last executing test programs: 13.714332111s ago: executing program 2 (id=1089): r0 = socket$unix(0x1, 0x5, 0x0) bind$unix(r0, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) r1 = socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket$nl_route(0x10, 0x3, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) syz_usb_connect(0x1, 0x24, &(0x7f0000000540)=ANY=[@ANYRES8=r2, @ANYBLOB="581aa69259bbf83ba15a6146f47a096f2edf88fff812816f00cc3b86268fb6e42571c7e7558a88ae188e2d4fb24c163429dbf72da61a20ffa02332957ff3d9046cabb14a1f46bd0d75d71267b571aedcf9d66cbadfcd4067c4bf27d38b3460f2b09c4b16fc474d9cee0544801b76752e2d8edd57032f1fb3bf86", @ANYRESDEC=0x0], 0x0) getpid() sendmsg$netlink(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="2400000076001f03000000000000000008000000ffffffff0c000d80080003"], 0x24}, {&(0x7f0000000340)=ANY=[@ANYBLOB="240000002700080026bd7000fbdbdf2501000c00400006000000000000008464d62d0e1031edf0c289693f831ce7bb85d7659a329e30491053e12a4871f13be2561d320d391099f7fc1c9aa514f5e57fbe8f6d294c3894ab84e6f79e24c493bca0fd312f942e288f39b6760eb4de57f8dd0bdd3b28b74839130286eae75d80f2d0d0e9eb325c0672869553de4f92b9205cca67adac614fcc2c741328c275ade5a4b144aec290c4939c3c9d97f5a3fe6725eab9dbd2816ab895b2d5e82bae7e0eae3063e15927fe8e4d3a083402e0f3c00d41619165e350a9da5bd10028f3d4e82aef8a01c2896a44afdc4287e9952f0f9fa865b319dafa74ccf832a035c08edcaeadd431dd016d08785b2425588d37d18943b0558c710e49472f0311f966"], 0x24}], 0x2}, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) listen(r0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r3 = socket$inet_tcp(0x2, 0x1, 0x0) prctl$PR_CAPBSET_DROP(0x1c, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) unshare(0x8040080) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) close(r5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f00000000c0)={'veth0_macvtap\x00', @random="22c2930e4b75"}) fcntl$dupfd(r6, 0x0, r5) 10.638618612s ago: executing program 2 (id=1095): socket$inet6_udp(0xa, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x40000, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000240)='bond0\x00', 0x10) bind$inet(r1, &(0x7f0000000080)={0x2, 0xffff, @remote}, 0x10) connect$inet(r1, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r1, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) prctl$PR_SCHED_CORE(0x3e, 0xffffffffffffffff, 0x0, 0x2, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) syz_open_dev$video(0x0, 0xa7, 0x0) write$tun(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x28) socket$xdp(0x2c, 0x3, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x8}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000f80)=ANY=[@ANYBLOB="18bfffffffffffffff0000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000085000000a000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000280)="9e36d448b388dd965f7a3312779a", 0x0, 0x0, 0xe8030000, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$F2FS_IOC_START_VOLATILE_WRITE(0xffffffffffffffff, 0x40186f40, 0x20000502) 9.494467668s ago: executing program 2 (id=1100): syz_open_dev$usbmon(&(0x7f0000000000), 0x7fffffff, 0x0) r0 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) r3 = syz_usb_connect(0x0, 0x24, &(0x7f00000009c0)={{0x12, 0x1, 0x0, 0x3a, 0x98, 0x2a, 0x8, 0xccd, 0x10a3, 0x23a2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x57, 0x33, 0x19}}]}}]}}, 0x0) syz_usb_control_io$hid(r3, 0x0, &(0x7f0000001380)={0x2c, &(0x7f0000001180)={0x0, 0x0, 0x6, "dee6eb642785"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$printer(r3, 0x0, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io$printer(r3, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000980)={0x0, 0x4}, 0xe) shutdown(r4, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r4, 0x84, 0x76, &(0x7f0000000040)={r5}, &(0x7f0000000080)=0x18) 8.124310135s ago: executing program 0 (id=1104): r0 = socket$inet6(0x10, 0x2, 0x0) sendto$inet6(r0, &(0x7f00000002c0)="1c0000001200050f0c1000000049b23e9b200a0008002ec000000001", 0x1c, 0x0, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x48, 0x3, 0x8, 0x201, 0x0, 0x0, {}, [@CTA_TIMEOUT_L3PROTO={0x6}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}, @CTA_TIMEOUT_DATA={0x24, 0x4, 0x0, 0x1, @fccp=[@CTA_TIMEOUT_DCCP_CLOSING={0x8}, @CTA_TIMEOUT_DCCP_RESPOND={0x8}, @CTA_TIMEOUT_DCCP_TIMEWAIT={0x8}, @CTA_TIMEOUT_DCCP_PARTOPEN={0x8}]}]}, 0x48}}, 0x0) 7.866527971s ago: executing program 0 (id=1105): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000007bc0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_PMKSA(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000002000000003400000008000300", @ANYRES32=r2, @ANYBLOB="14005500f2a061aa1180009b0e07efaadd67505c0a0006000802110000010000050020013f"], 0x4c}}, 0x0) 7.654560813s ago: executing program 3 (id=1071): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@newlink={0x48, 0x10, 0xffffff1f, 0x40000000, 0x3, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @remote}, @IFLA_BR_AGEING_TIME={0x8, 0x9}]}}}]}, 0x48}, 0x1, 0x0, 0x40000000}, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) setsockopt$inet6_udp_int(r1, 0x11, 0x1, 0x0, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000440)=0x10000) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000380)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r3, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r2, 0x3b89, &(0x7f00000002c0)={0x18, 0x0, r4, r5, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)}) ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000300)={0x28, 0x0, r5, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f00000000c0)={0x48, 0x2, r5}) 7.639093692s ago: executing program 0 (id=1106): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'veth0_to_bridge\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x6}, @IFLA_BOND_ACTIVE_SLAVE={0x8, 0x2, r2}]}}}]}, 0x44}}, 0x0) r3 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x1, 0x27, 0x48, 0x10, 0x7ca, 0xb808, 0xdb2f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x46, 0x11, 0x3f, 0x6}}]}}]}}, 0x0) r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x7e, 0x9e, 0xb4, 0x10, 0x54c, 0x38, 0x16f5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x8, 0xc5, 0x38}}]}}]}}, 0x0) syz_usb_control_io$hid(r4, 0x0, &(0x7f0000000180)={0x2c, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x8, 0x1}, 0x0, 0x0}) r5 = socket$kcm(0x10, 0x3, 0x10) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000042000501"], 0x14}}, 0x0) recvmmsg(r6, &(0x7f0000003a40)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/4091, 0xffb}], 0x1}}], 0x1, 0x0, 0x0) sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030021000b12d25a80648c2594f90124fc60100c034002000000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) syz_usb_control_io$cdc_ncm(r4, 0x0, &(0x7f00000000c0)={0x44, 0x0, &(0x7f0000000240)={0x0, 0xa, 0xffffffffffffff9a}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r7, 0x6, 0x25, &(0x7f00000000c0)=0x7a, 0x4) sendto$inet(r7, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r8 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r8, 0xc008551a, &(0x7f0000005480)=ANY=[]) r9 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r9, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000140)={'wlan1\x00'}) r10 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r10, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r12 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r12, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000b40)=@newqdisc={0x9c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x89, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_CMD={0x5}]}]}]}}]}, 0x9c}}, 0x0) syz_usb_control_io$printer(r3, &(0x7f0000002580)={0x14, 0x0, &(0x7f0000002540)={0x0, 