][T28286] should_fail_ex+0x3b0/0x4e0 [ 1979.951905][T28286] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 1979.958176][T28286] should_failslab+0xac/0x100 [ 1979.962886][T28286] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 1979.969160][T28286] __kmalloc_noprof+0xd8/0x400 [ 1979.973962][T28286] genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 1979.980069][T28286] genl_rcv_msg+0x802/0xec0 [ 1979.984602][T28286] ? mark_lock+0x9a/0x360 [ 1979.988983][T28286] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1979.994065][T28286] ? __pfx_lock_acquire+0x10/0x10 [ 1979.999131][T28286] ? __pfx_nl802154_pre_doit+0x10/0x10 [ 1980.004636][T28286] ? __pfx_nl802154_del_llsec_key+0x10/0x10 [ 1980.010556][T28286] ? __pfx_nl802154_post_doit+0x10/0x10 [ 1980.016145][T28286] ? __pfx___might_resched+0x10/0x10 [ 1980.021483][T28286] netlink_rcv_skb+0x1e3/0x430 [ 1980.026308][T28286] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1980.031374][T28286] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1980.036722][T28286] genl_rcv+0x28/0x40 [ 1980.040736][T28286] netlink_unicast+0x7f6/0x990 [ 1980.045577][T28286] ? __pfx_netlink_unicast+0x10/0x10 [ 1980.050904][T28286] ? __virt_addr_valid+0x183/0x530 [ 1980.056053][T28286] ? __check_object_size+0x49c/0x900 [ 1980.061380][T28286] netlink_sendmsg+0x8e4/0xcb0 [ 1980.066202][T28286] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1980.071545][T28286] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1980.076872][T28286] __sock_sendmsg+0x221/0x270 [ 1980.081582][T28286] ____sys_sendmsg+0x52a/0x7e0 [ 1980.086395][T28286] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1980.091736][T28286] __sys_sendmsg+0x2aa/0x390 [ 1980.096365][T28286] ? __pfx___sys_sendmsg+0x10/0x10 [ 1980.101520][T28286] ? vfs_write+0x7bf/0xc90 [ 1980.106022][T28286] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1980.112394][T28286] ? do_syscall_64+0x100/0x230 [ 1980.117198][T28286] ? do_syscall_64+0xb6/0x230 [ 1980.122021][T28286] do_syscall_64+0xf3/0x230 [ 1980.126558][T28286] ? clear_bhb_loop+0x35/0x90 [ 1980.131284][T28286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1980.137229][T28286] RIP: 0033:0x7f3fcb57def9 [ 1980.141672][T28286] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1980.161304][T28286] RSP: 002b:00007f3fcc339038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1980.169748][T28286] RAX: ffffffffffffffda RBX: 00007f3fcb735f80 RCX: 00007f3fcb57def9 [ 1980.177749][T28286] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 1980.185753][T28286] RBP: 00007f3fcc339090 R08: 0000000000000000 R09: 0000000000000000 [ 1980.193757][T28286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1980.201751][T28286] R13: 0000000000000000 R14: 00007f3fcb735f80 R15: 00007ffc5a890128 [ 1980.209766][T28286] [ 1980.220957][ T9] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 1980.270515][T28203] team0: Port device team_slave_0 added [ 1980.313334][T28203] team0: Port device team_slave_1 added [ 1980.347652][ T5267] usb 3-1: new high-speed USB device number 81 using dummy_hcd [ 1980.497863][ T5267] usb 3-1: Using ep0 maxpacket: 16 [ 1980.500405][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 1980.505366][ T5267] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1980.528172][T17645] Bluetooth: hci0: command 0x040f tx timeout [ 1980.532414][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1980.537456][ T5267] usb 3-1: config 4 has an invalid interface number: 38 but max is 0 [ 1980.546315][T28203] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1980.552936][ T5267] usb 3-1: config 4 has no interface number 0 [ 1980.571218][ T5267] usb 3-1: config 4 interface 38 has no altsetting 0 [ 1980.584859][ T5267] usb 3-1: New USB device found, idVendor=19ab, idProduct=1000, bcdDevice= 1.a2 [ 1980.594076][ T5267] usb 3-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 1980.602959][ T5267] usb 3-1: Manufacturer: syz [ 1980.607955][ T5267] usb 3-1: SerialNumber: syz [ 1980.644251][T28203] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1980.739177][T28203] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1980.745890][ T9] usb 5-1: New USB device found, idVendor=08ca, idProduct=2060, bcdDevice=c6.58 [ 