0x3, 0x4, @lang_id={0x4}}}, 0x0) syz_usb_control_io$cdc_ecm(r3, 0x0, &(0x7f0000003080)={0x1c, &(0x7f0000002f80)={0x0, 0x0, 0x1, "9f"}, 0x0, 0x0}) 6.358678488s ago: executing program 3 (id=1110): openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x141d00, 0x0) sendmsg$MPTCP_PM_CMD_GET_ADDR(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0xffffffffffffffc3) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) bind$can_j1939(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000000c0)=[@in={0x2, 0x4e22, @local}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) syz_usb_connect$cdc_ncm(0x0, 0xc3, &(0x7f00000004c0)=ANY=[@ANYBLOB="12010000020000202505a1a44000010203010902b1000201000000000006240600013b05240000000d240f010000000000000000ff0624"], 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) setsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000040), 0x4) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'macvlan0\x00'}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000180)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x989, 0x0, 0x4}, 0x9c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x0, 0x20}, 0xc) sendmmsg$inet6(r1, 0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000000480)="78a367bd88eb9c7ed48495fc053ac615ff05f8479f142af391181a8b71f5a34a40c6fbf82fc257286f3d0b00b4130c11fdf6164017ebb15987dd0a87a1f48ead3da61d0187e2a314f402acdbe54e520a2ad28992c026c3dea55526f39dc27c67cafa1e4aedb8568c523d1fda22a092688791e96fe9", 0x75}], 0x1) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) 6.217887833s ago: executing program 4 (id=1112): syz_emit_ethernet(0x8e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe8002000000000000000100000000bbfe8000000000000000000000000000aa00000000", @ANYRES8], 0x0) 6.078214256s ago: executing program 1 (id=1113): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e00000000000000000018000280080002001100000004000100080004"], 0x44}, 0x1, 0x0, 0x4000000}, 0x0) 5.942569411s ago: executing program 4 (id=1114): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000400)="316f825a3d29f96a2093a917017b4cd300000000bee70035ed313e19d6dd1fb41a20baf7f7343067fd40cdd4b16742e94b62f4eb1c5d9faab7f3028100ae8180db94b9de7456ae62b0e6fe7766a0842912179154a96fa88e161d4adf77a486e10d1d50e44155790748b7226fa4bb5d77e85729336ba6369a4c33ac53b45d46a92db9fda99af4429dc23db6a1706328df4e75eb173a81bd4af8b89d1870c9b2382a759d67b1cd03b076bf90286b63eb7aaea4cbb1280955e9a59cd8e5e8ac68c27da3d542aece1ba7920e8f39b270458224e74afa52db1ac07f7cce47d5e8ce5b2806ff7171c64a689a0ba35e934506a46a10b9a579dc43630831e2c5400853b58e020c9cb65e44d4957b00ed35a858d44b25d5b8dad1be42", 0x118}, {0x0}], 0x2}}, {{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000001080)="63c3b174ab06077f6ee67ac1310d86586b13d2c9e203a9da866b81e20e9fe5c43219396d489c1459ce9cd14fa3b43a0b9b6004118a35444790d7", 0x3a}, {&(0x7f00000003c0)="03d54d843173f8be883a57d9e39cc6c79c415ac50f3e1e9c9373002a5b1918", 0x1f}], 0x2}}, {{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000040)="610cb4f6db2105b873df3f7652cc642b85afb69fc18178429903bb6e", 0x1c}, {&(0x7f0000000180)="6fe279d51047ff146af40b78b8d7ae53db8648c2090d72bcfeaf6fabbbfbe8dbc8b8f4cb22ac43d5a0fa87533bb375454751b8dd8aae4808a3", 0x39}, {&(0x7f00000001c0)="6d5edb4b883e266ba8c38aa9d13a78431c9d2cb6d8f4e1e80bb8a936aa105f46c914c46487522bc58054c4b0a523eeda0c76b595b36a515b6d30e34705733bb34bda2f89e92b2a98d2edbcffad9c5ccde0d723423cf07e4ffdbd568d3e263fb3b4086af3f2db1933785e59538bfd61f138ffac9eef7c8b34e4ce506220f43af449d3a72f48d9febe830b04cb3c99425de34cac503014ce74562667d8d6888edcc42f", 0xa2}, {0x0}], 0x4}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000700)="acc841985992b79554acfc02163bb0fb2bb293e68702bb40b6b870bde5700d368744361ae9fce3a4ff6bb3bf10f3485e399c8b59df5b02c5f2702522", 0x3c}, {&(0x7f0000001480)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635aea1dc487553859348d48e6fc49d81c71590cd542e79648b360230b3b91cc2669e2c691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b8b789ef34b46e461725b5e437323385b88c368f0800000000000000f7b51dd5319b8016623d1863d7d77ceefde94faf2e36c3920581691a79a6678db1e5e7fa1ca703ee7aa87272e9c4a1bde5fbc390c7ccb9d3c1020e80bd0659e82d861dc6fe4c62639134c5ed599a1b0cc81b23b7c85adb97f7439d6ef8d81a4bec9f81c1cda55a5852d9794d200e51fe4fd3f64a84db59fb459cc808665c8dcd241146690f33839164f7ffb7fc98d7872c6d65cdb72cd90a31e79c4b13de4188b1693f78b0961bf4cdb9147e69e26ef6575c2e0f69a01dfffee06d820b68f974f873f581ec59196645ab1de9a15e082de3286498f912943040008504bfe654b10507c33c45711cd09cea349caf2d0785d14423dddfea0127dbf78c22dc0001646536ae2275342073c54949eed3dbfa2371fb057bc3f3a9e7e17de4129f6709ca4c71fcc7605e994113f3f56681eeec67fc49a2bd6208ad8d5497b1a5a7c21bedf1e07a074fa12958b4e51e9249e3193e73", 0x1d8}, {&(0x7f0000000940)="5be3b011e12323e4ab88c0472fd012198c3c61bb81e71ba62134303d2db9740143b0374a0d0be875789932cfd4855c4cc243dae723789d8a9a16be3135c5f82691837c90ab19645f7a1dcf1449fd34eecae5f52fba1e89d6d34b39297bbbc258c2ea547d47f2d89ad6e36e737691a1c6bdd164b2a85cbaaf648c910559f53581c60bd6c80f90c75f664e5b285c738881560f8ae89a4943141ac45fb6995cece6a2e0e62bd79213527a11c34a6e89ca41ead3e2589301279d9b0832d0b5a6ebe2cf0cbfa40ab948b0b9efe108aeded8d12388a459", 0xd4}], 0x3}}], 0x4, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 5.850005475s ago: executing program 1 (id=1115): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000100)={{@my=0x1}, @hyper, 0x0, 0x2925, 0x0, 0x20000000, 0x4}) r1 = socket$key(0xf, 0x3, 0x2) fcntl$setsig(r1, 0xa, 0x2a) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) signalfd(r1, &(0x7f0000000000)={[0x4]}, 0x8) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000000440)=""/102391, 0x18ff7}], 0x1, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), r2) sendmsg$ETHTOOL_MSG_PAUSE_SET(r5, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000010) write$binfmt_script(r5, &(0x7f0000000380)={'#! ', '', [], 0xa, "77eeb0fb8855d6edc36122dc8cfec47481162f2436f8"}, 0x1a) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x10010, r4, 0xf9f99000) syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbb0000000000000800450000300000000000019078c11e0001ac1414002b00907803000000450000000000000000000000ac1e0001ac1414aa"], 0x0) r6 = dup(r4) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) write$sequencer(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) r8 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r8, &(0x7f0000000280)='7', 0x1, 0x0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) syz_kvm_setup_cpu$x86(r2, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r7, 0xae9a) 5.562059234s ago: executing program 4 (id=1116): r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) ustat(0x801, &(0x7f0000000300)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, 0x0, 0x0) sendmsg$NFT_BATCH(r2, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x8, 0x3, 0x480, 0x0, 0xa, 0x148, 0x190, 0x10, 0x3e8, 0x2a8, 0x2a8, 0x3e8, 0x2a8, 0x3, 0x0, {[{{@ip={@rand_addr, @multicast1, 0x0, 0x0, 'syz_tun\x00', 'rose0\x00'}, 0x0, 0x120, 0x190, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'dummy0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@inet=@hashlimit1={{0x58}, {'pim6reg0\x00', {0x0, 0x0, 0x10001, 0x0, 0x8, 0x6, 0xa359e000}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b90ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc0d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'pimreg1\x00', 'veth0_to_team\x00'}, 0x0, 0x1f0, 0x258, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve0\x00'}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz1\x00'}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x4e0) sendmsg$TIPC_NL_BEARER_SET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000e00)={0x228, 0x0, 0x800, 0x70bd2a, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0x80, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ID={0x5d, 0x3, "a5579cddb1a26248eebde3c5ccb6ace5bd3ccdf8b8a7a317f209792d116577be1c50fa7be223c6cfc7602b9cdabeac408e50fc6238e2344c006d4094d39899f9fcae86e034fcc91915bd6c95ba5b2fb6e96c4021f937f693f6"}]}, @TIPC_NLA_NODE={0x118, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x5}, @TIPC_NLA_NODE_ID={0x4}, @TIPC_NLA_NODE_ID={0xb0, 0x3, "91ebef4bcb4edf633aa88d8f091701b2a41fa8fd0382beed591cef12ffab84f7992c78ee4a2b06ae8e01bf0bffba815aa8e115c1887b08c7fc7e29974992898d405cf015e65ed7bede5cd7a171e8d8a8b03a4c32668d1a235621843b94b2d9fa08d7311a575b125c9df4b8036ff9e987b278126fe8a1b888c51fba07e9dea546cf7afe7099b8f7a51029f847c1ddc53f6783836d60621b8704a4892e94476676ba34838b33527e3c5ba798c8"}, @TIPC_NLA_NODE_ID={0x41, 0x3, "aef568770b0ceb16b7f5db9ea64348427c17ada9c54696dfc39e00b5136721a8ceaf0c8d171d21be8be20e62d1e432ea0c8f91d958172e3825e9204718"}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x9}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x1}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}, @TIPC_NLA_NET={0x30, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7fffffffffffffff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x5}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8}]}, @TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x401}]}, @TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}]}, @TIPC_NLA_MEDIA={0x4}, @TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xe}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}]}, @TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x228}, 0x1, 0x0, 0x0, 0x4004000}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x8}}, {}, [], {{0x7, 0x1, 0xb, 0x1, 0x9, 0x10, 0x4000}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'ip6erspan0\x00'}) openat$hwrng(0xffffffffffffff9c, 0x0, 0x400500, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="341000003b0007010000000000000000017c00000400000014000180080016000000000006000600800a0000080002"], 0x1034}}, 0x7000000) r5 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x7fff, 0x0, r5, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x48) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x4b0, 0x0, 0x11, 0x148, 0x0, 0x10, 0x570, 0x2a8, 0x2a8, 0x570, 0x2a8, 0x7fffffe, 0x0, {[{{@uncond, 0x10, 0x2f8, 0x360, 0x1c, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip6gretap0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x8}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x19, 0x0, 0x0, 0x0, 'syz0\x00', 'syz1\x00'}}}, {{@ip={@multicast1, @rand_addr, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_batadv\x00'}, 0x0, 0x70, 0xb8}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@dev, 'macsec0\x00'}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x510) syz_open_dev$admmidi(0x0, 0x20, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, 0x0, 0x0) 5.461546073s ago: executing program 0 (id=1117): socket$inet6_sctp(0xa, 0x1, 0x84) syz_open_dev$loop(&(0x7f0000000100), 0x0, 0x0) (async) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x4e, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="580000000267fe9ba685bd872031c18377924cfe9b6d423d06010300000000000000000000000005000400000000000900020073797a31000000000500010007e0ffff130007800800114000000000050015000200000014"], 0x58}, 0x1, 0x0, 0x0, 0x404c091}, 0x84) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 32) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (rerun: 32) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) fcntl$getflags(r1, 0x40a) (async) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000600)={'ip6gre0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x6, 0x0, 0x2a, @dev={0x12}, @mcast2={0xff, 0x3, '\x00', 0xf}, 0x2000, 0xba08}}) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) (async) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) (async, rerun: 32) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async, rerun: 32) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket(0x0, 0x0, 0x0) (async) r4 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r5) socket$inet6_mptcp(0xa, 0x1, 0x106) (async) bind$inet6(r5, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) (async) listen(r5, 0x0) (async) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) (async, rerun: 64) r6 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x28, r7, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) (async) socket$inet6_sctp(0xa, 0x0, 0x84) 5.218482808s ago: executing program 2 (id=1118): socket(0x2, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000070900030073797a320000000014000480080002400000000008000140000000000900010073797a300000000058000000060a010400000000000000000100000008000b40000000000900010073797a300000000030000480100001800c000100636f756e746572001c0001800a00010071756575650000000c0002800600014000000000140000001100010000000000000000000000000a"], 0xe0}}, 0x0) syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000300)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB="0007d1000000"], 0x0, 0x0, 0x0, 0x0}, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r2 = syz_open_dev$sndpcmp(&(0x7f0000000500), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r2, 0xc2604110, &(0x7f0000000000)={0x0, [[0x5, 0x5, 0xfffffffc, 0x0, 0x0, 0x80000000], [0x0, 0x1], [0x7, 0x4, 0x0, 0x0, 0x0, 0x8]], '\x00', [{}, {}, {}, {0x7}], '\x00', 0x0, 0x0, 0x0, 0x2}) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYRES16=r0], 0x9a) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f22"], 0x22) socket$inet_tcp(0x2, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x2, 0x1000, 0x3, 0x1, 0x1d48, 0xffffffffffffffff, 0x5fff, '\x00', 0x0, r3, 0x0, 0x1, 0x4}, 0x48) r4 = getpgid(0xffffffffffffffff) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f00000020c0)='./file0\x00', 0x0, 0x100) msgctl$IPC_SET(0xffffffffffffffff, 0x1, &(0x7f0000002180)={{0x1, 0xee00, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x0, 0x0, 0x3ff, 0x1, 0x2, 0x9, 0x4, 0x9, 0xe4, 0x9, r4, r4}) r5 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000002240), 0x2, 0x0) write$6lowpan_control(r5, &(0x7f0000002280)='connect aa:aa:aa:aa:aa:11 0', 0x1b) 4.972888122s ago: executing program 0 (id=1119): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000a8f4dd086d0492082a6d0000000109021b0001000000000904"], 0x0) unshare(0x60400) socket(0x40000000015, 0x5, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0}) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$can_raw(0x1d, 0x3, 0x1) r2 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000003c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_KEY(r3, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="210500000000000000004a00000008000300", @ANYRES32=r4], 0x28}}, 0x0) read(r2, 0x0, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000600)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes128\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) socket(0x0, 0x0, 0x10000000000002) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) close(r6) 4.860226616s ago: executing program 1 (id=1120): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@newtclass={0x48c, 0x28, 0x4, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0x3}, {0xb, 0xe68cae220a3e3d54}, {0xfff1}}, [@tclass_kind_options=@c_taprio={0xb}, @tclass_kind_options=@c_clsact={0xb}, @tclass_kind_options=@c_ingress={0xc}, @tclass_kind_options=@c_htb={{0x8}, {0x408, 0x2, [@TCA_HTB_RTAB={0x404, 0x4, [0x0, 0x80000000, 0x990, 0x8, 0x9, 0x6, 0x5, 0x2, 0x9, 0x3ff, 0xff, 0x0, 0xa1, 0x3, 0x2, 0xd24e, 0x2, 0xc, 0x0, 0x3, 0x2, 0x5, 0xf, 0x0, 0x5, 0xba, 0x8, 0xf3, 0x2, 0x4, 