1980.925362][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1981.087943][T28203] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1981.095069][T28203] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1981.107912][ T9] usb 5-1: Product: syz [ 1981.121192][T28203] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1981.150919][ T9] usb 5-1: Manufacturer: syz [ 1981.164174][ T5267] usb 3-1: Found UVC 0.00 device (19ab:1000) [ 1981.164688][ T9] usb 5-1: SerialNumber: syz [ 1981.178753][T28308] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1981.191059][ T5267] usb 3-1: No valid video chain found. [ 1981.201821][ T5267] usb 3-1: USB disconnect, device number 81 [ 1981.210972][T28203] hsr_slave_0: entered promiscuous mode [ 1981.233829][ T9] usb 5-1: config 0 descriptor?? [ 1981.248744][T28203] hsr_slave_1: entered promiscuous mode [ 1981.301544][ T9] gspca_main: sunplus-2.14.0 probing 08ca:2060 [ 1982.161429][ T9] gspca_sunplus: reg_w_1 err -110 [ 1982.596594][T28292] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5782'. [ 1982.628359][T28292] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5782'. [ 1982.656251][T28292] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5782'. [ 1982.840000][T17645] Bluetooth: hci0: command 0x040f tx timeout [ 1983.711703][T28333] netlink: 'syz.3.5788': attribute type 2 has an invalid length. [ 1983.726033][T28333] netlink: 'syz.3.5788': attribute type 1 has an invalid length. [ 1983.877761][T24857] usb 3-1: new high-speed USB device number 82 using dummy_hcd [ 1983.921705][ T9] sunplus 5-1:0.0: probe with driver sunplus failed with error -110 [ 1983.933529][ T9] usb 5-1: USB disconnect, device number 70 [ 1984.058365][T24857] usb 3-1: Using ep0 maxpacket: 32 [ 1984.069042][T24857] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1984.095857][T24857] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1984.113750][T24857] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1984.123391][T24857] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1984.136178][T24857] usb 3-1: config 0 descriptor?? [ 1984.149456][T24857] hub 3-1:0.0: USB hub found [ 1984.354561][T24857] hub 3-1:0.0: 1 port detected [ 1984.378221][ T9] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 1984.409354][T28203] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1984.425717][T28203] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1984.427885][ T25] usb 2-1: new high-speed USB device number 115 using dummy_hcd [ 1984.445745][T28203] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1984.457031][T28203] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1984.527829][ T9] usb 5-1: device descriptor read/64, error -71 [ 1984.591130][T28203] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1984.608789][ T25] usb 2-1: Using ep0 maxpacket: 32 [ 1984.641342][T28203] 8021q: adding VLAN 0 to HW filter on device team0 [ 1984.672031][T26621] bridge0: port 1(bridge_slave_0) entered blocking state [ 1984.679239][T26621] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1984.713018][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1984.726847][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1984.739203][T26621] bridge0: port 2(bridge_slave_1) entered blocking state [ 1984.746403][ T25] usb 2-1: New USB device found, idVendor=046d, idProduct=c714, bcdDevice= 0.00 [ 1984.746473][T26621] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1984.762840][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1984.777315][ T9] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 1984.805467][ T25] usb 2-1: config 0 descriptor?? [ 1984.919055][ T9] usb 5-1: device descriptor read/64, error -71 [ 1984.929968][T17645] Bluetooth: hci0: command 0x040f tx timeout [ 1984.981417][T24857] hub 3-1:0.0: activate --> -90 [ 1985.047993][ T9] usb usb5-port1: attempt power cycle [ 1985.102136][T28203] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1985.164769][T28203] veth0_vlan: entered promiscuous mode [ 1985.215940][T28203] veth1_vlan: entered promiscuous mode [ 1985.286851][T28203] veth0_macvtap: entered promiscuous mode [ 1985.316577][T28203] veth1_macvtap: entered promiscuous mode [ 1985.351474][T28203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1985.373866][T28203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1985.389714][ T9] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 