0x458, 0x9, 0x734, 0x1000, 0x9, 0x3, 0x1, 0x1, 0x4, 0x9, 0x8, 0x75e, 0xbf, 0x3, 0x3bcd, 0x9, 0x2fb, 0x3, 0x6, 0x7, 0xffff, 0x10000, 0x8, 0x4, 0xf7, 0x10001, 0xe, 0x4, 0xffff, 0x9, 0x0, 0xfff, 0x0, 0x4, 0xd5f, 0x0, 0x6, 0x0, 0x3, 0x6, 0x2, 0x0, 0xc0000000, 0x5, 0x200, 0x8, 0x1000, 0x0, 0xb3f, 0x7, 0x2, 0x5, 0x1000, 0x2, 0xfffffe01, 0x7fffffff, 0x3, 0x3, 0x1, 0x0, 0x5, 0x8, 0xfffffffe, 0x7, 0x8, 0x8, 0x81, 0x7, 0x8, 0x80000001, 0x5, 0x1, 0x1ff, 0x80000001, 0x2, 0x2, 0x81, 0xff, 0x13e7289a, 0x80000000, 0x0, 0x1, 0x10, 0x2, 0x100, 0x4, 0x0, 0x2, 0x3, 0x846d, 0x7, 0x9, 0x3a, 0xcb5f, 0x7ff, 0x100, 0x5, 0x7, 0x7, 0x6, 0xb4, 0x7fff, 0x3, 0x6, 0x5, 0x67e3, 0x4, 0x8e, 0x1, 0x80, 0x6, 0xbe7f, 0x4, 0x8, 0x9, 0x8, 0x2, 0x7d8, 0x5, 0x0, 0x401, 0x6, 0xd, 0x80000000, 0x9, 0xd5, 0x0, 0x3, 0x101, 0x81, 0xb82, 0xfffff995, 0x401, 0x7, 0x4, 0x9, 0x6, 0x2, 0x4, 0x9, 0x35a5, 0x9, 0x7ff, 0xc2a, 0xe6fd, 0x7, 0x2, 0x9, 0x8, 0x1000, 0x5, 0x7fff, 0x6, 0x7c637be9, 0x1, 0x140000, 0x7, 0x0, 0x3, 0x81, 0x101, 0x1, 0x10001, 0x3, 0x8, 0xe2, 0x0, 0x5, 0xbf, 0x7, 0xb847, 0x44, 0x9, 0x2, 0x0, 0x7, 0xa, 0x4, 0x2, 0x8100, 0x1, 0x6, 0xfffffffa, 0xe0c1, 0x8000, 0x4, 0xbe4, 0x1, 0x9, 0xa48, 0x1, 0x4, 0x5, 0x9, 0x1, 0x7, 0x3, 0x0, 0x9, 0x5, 0x0, 0x2, 0xff, 0x10, 0xd3a, 0x8b, 0xf, 0xfffeffff, 0x3, 0x3b4, 0x10, 0x2, 0x8, 0x8, 0x0, 0x9bb5, 0x10, 0x9, 0xfff, 0x101, 0x81, 0x80000000, 0x8000, 0x3, 0x8, 0x9]}]}}, @tclass_kind_options=@c_sfb={0x8}, @TCA_RATE={0x6}, @tclass_kind_options=@c_tbf={0x8}, @tclass_kind_options=@c_fq_codel={0xd}, @tclass_kind_options=@c_mqprio={0xb}]}, 0x48c}}, 0x1) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 4.589554005s ago: executing program 1 (id=1121): r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) ustat(0x801, &(0x7f0000000300)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, 0x0, 0x0) sendmsg$NFT_BATCH(r2, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000500)=@raw={'raw\x00', 0x8, 0x3, 0x480, 0x0, 0xa, 0x148, 0x190, 0x10, 0x3e8, 0x2a8, 0x2a8, 0x3e8, 0x2a8, 0x3, 0x0, {[{{@ip={@rand_addr, @multicast1, 0x0, 0x0, 'syz_tun\x00', 'rose0\x00'}, 0x0, 0x120, 0x190, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'dummy0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x7}}}, @common=@inet=@hashlimit1={{0x58}, {'pim6reg0\x00', {0x0, 0x0, 0x10001, 0x0, 0x8, 0x6, 0xa359e000}}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "f2f7b90ad2b60c45cb4ea6e7bf902bdc2ff8a9304d9f655c746adc0bdc773506378bc0d27efd6abb05175089830cc46186074d7de46d5af300"}}}, {{@ip={@empty, @multicast2, 0x0, 0x0, 'pimreg1\x00', 'veth0_to_team\x00'}, 0x0, 0x1f0, 0x258, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'geneve0\x00'}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz1\x00'}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x4e0) sendmsg$TIPC_NL_BEARER_SET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000e00)={0x224, 0x0, 0x800, 0x70bd2a, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0x80, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ID={0x5d, 0x3, "a5579cddb1a26248eebde3c5ccb6ace5bd3ccdf8b8a7a317f209792d116577be1c50fa7be223c6cfc7602b9cdabeac408e50fc6238e2344c006d4094d39899f9fcae86e034fcc91915bd6c95ba5b2fb6e96c4021f937f693f6"}]}, @TIPC_NLA_NODE={0x114, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x5}, @TIPC_NLA_NODE_ID={0x4}, @TIPC_NLA_NODE_ID={0xb0, 0x3, "91ebef4bcb4edf633aa88d8f091701b2a41fa8fd0382beed591cef12ffab84f7992c78ee4a2b06ae8e01bf0bffba815aa8e115c1887b08c7fc7e29974992898d405cf015e65ed7bede5cd7a171e8d8a8b03a4c32668d1a235621843b94b2d9fa08d7311a575b125c9df4b8036ff9e987b278126fe8a1b888c51fba07e9dea546cf7afe7099b8f7a51029f847c1ddc53f6783836d60621b8704a4892e94476676ba34838b33527e3c5ba798c8"}, @TIPC_NLA_NODE_ID={0x41, 0x3, "aef568770b0ceb16b7f5db9ea64348427c17ada9c54696dfc39e00b5136721a8ceaf0c8d171d21be8be20e62d1e432ea0c8f91d958172e3825e9204718"}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x9}, @TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x1}]}, @TIPC_NLA_NET={0x30, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7fffffffffffffff}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x5}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8}]}, @TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x401}]}, @TIPC_NLA_NODE={0xc, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}]}, @TIPC_NLA_MEDIA={0x4}, @TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xe}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}]}, @TIPC_NLA_SOCK={0x8, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x224}, 0x1, 0x0, 0x0, 0x4004000}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x8}}, {}, [], {{0x7, 0x1, 0xb, 0x1, 0x9, 0x10, 0x4000}, {0x6, 0x0, 0x5, 0x8}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'ip6erspan0\x00'}) openat$hwrng(0xffffffffffffff9c, 0x0, 0x400500, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="341000003b0007010000000000000000017c00000400000014000180080016000003000006000600800a0000080002"], 0x1034}}, 0x0) r5 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x7fff, 0x0, r5, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x48) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x4b0, 0x0, 0x11, 0x148, 0x0, 0x10, 0x570, 0x2a8, 0x2a8, 0x570, 0x2a8, 0x7fffffe, 0x0, {[{{@uncond, 0x10, 0x2f8, 0x360, 0x1c, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip6gretap0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0xffffffff, 0x8}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x19, 0x0, 0x0, 0x0, 'syz0\x00', 'syz1\x00'}}}, {{@ip={@multicast1, @rand_addr, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_batadv\x00'}, 0x0, 0x70, 0xb8}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@dev, 'macsec0\x00'}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x510) syz_open_dev$admmidi(0x0, 0x20, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, 0x0, 0x0) 3.754534908s ago: executing program 4 (id=1122): socket$nl_route(0x10, 0x3, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x1}) r1 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000004c0)=ANY=[@ANYBLOB="12010000000000202505a8a440000102030109021b00010100000009040000010701010009050102"], 0x0) syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000b40)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b00)={0x20, 0x0, 0x1}}) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000006480)={0x2020}, 0x2020) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000380), 0xfff, 0xffffffffffffffff, 0x0, 0xa0028000}, 0x38) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_io_uring_setup(0x4ea1, &(0x7f00000002c0)={0x0, 0x0, 0x10100}, &(0x7f0000000080), &(0x7f00000000c0)=0x0) syz_io_uring_setup(0x5de, &(0x7f0000000200), &(0x7f0000000940)=0x0, 0x0) syz_io_uring_submit(r5, r4, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x20) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) r6 = epoll_create1(0x0) r7 = eventfd(0x0) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r7, &(0x7f00000004c0)={0x80000007}) epoll_pwait(r6, &(0x7f0000000340)=[{}], 0x1, 0x0, 0x0, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r8, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000880)={0x2c, 0x1, 0x1, 0xf03, 0x0, 0x0, {}, [@CTA_TUPLE_REPLY={0x4}, @CTA_MARK={0x8}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x140}]}]}, 0x2c}}, 0x0) close(r0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x5c1341, 0x0) 3.656344445s ago: executing program 2 (id=1123): socket$nl_route(0x10, 0x3, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x1}) r1 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000004c0)=ANY=[@ANYBLOB="12010000000000202505a8a440000102030109021b00010100000009040000010701010009050102"], 