1985.411907][T28203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1985.434539][ T9] usb 5-1: device descriptor read/8, error -71 [ 1985.447276][T28203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1985.473723][T28203] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1985.507029][T28203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1985.526015][ T25] usb 2-1: USB disconnect, device number 115 [ 1985.530554][T28203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1985.560258][T28203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1985.582709][T28203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1985.611235][T28203] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1985.646831][T28203] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1985.662771][T28203] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1985.677720][ T9] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 1985.691029][T28203] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1985.708848][ T9] usb 5-1: device descriptor read/8, error -71 [ 1985.717283][T28203] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1985.839937][ T9] usb usb5-port1: unable to enumerate USB device [ 1985.889847][T17582] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1985.907799][T17582] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1985.972220][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1985.987223][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1986.222134][ T25] usb 3-1: USB disconnect, device number 82 [ 1986.243710][T24857] hub 3-1:0.0: hub_ext_port_status failed (err = -71) [ 1987.776213][T28407] 9pnet_fd: Insufficient options for proto=fd [ 1987.811039][T28403] kAFS: unparsable volume name [ 1988.145308][ T9] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 1988.309690][T11067] usb 5-1: new high-speed USB device number 75 using dummy_hcd [ 1988.327796][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 1988.353978][ T9] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1988.372084][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1988.392186][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1988.399193][ T9] usb 4-1: Product: syz [ 1988.414027][ T9] usb 4-1: Manufacturer: syz [ 1988.427780][ T9] usb 4-1: SerialNumber: syz [ 1988.463020][ T9] r8152-cfgselector 4-1: Unknown version 0x0000 [ 1988.472874][ T9] r8152-cfgselector 4-1: config 0 descriptor?? [ 1988.496120][T11067] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 1988.513520][T11067] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1988.550796][T11067] usb 5-1: config 0 descriptor?? [ 1988.626059][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1988.761870][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1988.890856][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1988.942808][T28410] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1988.960648][T28410] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1989.020948][T28419] orangefs_mount: mount request failed with -4 [ 1989.131142][ T11] bridge_slave_1: left allmulticast mode [ 1989.136851][ T11] bridge_slave_1: left promiscuous mode [ 1989.163778][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 1989.176788][ T11] bridge_slave_0: left allmulticast mode [ 1989.183465][ T11] bridge_slave_0: left promiscuous mode [ 1989.193606][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 1989.837350][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1991.019919][T11067] pegasus 5-1:0.0: probe with driver pegasus failed with error -110 [ 1991.109297][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1992.145714][T11067] usb 5-1: USB disconnect, device number 75 [ 1992.187352][ T11] bond0 (unregistering): Released all slaves [ 1992.379816][ T29] kauditd_printk_skb: 45 callbacks suppressed [ 1992.379831][ T29] audit: type=1400 audit(1726833106.992:1523): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="]-{" requested=w pid=28474 comm="syz.4.5804" dest=2 [ 1992.406496][T28477] netlink: 76 bytes leftover after parsing attributes in process `syz.1.5803'. [ 1992.449898][T11067] r8152-cfgselector 4-1: USB disconnect, device number 29 [ 