0x0) syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000b40)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b00)={0x20, 0x0, 0x1}}) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000006480)={0x2020}, 0x2020) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000380), 0xfff, 0xffffffffffffffff, 0x0, 0xa0028000}, 0x38) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_io_uring_setup(0x4ea1, &(0x7f00000002c0)={0x0, 0x0, 0x10100}, &(0x7f0000000080), &(0x7f00000000c0)=0x0) syz_io_uring_setup(0x5de, &(0x7f0000000200), &(0x7f0000000940)=0x0, 0x0) syz_io_uring_submit(r5, r4, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r3}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x20) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) r6 = epoll_create1(0x0) r7 = eventfd(0x0) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r7, &(0x7f00000004c0)={0x80000007}) epoll_pwait(r6, &(0x7f0000000340)=[{}], 0x1, 0x0, 0x0, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r8, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000880)={0x2c, 0x1, 0x1, 0xf03, 0x0, 0x0, {}, [@CTA_TUPLE_REPLY={0x4}, @CTA_MARK={0x8}, @CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x140}]}]}, 0x2c}}, 0x0) close(r0) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x5c1341, 0x0) 3.094053668s ago: executing program 3 (id=1124): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {0x0, 0x40000000}, 0x0, 0x3f0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x20, 0x0, 0x1, 0x0, 0x0, 0x4}) (fail_nth: 2) 2.222731708s ago: executing program 3 (id=1125): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmsg$can_j1939(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000080)=""/112, 0x70}, {&(0x7f0000000100)=""/72, 0x48}, {&(0x7f0000000180)=""/230, 0xe6}, {&(0x7f0000000280)=""/51, 0x33}, {&(0x7f00000004c0)=""/174, 0xae}, {&(0x7f0000000680)=""/224, 0xe0}, {&(0x7f0000000780)=""/252, 0xfc}], 0x7}, 0x10000) sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000001800)={0x0, 0x0, &(0x7f00000017c0)={&(0x7f0000000880)=ANY=[@ANYRES32=r1, @ANYRES32=r1, @ANYBLOB="54ac3ae9b043eec1e9d4b550e90f9deb0f0891f499f8b2d1125a6a3491e32c2bd386ece859a61e858e0c0000ce2f3d9dd0f04471fc050e07111c78dadc7f3fe156d60c097cfc80d9962f9ac90e000000"], 0x12f4}}, 0x0) recvmmsg(r1, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000003c0)=""/216, 0xd8}], 0x1}, 0x7}, {{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000022c0)=""/4085, 0xff5}], 0x1}, 0xb64d}], 0x2, 0x2101, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vcan0\x00'}) 2.066753886s ago: executing program 1 (id=1126): openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) socket(0x2, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x0, 0x7}}, 0x14) r0 = syz_io_uring_setup(0x2705, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000480), &(0x7f0000001440)) r1 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0x18, 0x20000000, r1) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x9, 0x10000, 0x2, 0x709, 0x80, 0x1, 0xc26, '\x00', 0x0, r2, 0x2, 0x1, 0x1}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x28, 0x0, &(0x7f00000006c0)="e000000000000107ff82762f86dd1f1fba2dff09007ad265128380cf53be2749249d7687a200c778", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffc}, 0x50) connect$inet6(r2, &(0x7f0000000300)={0xa, 0x4e21, 0x1, @empty, 0x5}, 0x1c) bpf$ENABLE_STATS(0x20, &(0x7f00000000c0), 0x4) ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, 0x0) r3 = syz_open_dev$loop(0x0, 0x3, 0x0) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000280)={'\x00', 0x11, 0x8, 0x401}) r4 = syz_open_dev$loop(&(0x7f0000000000), 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x0, 0x12, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], 0x0}, 0x90) openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) ioctl$BLKTRACETEARDOWN(r4, 0x1276, 0x0) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) prctl$PR_SET_SECCOMP(0x41, 0x1, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000b40)=ANY=[@ANYBLOB, @ANYRES16=r5, @ANYBLOB="01000000000000000000050000000500020003000000600103800400010008000200000000002a00050000b080ac29824f467e9decc090f8baf0fe4460d8c2722ae5e0e7b86b8dcd92dd59a4e9b26f4e000008000200010000000800020005000000300003801c000180090002003a292c2d00000000040003000800010003000000100001800c000200657468746f6f6c00e4000380340001800f0002002f6465762f6877726e670000080001000500000004000300040003000800010009000000080001000800000030000180090002003a292c2d0000000008000100ed430000040003000b0002002a5e7d5d2d2800000400030004000300540001800f0002002b8f29265e2b2d272f2e00003500020000c5f2371332795050fa74ba3eab9fb115d11765d0f66eccbc3292e0baa8c7fc27a97604b8486aaed05d9f10986b2ed17a0000000800010006000000280001800b000200b6b67d5c212c00000b000200287b4c23285c0000090002000f5dc22300000000"], 0x17c}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) 1.942475537s ago: executing program 3 (id=1127): openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) socket(0x2, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0x14, 0x13, 0x0, {0x0, 0x0, 0x7}}, 0x14) r0 = syz_io_uring_setup(0x2705, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000480), &(0x7f0000001440)) r1 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0x18, 0x20000000, r1) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x9, 0x10000, 0x2, 0x709, 0x80, 0x1, 0xc26, '\x00', 0x0, r2, 0x2, 0x1, 0x1}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x28, 0x0, &(0x7f00000006c0)="e000000000000107ff82762f86dd1f1fba2dff09007ad265128380cf53be2749249d7687a200c778", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffc}, 0x50) connect$inet6(r2, &(0x7f0000000300)={0xa, 0x4e21, 0x1, @empty, 0x5}, 0x1c) bpf$ENABLE_STATS(0x20, &(0x7f00000000c0), 0x4) ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, 0x0) r3 = syz_open_dev$loop(0x0, 0x3, 0x0) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000280)={'\x00', 0x11, 0x8, 0x401}) r4 = syz_open_dev$loop(&(0x7f0000000000), 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x0, 0x12, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], 0x0}, 0x90) openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) ioctl$BLKTRACETEARDOWN(r4, 0x1276, 0x0) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) prctl$PR_SET_SECCOMP(0x41, 0x1, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000b40)=ANY=[@ANYBLOB, @ANYRES16=r5, @ANYBLOB="01000000000000000000050000000500020003000000600103800400010008000200000000002a00050000b080ac29824f467e9decc090f8baf0fe4460d8c2722ae5e0e7b86b8dcd92dd59a4e9b26f4e000008000200010000000800020005000000300003801c000180090002003a292c2d00000000040003000800010003000000100001800c000200657468746f6f6c00e4000380340001800f0002002f6465762f6877726e670000080001000500000004000300040003000800010009000000080001000800000030000180090002003a292c2d0000000008000100ed430000040003000b0002002a5e7d5d2d2800000400030004000300540001800f0002002b8f29265e2b2d272f2e00003500020000c5f2371332795050fa74ba3eab9fb115d11765d0f66eccbc3292e0baa8c7fc27a97604b8486aaed05d9f10986b2ed17a0000000800010006000000280001800b000200b6b67d5c212c00000b000200287b4c23285c0000090002000f5dc22300000000"], 0x17c}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240), &(0x7f0000000280)=0x5) 1.678884731s ago: executing program 0 (id=1128): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000011c0)=ANY=[@ANYBLOB="12010001090003206d0414c340000000000109022400010000a00009040000010301010009210008000122030009", @ANYRES64], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000001180)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001300)={0x2c, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000680)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB='@0J'], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f00000006c0)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000001100)={0x44, &(0x7f0000000000)=ANY=[@ANYBLOB="22000004000000da37"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.018595136s