1992.461131][T27099] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1992.487822][T27099] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1992.501054][T27099] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1992.512797][T27099] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1992.520546][T27099] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1992.530442][T27099] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1992.782690][T28491] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5807'. [ 1992.855449][T28488] ip6gretap0: entered promiscuous mode [ 1992.864729][T28493] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1992.893380][T28488] ip6gretap0: left promiscuous mode [ 1992.904234][T28493] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1992.932600][T28493] vhci_hcd: GetPortErrorCount req not supported for USB 2.0 roothub [ 1993.051744][ T11] hsr_slave_0: left promiscuous mode [ 1993.109984][ T11] hsr_slave_1: left promiscuous mode [ 1993.116393][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1993.130269][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1993.213076][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1993.222457][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1993.357049][ T11] veth1_macvtap: left promiscuous mode [ 1993.372439][ T11] veth0_macvtap: left promiscuous mode [ 1993.387996][ T11] veth1_vlan: left promiscuous mode [ 1993.400517][ T11] veth0_vlan: left promiscuous mode [ 1993.535201][T28512] netlink: 'syz.1.5809': attribute type 20 has an invalid length. [ 1993.938568][T22906] usb 2-1: new high-speed USB device number 116 using dummy_hcd [ 1994.105685][T22906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1994.128561][T22906] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1994.139490][T22906] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 1994.149070][T22906] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1994.197787][T22906] usb 2-1: config 0 descriptor?? [ 1994.383568][ T11] team0 (unregistering): Port device team_slave_1 removed [ 1994.453370][ T11] team0 (unregistering): Port device team_slave_0 removed [ 1994.601638][T27099] Bluetooth: hci0: command tx timeout [ 1994.634015][T22906] lg-g15 0003:046D:C222.0102: unknown main item tag 0x0 [ 1994.642195][T22906] lg-g15 0003:046D:C222.0102: item fetching failed at offset 9/11 [ 1994.651904][T22906] lg-g15 0003:046D:C222.0102: probe with driver lg-g15 failed with error -22 [ 1995.030466][T28491] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap2 [ 1995.040722][T28491] batman_adv: batadv0: Adding interface: ip6gretap2 [ 1995.047335][T28491] batman_adv: batadv0: The MTU of interface ip6gretap2 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1995.074160][T28491] batman_adv: batadv0: Not using interface ip6gretap2 (retrying later): interface not active [ 1995.085319][T28497] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5807'. [ 1995.097779][T28497] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1995.105196][T28497] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1995.118422][T28497] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1995.127097][T28497] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1995.142160][T28497] batman_adv: batadv0: Removing interface: ip6gretap2 [ 1995.201293][T22906] usb 2-1: USB disconnect, device number 116 [ 1995.879942][T28478] chnl_net:caif_netlink_parms(): no params data found [ 1996.052968][T28531] 9pnet_fd: p9_fd_create_tcp (28531): problem connecting socket to 127.0.0.1 [ 1996.401495][ T25] usb 3-1: new high-speed USB device number 83 using dummy_hcd [ 1996.405834][T28478] bridge0: port 1(bridge_slave_0) entered blocking state [ 1996.418770][T28478] bridge0: port 1(bridge_slave_0) entered disabled state [ 1996.426006][T28478] bridge_slave_0: entered allmulticast mode [ 1996.433129][T28478] bridge_slave_0: entered promiscuous mode [ 1996.441304][T28478] bridge0: port 2(bridge_slave_1) entered blocking state [ 1996.448486][T28478] bridge0: port 2(bridge_slave_1) entered disabled state [ 1996.455694][T28478] bridge_slave_1: entered allmulticast mode [ 1996.462644][T28478] bridge_slave_1: entered promiscuous mode [ 1996.541481][T28478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1996.557781][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 1996.558641][T28478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1996.566880][ T25] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1996.596459][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1996.636628][ T25] usb 3-1: Product: syz [ 1996.641877][T28478] team0: Port device team_slave_0 added [ 1996.647944][ T25] usb 3-1: Manufacturer: syz [ 1996.647967][ T25] usb 3-1: SerialNumber: syz [ 1996.670880][ T25] r8152-cfgselector 3-1: Unknown version 0x0000 [ 1996.680224][T27099] Bluetooth: hci0: command tx timeout [ 1996.686454][ T25] r8152-cfgselector 3-1: config 0 descriptor?? [ 1996.710236][T28478] team0: Port device team_slave_1 added [ 1997.029006][T28478] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1997.037283][T28478] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1997.112500][T28478] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1997.277215][T28534] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1997.320443][T28478] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1997.350278][T28478] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1997.391051][T28534] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1997.402572][T28478] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1997.738667][T28478] hsr_slave_0: entered promiscuous mode [ 1997.806682][T28478] hsr_slave_1: entered promiscuous mode [ 1998.543459][T28581] netlink: 'syz.4.5819': attribute type 2 has an invalid length. [ 1998.554637][T28581] netlink: 9412 bytes leftover after parsing attributes in process `syz.4.5819'. [ 1998.749660][T28577] syz.3.5822: attempt to access beyond end of device [ 1998.749660][T28577] nbd3: rw=0, sector=16, nr_sectors = 2 limit=0 [ 1998.766074][T27099] Bluetooth: hci0: command tx timeout [ 1999.554579][T28580] coredump: 1693(syz.4.5819): written to core: VMAs: 37, size 99647488; core: 73872538 bytes, pos 99655680 [ 1999.659897][T28577] ------------[ cut here ]------------ [ 1999.665417][T28577] WARNING: CPU: 0 PID: 28577 at include/linux/cpumask.h:135 io_sq_offload_create+0xd2f/0xfd0 [ 1999.675722][T28577] Modules linked in: [ 1999.679757][T28577] CPU: 0 UID: 0 PID: 28577 Comm: syz.3.5822 Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0 [ 1999.690240][T28577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1999.700352][T28577] RIP: 0010:io_sq_offload_create+0xd2f/0xfd0 [ 1999.706340][T28577] Code: 43 f6 e9 57 f4 ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c a2 f3 ff ff 48 89 df e8 8c 8a 43 f6 e9 95 f3 ff ff e8 92 29 df f5 90 <0f> 0b 90 e9 f3 fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 4c [ 1999.726512][T28577] RSP: 0018:ffffc90004557c40 EFLAGS: 00010283 [ 1999.732228][ T9763] r8152-cfgselector 3-1: USB disconnect, device number 83 [ 1999.732623][T28577] RAX: ffffffff8bb5953e RBX: ffffc90004557e0c RCX: 0000000000040000 [ 1999.747863][T28577] RDX: ffffc9000d679000 RSI: 000000000000116f RDI: 0000000000001170 [ 1999.755887][T28577] RBP: ffffc90004557d40 R08: ffffffff8bb5922b R09: 1ffffffff20365d5 [ 1999.763978][T28577] R10: dffffc0000000000 R11: fffffbfff20365d6 R12: ffff888069e3c000 [ 1999.772286][T28577] R13: 0000000000000020 R14: 1ffff920008aaf94 R15: ffffc90004557cc0 [ 1999.780437][T28577] FS: 00007f3fcc3396c0(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000 [ 1999.789425][T28577] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1999.796027][T28577] CR2: 000000110c3e59b1 CR3: 000000007aa5a000 CR4: 00000000003506f0 [ 1999.804126][T28577] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1999.812165][T28577] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1999.820289][T28577] Call Trace: [ 1999.823608][T28577] [ 1999.826571][T28577] ? __warn+0x168/0x4e0 [ 1999.830886][T28577] ? io_sq_offload_create+0xd2f/0xfd0 [ 1999.836317][T28577] ? report_bug+0x2b3/0x500 [ 1999.840983][T28577] ? io_sq_offload_create+0xd2f/0xfd0 [ 1999.846408][T28577] ? handle_bug+0x60/0x90 [ 1999.850861][T28577] ? exc_invalid_op+0x1a/0x50 [ 1999.855605][T28577] ? asm_exc_invalid_op+0x1a/0x20 [ 1999.860800][T28577] ? io_sq_offload_create+0xa1b/0xfd0 [ 1999.866231][T28577] ? io_sq_offload_create+0xd2e/0xfd0 [ 1999.871713][T28577] ? io_sq_offload_create+0xd2f/0xfd0 [ 1999.877133][T28577] ? __pfx_io_sq_offload_create+0x10/0x10 [ 1999.883024][T28577] ? io_allocate_scq_urings+0x426/0x640 [ 1999.888665][T28577] io_uring_create+0x792/0x1360 [ 1999.893557][T28577] __se_sys_io_uring_setup+0x2ba/0x330 [ 1999.899283][T28577] ? __pfx___se_sys_io_uring_setup+0x10/0x10 [ 1999.905339][T28577] ? do_syscall_64+0x100/0x230 [ 1999.910244][T28577] ? do_syscall_64+0xb6/0x230 [ 1999.914967][T28577] do_syscall_64+0xf3/0x230 [ 1999.919598][T28577] ? clear_bhb_loop+0x35/0x90 [ 1999.924328][T28577] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1999.930348][T28577] RIP: 0033:0x7f3fcb57def9 [ 1999.934802][T28577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1999.954516][T28577] RSP: 002b:00007f3fcc338fc8 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1999.963677][T28577] RAX: ffffffffffffffda RBX: 00007f3fcb735f80 RCX: 00007f3fcb57def9 [ 1999.971868][T28577] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000007cfc [ 1999.980092][T28577] RBP: 0000000020000080 R08: 0000000000000000 R09: 0000000000000000 [ 1999.988199][T28577] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 1999.996206][T28577] R13: 0000000000000000 R14: 0000000000007cfc R15: 0000000000000000 [ 2000.004286][T28577] [ 2000.007350][T28577] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 2000.014645][T28577] CPU: 0 UID: 0 PID: 28577 Comm: syz.3.5822 Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0 [ 2000.025079][T28577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2000.035162][T28577] Call Trace: [ 2000.038462][T28577] [ 2000.041431][T28577] dump_stack_lvl+0x241/0x360 [ 2000.046161][T28577] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2000.051413][T28577] ? __pfx__printk+0x10/0x10 [ 2000.056062][T28577] ? vscnprintf+0x5d/0x90 [ 2000.060424][T28577] panic+0x349/0x880 [ 2000.064320][T28577] ? __warn+0x177/0x4e0 [ 2000.068472][T28577] ? __pfx_panic+0x10/0x10 [ 2000.072910][T28577] __warn+0x34b/0x4e0 [ 2000.076895][T28577] ? io_sq_offload_create+0xd2f/0xfd0 [ 2000.082266][T28577] report_bug+0x2b3/0x500 [ 2000.086592][T28577] ? io_sq_offload_create+0xd2f/0xfd0 [ 2000.091959][T28577] handle_bug+0x60/0x90 [ 2000.096107][T28577] exc_invalid_op+0x1a/0x50 [ 2000.100607][T28577] asm_exc_invalid_op+0x1a/0x20 [ 2000.105454][T28577] RIP: 0010:io_sq_offload_create+0xd2f/0xfd0 [ 2000.111440][T28577] Code: 43 f6 e9 57 f4 ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c a2 f3 ff ff 48 89 df e8 8c 8a 43 f6 e9 95 f3 ff ff e8 92 29 df f5 90 <0f> 0b 90 e9 f3 fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 4c [ 2000.131039][T28577] RSP: 0018:ffffc90004557c40 EFLAGS: 00010283 [ 2000.137097][T28577] RAX: ffffffff8bb5953e RBX: ffffc90004557e0c RCX: 0000000000040000 [ 2000.145062][T28577] RDX: ffffc9000d679000 RSI: 000000000000116f RDI: 0000000000001170 [ 2000.153038][T28577] RBP: ffffc90004557d40 R08: ffffffff8bb5922b R09: 1ffffffff20365d5 [ 2000.161028][T28577] R10: dffffc0000000000 R11: fffffbfff20365d6 R12: ffff888069e3c000 [ 2000.168996][T28577] R13: 0000000000000020 R14: 1ffff920008aaf94 R15: ffffc90004557cc0 [ 2000.176967][T28577] ? io_sq_offload_create+0xa1b/0xfd0 [ 2000.182352][T28577] ? io_sq_offload_create+0xd2e/0xfd0 [ 2000.187748][T28577] ? __pfx_io_sq_offload_create+0x10/0x10 [ 2000.193483][T28577] ? io_allocate_scq_urings+0x426/0x640 [ 2000.199047][T28577] io_uring_create+0x792/0x1360 [ 2000.203916][T28577] __se_sys_io_uring_setup+0x2ba/0x330 [ 2000.209387][T28577] ? __pfx___se_sys_io_uring_setup+0x10/0x10 [ 2000.215423][T28577] ? do_syscall_64+0x100/0x230 [ 2000.220215][T28577] ? do_syscall_64+0xb6/0x230 [ 2000.224897][T28577] do_syscall_64+0xf3/0x230 [ 2000.229410][T28577] ? clear_bhb_loop+0x35/0x90 [ 2000.234108][T28577] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2000.240004][T28577] RIP: 0033:0x7f3fcb57def9 [ 2000.244444][T28577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2000.264045][T28577] RSP: 002b:00007f3fcc338fc8 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2000.272470][T28577] RAX: ffffffffffffffda RBX: 00007f3fcb735f80 RCX: 00007f3fcb57def9 [ 2000.280435][T28577] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000007cfc [ 2000.288396][T28577] RBP: 0000000020000080 R08: 0000000000000000 R09: 0000000000000000 [ 2000.296360][T28577] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 2000.304348][T28577] R13: 0000000000000000 R14: 0000000000007cfc R15: 0000000000000000 [ 2000.312325][T28577] [ 2000.315633][T28577] Kernel Offset: disabled [ 2000.319959][T28577] Rebooting in 86400 seconds..