ago: executing program 1 (id=1129): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f00000000c0)=0x100000, 0x4) (async) getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, &(0x7f0000000100), &(0x7f0000000140)=0x2f) (async) symlinkat(&(0x7f0000000100)='./file0/file0\x00', 0xffffffffffffff9c, &(0x7f0000001740)='./file0\x00') (async) r1 = syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000080)='./file0/file0\x00', 0x20000, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB="2c726f6f746d6f64acce8346da303098e7ef11988fe300fb330530cb302c757365725f69643d0000000000000800000000000000000ae9a03b443af41cd97a4087abae6276e9cca7c21eac23d9cf34a5fa58657a910dec34806a6896a0548f5858034884dbb5696bfd8732a0cce686a562179f1775f07f471746b29a548589350a365d603c88e5d678e6b162289ea32ad6215a62fca82909d6981e2dad141e678f742390c8dcb6ecb88779f4ba66d8f45d368cbea9edeaf53b03fa30edcd0e42fe23c7b010904ec10fc6a353238bc377a15e5a087df954990e213adb4b9e10ff03338c4bfa36167f8aede2750f44eb677a33809674f395960a9e94aead68592be127a806a4d3cc34a1ff0ee2e532fe5d55d4cf6529549df25e72887cf4f8f0c529f3de6edd093cf8c7d6ef5125e6c3373cd66d7ce13e5f8d831c7df5f1a3fedf84f79af9d23c6ad990ec74c2a98096ee0ddb0eba359136e0e8c2fbfddd4c00adadfc287d643f58ca0796441848255d73303892c8818eeab753d2b3c08ec4c39db076251a566f74caa5c8dd68af6524d495", @ANYRESDEC, @ANYBLOB=',group_id=', @ANYRESDEC, @ANYBLOB=',blksize=0x0000000000001000,max_read=0x0000000000000006,blksize=0x0000000000000800,default_permissions,blksize=0x0000000000000800,max_read=0x0000000000000004,mask=^MAY_EXEC,fsmagic=0x0000000000000003,obj_type=,\x00'], 0x1, 0x0, &(0x7f00000002c0)="1c909d11f9b979741bd323f87c5a5a547a5c24ebfd7b85fbf42149c5f0fa24d185f516d8596946eef17d1e55a305f9fa7a133f7b6fd94f55deef39e52bc068ae8632def97d3684302d2af5064300ea65ce224d368518d84e8c18b6c78d90a7445589a4c37d91217545e13fdfce0d635da6f1a3d187f7c124410297b4dcaaa9e64c36157497cfe7f6df57e94cc6533e56ecc0234f53ac684c95fc95a5e3878c8ad69f07c37132177b4965607b17eb655772be8e5166c4") openat(r1, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0xc) (async) openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 1.015836626s ago: executing program 3 (id=1130): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f1, &(0x7f00000002c0)={'sit0\x00', &(0x7f0000000140)=@ethtool_cmd={0x0, 0x0, 0x3, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x45}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002ac0)=@delchain={0x108, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_route={{0xa}, {0xc8, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_IIF={0x8}, @TCA_ROUTE4_ACT={0xac, 0x6, [@m_nat={0x7c, 0x0, 0x0, 0x0, {{0x8}, {0x54, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x0, 0x0, 0x0, 0xfffffffd}, @rand_addr, @loopback}}, @TCA_NAT_PARMS={0x28, 0x1, {{}, @rand_addr, @broadcast}}]}, {0x4}, {0xc}, {0xc}}}, @m_bpf={0x2c, 0x1e, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0x108}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0x10000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000001240)={@host}) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f0000000040)={@host}) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r1 = gettid() process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x229, 0x0) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x15) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r0, 0x7b1, &(0x7f0000000140)={&(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24e, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x26f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffed6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], 0x1, 0x400}) r2 = socket(0x11, 0xa, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000080)={'ip6tnl0\x00', &(0x7f0000000140)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x47, @ipv4={'\x00', '\xff\xff', @multicast2}, @mcast2={0xff, 0x5}, 0x0, 0x0, 0x0, 0x3}}) r3 = socket(0x10, 0x803, 0x0) sendto(r3, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x4f}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x140, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000fc38264e4d40587a050fbe4c3d370a9923f24778592bc971ca5a8ecdccd8d4cd3190364cd8f877552eed111931c16d02121707fd9dc71694055685b9c5ca169c8d61d48806f8234ecac7614a6747945fdce481e29a959a19bba0149736229b925acb9191a96378da5fec9feca67da0908af1e5204be6744ea47ddd9db12aed2fe9b656c64488451ad2043ec03ad96050778b8932c10262e4390b492fa3f2e0b40cfd67c186d540e3a804b766633f71337ddc2ea620f302b940c685162ce75cfa904ae9c7faa7c434250e92a4e6390ebe0b469a9c99eb81ff40c91d0a1a996deecc3143a4eedd8a21622d80c21d67c1e1db77bef960627e275b50fc0d96eda04d2682771f06a6f94fc1958a8944d172832ce5c1", @ANYRES32=0x0, @ANYBLOB], 0x24}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'veth1_to_team\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x1c, 0x2, @TCA_SFB_PARMS={0x28}}}]}, 0x58}}, 0x0) r8 = socket$kcm(0x21, 0x0, 0xa) sendmsg$kcm(r8, &(0x7f0000000080)={&(0x7f0000000100)=@rxrpc=@in4={0x21, 0x0, 0x2, 0xfffffd9d, {0x2, 0x0, @private}}, 0x80, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000eb8150f103f36ae593000065000000000023a523b42b496cf500"], 0x18}, 0x20000000) 186.696916ms ago: executing program 4 (id=1131): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@newtclass={0x48c, 0x28, 0x4, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0x3}, {0xb, 0xe68cae220a3e3d54}, {0xfff1}}, [@tclass_kind_options=@c_taprio={0xb}, @tclass_kind_options=@c_clsact={0xb}, @tclass_kind_options=@c_ingress={0xc}, @tclass_kind_options=@c_htb={{0x8}, {0x408, 0x2, [@TCA_HTB_RTAB={0x404, 0x4, [0x0, 0x80000000, 0x990, 0x8, 0x9, 0x6, 0x5, 0x2, 0x9, 0x3ff, 0xff, 0x0, 0xa1, 0x3, 0x2, 0xd24e, 0x2, 0xc, 0x0, 0x3, 0x2, 0x5, 0xf, 0x0, 0x5, 0xba, 0x8, 0xf3, 0x2, 0x4, 0x458, 0x9, 0x734, 0x1000, 0x9, 0x3, 0x1, 0x1, 0x4, 0x9, 0x8, 0x75e, 0xbf, 0x3, 0x3bcd, 0x9, 0x2fb, 0x3, 0x6, 0x7, 0xffff, 0x10000, 0x8, 0x4, 0xf7, 0x10001, 0xe, 0x4, 0xffff, 0x9, 0x0, 0xfff, 0x0, 0x4, 0xd5f, 0x0, 0x6, 0x0, 0x3, 0x6, 0x2, 0x0, 0xc0000000, 0x5, 0x200, 0x8, 0x1000, 0x0, 0xb3f, 0x7, 0x2, 0x5, 0x1000, 0x2, 0xfffffe01, 0x7fffffff, 0x3, 0x3, 0x1, 0x0, 0x5, 0x8, 0xfffffffe, 0x7, 0x8, 0x8, 0x81, 0x7, 0x8, 0x80000001, 0x5, 0x1, 0x1ff, 0x80000001, 0x2, 0x2, 0x81, 0xff, 0x13e7289a, 0x80000000, 0x0, 0x1, 0x10, 0x2, 0x100, 0x4, 0x0, 0x2, 0x3, 0x846d, 0x7, 0x9, 0x3a, 0xcb5f, 0x7ff, 0x100, 0x5, 0x7, 0x7, 0x6, 0xb4, 0x7fff, 0x3, 0x6, 0x5, 0x67e3, 0x4, 0x8e, 0x1, 0x80, 0x6, 0xbe7f, 0x4, 0x8, 0x9, 0x8, 0x2, 0x7d8, 0x5, 0x0, 0x401, 0x6, 0xd, 0x80000000, 0x9, 0xd5, 0x0, 0x3, 0x101, 0x81, 0xb82, 0xfffff995, 0x401, 0x7, 0x4, 0x9, 0x6, 0x2, 0x4, 0x9, 0x35a5, 0x9, 0x7ff, 0xc2a, 0xe6fd, 0x7, 0x2, 0x9, 0x8, 0x1000, 0x5, 0x7fff, 0x6, 0x7c637be9, 0x1, 0x140000, 0x7, 0x0, 0x3, 0x81, 0x101, 0x1, 0x10001, 0x3, 0x8, 0xe2, 0x0, 0x5, 0xbf, 0x7, 0xb847, 0x44, 0x9, 0x2, 0x0, 0x7, 0xa, 0x4, 0x2, 0x8100, 0x1, 0x6, 0xfffffffa, 0xe0c1, 0x8000, 0x4, 0xbe4, 0x1, 0x9, 0xa48, 0x1, 0x4, 0x5, 0x9, 0x1, 0x7, 0x3, 0x0, 0x9, 0x5, 0x0, 0x2, 0xff, 0x10, 0xd3a, 0x8b, 0xf, 0xfffeffff, 0x3, 0x3b4, 0x10, 0x2, 0x8, 0x8, 0x0, 0x9bb5, 0x10, 0x9, 0xfff, 0x101, 0x81, 0x80000000, 0x8000, 0x3, 0x8, 0x9]}]}}, @tclass_kind_options=@c_sfb={0x8}, @TCA_RATE={0x6}, @tclass_kind_options=@c_tbf={0x8}, @tclass_kind_options=@c_fq_codel={0xd}, @tclass_kind_options=@c_mqprio={0xb}]}, 0x48c}}, 0x1) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 102.001073ms ago: executing program 2 (id=1132): socket$key(0xf, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xf, &(0x7f0000000240)=ANY=[], 0x0, 0xc, 0x100b, &(0x7f0000001e40)=""/4107}, 0x90) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f0000000640)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x17, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x2f, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x1c, 0x7e, 0x0, 0x0, [0x401, 0x1000, 0x5, 0x0, 0x5, 0x8]}, @generic={0x94, 0xd, "ef731a46d573ccaab38cab"}, @noop, @noop, @generic={0x44, 0xf, "a53688f5220d79bbf6544620c4"}, @lsrr={0x83, 0xb, 0x39, [@private, @empty]}]}}}}}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, 0x0) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(r4, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$inet_udp(0x2, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'team_slave_1\x00'}) write$binfmt_misc(r6, &(0x7f0000000000)=ANY=[], 0xfffffecc) splice(r5, 0x0, r7, 0x0, 0x8f8, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx\x00'}, 0x58) r9 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(r9, 0xc0d05640, &(0x7f0000000440)={0x1, @pix_mp={0x77, 0x0, 0x47425247}}) r10 = accept4(r8, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_UPDATE_FT_IES(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x2c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MDID={0x6}, @NL80211_ATTR_MDID={0x6}]}, 0x2c}}, 0x0) r11 = dup(r3) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) r12 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r12, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000001000000000000000a20000000000a05000000000000000000010000000900010073797a300000000048000000030a05020000000000000000010000000900030073797a320000000014000480080002400000000008000140000000000900010073797a3000000000080007006e6174003c000000060a01040000000000"], 0xcc}}, 0x0) 0s ago: executing program 4 (id=1133): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback, 0x7ff}], 0x2c) sendto$inet6(r1, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x73) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000580)={0x41}, 0xe) recvmmsg(r1, &(0x7f00000007c0), 0x10, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000700)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r5], 0x38}}, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001dc0)={0x1f0, r6, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME={0x1bb, 0x33, @assoc_req={{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, {}, @device_b, @broadcast, @from_mac=@device_b, {0xb, 0xff9}, @value=@ver_80211n={0x0, 0x3584, 0x2, 0x0, 0x0, 0x1, 0x1}}, 0x7124, 0x8, {0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x5, [{0x1b, 0x1}, {0x5}, {0x12, 0x1}, {0x60, 0x1}, {0x60, 0x1}]}, @void, [{0xdd, 0x5e, "a1a51fdd868e7e520a46ef8332828070ee9e40854f2af90f264277531bd68c0fdeacb9b5d28e81b4a9a5bc2118cf6f525a7d9249d888b9f5fd12ffd1629b7d036ae01a433afe0b2846eeaf1f72433062e13b5999e62c59c695272a83ae52"}, {0xdd, 0xd4, "b624305579deaa5f95355c8cac5bbd67b2463fdf91b867f5dc79d6dafe3c5495898ee4f9bdfb66c3296942328c637b37a296e5b9eb2e272486f08af08f231336e7eef29ec09cb620a2cbfd37382ca47a36d45c9bf142253533134437572e00d7ca823d1dca7aed1688068f789ba72457a4515b0f018a8b87b7be6ac519fd04148a8bacbdb81c642087ac6751c9c38b3655f2b05de0541da8cb573d60fbc56d28a496720d4f33dd0211c7128bbe352cc9692480585cb62495ece9a6134b3986e2c7b580a453831024462f3c9cb33f2e9838a6ee60"}, {0xdd, 0x50, "20c7fd3d639727c9f20378e59c74a43e808c5df68bb672c65343ba2838373f1ed0d2d566b90fb1a098056282ed1030b6b419465e32ef11efeed88db1b2221e1f11adbc5b4f4123020c2094bdb2ec0506"}]}}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x7eb}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x4f}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}]}, 0x1f0}, 0x1, 0x0, 0x0, 0x44}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="300000002000010000000000fedbdf250200000000000000000000000c00144000000000000000110500160073000000"], 0x30}, 0x1, 0x0, 0x0, 0x6000011}, 0x24008884) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) r10 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r10, 0x6, 0x19, &(0x7f0000000000)=0x800, 0x4) sendmmsg$inet6(r0, &(0x7f0000000880)=[{{&(0x7f00000003c0)={0xa, 0x4e23, 0x9, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xfffffffa}, 0x1c, &(0x7f0000001bc0)=[{&(0x7f0000000940)="c5f8b3862b0bb039663dd71fbc37c7fc307a7690fe68cae2628e91a3ca4a20dd5aaf3f64b5bf5844e0a5ec02b4173d27d42682721737693ab90724ada6cd1ce5f8dcf6fdc28705c94102f5283ec53020d234f9792fc84462e51db5cdc57a6af60b6c25492766a78384e293d91a169e16bed18acfd25132bd25f8ccdaae0a33777b42ba2cba4cc7ac293de2e7738ae083d0ea669a50b3d4fdb5dbfa3f29917b1e5829d002c0a8ee49ade70da6abf44fb65ac3f006f33723ca5ee3f98fbb7ec77baf47759042c48f0f492c1539223d44a255d1f13060f161d06db846579f7c80cc6fbb8807fcd92b6ca5eec9027db5df1902cbe02752f3be267dc355c3e04e043e647211ad3fec9f6bbc1a7e3fc020e5e46f8fc63d74c539e416e2b45d3acdb69a4d975e42d0f901dd7efa546a2582265be7d6370a75251ec48fd5813b2b0f7769e5b3d593f4eb851b46c7803b90ffb1bcebbb65b040d6cccfdcc340e75e3c4b211d2264f30f6691ec3d2f5aee9aec5c5bcad476bb90c5af13731612a24f2d2609df0f27e80609f433d94098e3a50d23d39abac8d7eaa1b7e537734547879faa10e1b89013c74fb3e5520a55f2b73341775deb46dc9149900705ad0ff04e75ea8079bef563487d283f58e6fefe286794c5defa5ac2511d0df63426daa186b15a67436f9c797fbbf8d6bb609baba1c427b7df0cec97a595ddfab46f2978e1b814605b3db3103c928a78935f4cea14fe223b3175f71ff150ac4299b8b01dcc85f2bc0fc5dfa1c4fa34f636e703512ea1aed3ad5bba0623518ed8bbdd375f0b2a7023f7b277e13be2af905028c10124d04f961144fce8a6211b599e58fad36be4e777b49e4291bcf10f320db3e3fd1f25397c9b94b3625cd949f37aced32439bbcab60a0a382b7be90990b95f18c7b98d54fb2f61813f1f6f43ae3afdee3fb1c1f21baf91b88b5ff06af9e72d9c830cb7bf7d44da32c0dc0bb2980208d71b6c22294ce482346d4238cc14e999872907ed8ca951048ec7b47a3b4d3725c0ad095bdf10089826150e19c93634160e4e2c67352a52aa09ed2d53b9aeb2b5a0c43d1ce380e0af0fad3f93df8be2c215d46d306f6e234b43a648605de85b8dee0768db79d283a70639e48060f56faff2d35a1028488e00f63f9326cba1af7d3fa3cdae6d1e8f3562b6df4fbe34c785dfb514ea4472eed7dacad4fa082c54a6eca250280eb40823f23bd5458cd7731d98baf451c857067adcb756f6d62614c2111dcad5c08613fad6835b5eb7c7edce39f9a75f16b28c4114ad5099ad98653b9a44d630f73aaf05f4752aa58b8a75ba397e3f637dded61542f9612bc047bd2815fac058d9dd9fa8ce41276df7efc85cf67208c87df3215a3ec533f24c3f2afc3bd7572ef66bb879ec94d0a9ae148ed00966ba2c2f7acad16f11b6c6fe01aa795d95edd67716e2e2bed03ce0380bb808a757f87e94416b278ca1f6d09ae439f1b2644a58b1e92d19af8c24719fb5ce5a8b166ffca157ccde6a5756f177941c49517885b4786bb72b7976fb8bfc86024b29e167f5664c2b7ccd084bbd4972a3f0fdc16d294a9fb0a1e8165c5f729c8ca09001a0726340290043e38c81882690243a6440e70ed81de61ca1b18bed0d0e181340be79a96de1cd01fad5ea3673a4252d442318830e650423508f002afec1273cbe1426c7087fabee9b9746fe2ae2708ea56326da327d19a6ffea715dcdfaa0263420fad47571520b2a1b706172bd9b812f2dd37f88fd5985baae3c82069e43c3f464ab2a26cd3ab80c031457e8127d10ba27ac48df0c825cce0121bfe62f46fd6a4dac53bcf115a39adbef783b139023147921cb78c4a095cfd9c2e5847dc01bba51d60103edbbe064075fbfd7db8f0795724f0ca9eff3f379702028abab2a977de0badeca16c018a7c9b43aae3ca21066fd4b7547fc3a290d9b2b492b35b9c56bf1dd986eebf4483176b947ce297aa8f8dc1a45e7e72f392764ed76f7d683f89475682f9dd81325afc77c2c9c8a4dbbe1ef2c9738a34483e149931ffdf884db422e678b72e63fcef84a982d7ea4aec98de722dacf2c71e7c3e0241e72477a2b82f62c7de1ad5ad0fdf6c09771900bbdf00ae080e77048d66789d3384f41f695298f44850cca1207d6545cd5e84138879a255be6d92bc1b0e3b18e9ecda34bfb4f1da58b1ff54e7bbef9c1687c0e4440bdc2268af364c056ca08d3de419809032cddf615ecd20366c8c226021080b89872e84842b97dda4fb10db5744ea7e4f5c1c2a1c9d77b5f04aa3f6f21d32409c0855357d1c1add490558702c0f3b7e3fa08e5928de16e89db20dd360f821de81e10c3a3c6c5879a816ca3166f1628b49018f57e7211c551879019db81934127fc7d48eed4e6c8528a213bc3032fe7b32e23d65579c3b5704ccf9e9306c3eef645486c79073c14ce562a57bd34b91e34af6a004b6303d06f557444684baf9682df6b6905059ac7c9fb8188e3cda58aa34c7c6ab34d62b47142ab51bf46dd756f3bb8411252ea10ed6297d67e5a970f7ef79cc0ec646585195c482ab0b8813d31f05f75f7d808389b4e662f578f621c347960b7969cfc4670eb723b69459cdd193931ff5c7f124658bd1505452ca05344adfd1e136e0ff335e653c5659d87cbb79f1d6e0a81d55ad72d05cbfe55511921730e32a713c2d7516e6c44003dd384daf7732ab00a51810358b5e3c3bb8d4338a270e6c4a7b48168fe88cc62ed4aa62f4a026701286205b8cbf7b042872dbdd8a4dc3827b9eaa7e1f953d575723fd1f7192c6e4b9c76fdde7ee8fae8bf3b7cb461372604e8f3315c00cce49f8b5d33c72c8c8545324a330997ba61bb6022328e1655d499a2ddaeec79c2feb58058f345853ba802ecf1a738528b3e70bd3e6150b26920cc85382adfe5ad2f03fcfe45d90bdfbf9abc90d76ddd3d6d482200fc68b3e78cf2d8856308994426c7c91f6eda258340387d0c441dd7744573b887937242c875856949254e2e1171da2d6dd9dbded25804ec9ad0a41997e1643241d3c706bcc3f92a7624d59627c7337a64955adf3535bc9b78832e1b76402341d5dd8707d56a3f9ddd54e8cc1adbe5d33c46dbab8bb8287d248ed1190c3e40b0942f9cf00ca430d9a3c109620a66d215ac367e5ef83309e967be3836815695692923cc00febefc2d0bffd9ff5b1f0a6bdc239bc424dbedc9708eb2c8a3e353b6b312c4df210bf757f79cba9ab196e34ea1492e0c5f44a8806a30380eb48602e5680b21685c9022c5a162f407f11f4533ac35a7981ee32809990780093d6b63bc1b33f5440b2b229d8c002ce222a6b8f8b982dcd41dec918d9f4e5e8a2127f46c53c3ba568f378e9b317d86c829338b502df6ce2a84dbc7707a3688e5048fcb713debd0789ebfbd6a72b42dec43479ae66f72c4267cb49b026212723cc57e569696980ebb97ccd1b8e2e86ea056e086c01eef16b80631ea52e43512fdd15f07862780f3d8c99e2737715a7524df71dcc87b4cceb95f172606337aef0f2e08bc232fceaa8c90a047ccc0b82da57b819469ed041b3f2aafc94dae0f578ee21fdb97ae14c50babe982a14bd88d3b9506d09d5ce25cc6472333595cb067b24bf31d100c7aed0b4487fe92274c2a8ce32af941b660254dd7a82d98c280e0dc02d9de80b06096debe22cb1c3af6074deddcf6c1f0e26082c9515d6dd19697e643dd06da2a479832a8b68e6f3b8cc72189d7a84d5f9848f5ff9123804369cf120799f1cab27da8384b5060009b591c3515088bcab717f7b037387c4e41df916a598c6a9ae2d826abb26f8d20666babb7638d47760570be92fbd049ddfcffc0e2e5ca980d539031de2d8c9b33773264236eab8d755f025fc631ce8bc10815730d0644a41d9b42538a7c59419c2a091116d6628220b989ade0c24c3bbf4feed3a3e59fc36a46740cf0aa694da7a296db726ac7f217dd8ac051c3d466a6301cf2997ad5b765cdf8d3696b77fdd61a651372191e09c9478bd8e63e4d7165516082ace2799323648260240cd3d538979c7f3cfc0c45baa34c25bbbaabec3caaecbeab304193aad3b4c2828dc1a8550a8b30487d272ca8245953f8765136f99f739a7ca78bbc10588101a5862156c5e23771c0314ccd9dff5916c71b7459f9071b635aa078c4a7fead5b03db5ad6084e6ec1b3101284231cbfad449843fc2d6fc4f5cddf57f99a39c0c74ec98a6b7b5a83c7e916711ac60422bbb6baf5fd156aff1768b23a1dca61307afd86ef38fd763602b755a02a13905f69cf3f185ca4ae9d45d7942df919b9c84545ac93051da8bd8f2a846b5fe2595d2d132294bc31ddb493acd1724d1998d16389f0eb0cd800a540d10b569e32b19bb23381917e30510975417ad5413997f1176886861a311d7e05fe2e76e380287fc28ad3d6218347ef2b625bd7a4f4cf6957d0a43c4d3715372754b201dff08d307b09a5c01a0505723d7c3c9a3739221264987f74e45e45ca007ea6a1cc73707ecfd94db3ba1946c314739a0fcc7efe9638d5eae79094f00f695137973ab58a5e2f255439c7a79fe655059117edaf6bb5f156fb26b238ba37e57fa487a4593382b5c7e0ed0aafe52a95cf82083bcd44ac5a07071af5986f87352c703e04d5e158e0b236023d7add07a05b44bf3b0decb60b1c3ecc38c20f5a54a864dca4fe8a775a4015f570011c68a074f51c78b2738b3c5b9fbdc8346341d702585ee7ad1cf79895577bad14ee74b24615af74397504262f8cc32ea83962204ba3fdf5fbc345d1d9b5c2466920f122ea9df1e029f5346f6df4217dc41a236195294eee827e8fbb1ba40be27e5307d1a2296967ace8609ae681a397356b18e4579a45647ec4fbf8a3e6f0d935bec876e2f83ac431f6d0a3dbad22ec51b5c6ff1080dfca70ca2452f281d6243a80aebb9a92ca410d694de0bde6fd8ed233d02fd22cbdbf1108bfae67a7312052ac54b38d0a6197fddb35273ce937b2ede656ebc71b50a53b265a74767b6114fdb4d2e1d6a535e602823d5cbb0c0d0b8ce89fbbb16dc9e258cc9afaa3603bf9a886052733005d77debe52c623cb8171cb85e451b6e510e37cd42f41f6509cd232337aa98a3c762948dd97f51f859079234af02c08e740c30499dfd46547e867dd457f39b5799c17aec3088a7e6dbadfee27af1ca655fcd43a8723479102b0525b78aed0330777678754e219ab06b0e4e32494d9dcf8c89c18479b941b78ffd3e83fe05a5f2cdc7efc70dc647e290022f7b3c3c6a459dbbbecb0b95b77b2cfa63340e1285be724d399da22f4f62ecf0e3972a8036d9b71bace3ee457867e01029444714c6b6c64f7e2236d572edc8b90661dacd35a2ed7d5077caa0e75efa350f9b0fac985d6e8cfa4d15e305e5e0bf5040c1d24186edfea7060b262b0f4d4b5aa733da44cc85a784e0ebdf0f5ca1273b4df6c84ccbaa5b7aa607419a611d63056f51ab3d4be21dd27292f364811463542b969a71ac9404b0ba1bd492c21c30a572beb4c70c7224eb0bba4fb123280aa77379a279d911d9aa1261e49a074debcfc57c72411c2ceae47c6c37ee64ecae4b59c50b02992ef24847fec787127b4c5d357d7daef8c6d01121d6dca20dea7a80d4a5f2bfd5c22d7414142b619406f6a43e8d5ae64963a05b12020264f982f93c156a27651a9d5a65229953d9902114d6240434a2cd6031ea32fd8cbd82915366dad29c8e6b1d0e3bbdd1c103d1eb6c04f2e948ecb94f308cbd81f86bc97dbf506bfaf0a4a65a0599ac82351b135824675b3", 0x1000}, {&(0x7f0000000400)="e3afed53bd417049ae83a6e97aa210d10a886c810dbc259827ea651f0893f98e2e52a392e088b003ddc3c317ace0e1cf25645c03819da5b2a92543e9149a404d4faf43ce48fd79553a2c4ff3f7e69db939aa7a1a4ab6475b4e2c28317c5fcd28fb09fb59f3ec421421e5a941e1a97e0a21a54b837607bacf8321fc183046dbec9fbb38011b750cfd01a1d710c383dfc12f50719af1f1d312094684ee8c8415a59a73d09b49ccc023d4205e91f3057b04606a748cd468", 0xb6}, {&(0x7f00000004c0)}, {&(0x7f0000000500)="6f26d57ec9105dfa354241", 0xb}, {&(0x7f0000000680)="f472f7192043f5731b653ec3f344d8fcfe754d0788f5c230cc5398419b3a3e41ad7413f538e7a750dfb9843396388b3e0f35e8e70bf26e393a34bcbd1a7f8144bbb81eb63553289d7e2b3815c7ee4ab118eb5ac60e7c35026a8fef64ea0223b85083cbdcee286603591f3ceffea0a62ebd74117666b8b8f4092d62b2fb03be9f29500639b3af2d3a20a480abae6e2af0d7c3319c336614b2f888d83aab116ec1e0089d002c88cdb3b45ccd0d9353eb513b9f5c957d3d2bfecd75b2ad50cb15b864b682d860a42debc7dabf64a22dc00cf903fc10f4a6e47d002d3fed040692b3bdbc88b421a7c3", 0xe7}, {&(0x7f0000000780)="ba926c3402901db55917163ed20fb23a50524f01f3e59f275c204f676dee94dce7aeb369f910ba4c49d108adb0f68539d309e4d2eb810a48d57905e4179a720e954e5bdbaaa8859649c159cf22ac0100d9ab832e681eff66d85e39b4c7148b63cafa571d91cfa6fcfc68e30c564741ad0303edf004801ec51423adbf4d18bd47abffa209b8e4077f175aa8831b6ecf313fc3ab957c9b357c241cc0cc59128fd251b46431860414dd18bef0965f1a8edee5f0f45df1d1d95165416d3dee80330545fed2d3fcd4e0e99c978f5bdb704594e57e117017ae69e8803e64a3a187024f125860faf059a17950c325b05471ba10d839badc5a10", 0xf6}, {&(0x7f0000001940)="99ca2d515e984be387485232bbe5391c56dc1db0bf8e09e3fca78d19abd2fe5ed72238e41e9329420b22d223f0fed06d370cef23a6f0b051f3acb40ad0217ecf289338fd2291762aa71bed18706f97cdea1f9f58e735bcda56722ffc083a789bc5c5ba3a9639d5688bd58319f32a6e8daddd02c5250fc1a50b3fa20485419d161dacd87f72ad8071f748c6ed02f66ccd9c186fef1a6c5689463ae14a65581b7450414fd3fb275465d5fb37d48bd11d642f0e2f0593464b906c33e57541bd33934d111833dd46c7f3addf3f0e09bc331873bea33f5810226a2f00f68c4d57acc58ac0f55e348f8283e31e", 0xea}, {&(0x7f0000001a40)="237b5fe7f61d98abb565010e5c1e991aaaa8b2037252eb75163abb86a7e4cc32d4308c1dffdedf49e770858f98b71313c4823a49dfaad0641c5c17764f92df554b2e93dc144d37b19346d793d6378b87a681a8cedb3adbea80af14f3216cc104d41d8ec4cf77b5fe4fd1632fadaea1d52cf74cee91e2d56ddef04f478a74c019be9390b20498caecd18928b88dc869b91b868edc144bf15a01f66f587538b3bfd18a6f1eca5ccf04ab818955c93347f84bcce6d3812f0a622902a5e522e489cffca2dcce1f63fbd4fb01ffe8046456d3f1a97c9d", 0xd4}, {&(0x7f0000001b40)="90f61046e78ac5b41c3eba9c77596860758b4acae19de3bf2dcfd156c6330bbcfda0bc220c39b8db94cc6e066e0ddb642d66cf452e799b54d55147971fb34f30277d07", 0x43}, {&(0x7f0000000540)="e223aef8c266a29ad16d7953fb2bb0e399b5a6843a72fa5bed5f134e2d6f5862958cf4fc601acaa4ba1a15f801db28e76641483dcc6cf880b6d43900a69e378d", 0x40}], 0xa, &(0x7f0000001c80)=[@hopopts={{0x78, 0x29, 0x36, {0x51, 0xb, '\x00', [@generic={0x0, 0x32, "58ac81e06a860e494e290c41a26476c2ecf6d5a42092181d6bb2eae8b75d1614954a8bb0b9688989be9bcc38f1e10a52ea1b"}, @calipso={0x7, 0x10, {0x1, 0x2, 0xe, 0x1, [0x40]}}, @hao={0xc9, 0x10, @local}, @pad1]}}}, @dstopts_2292={{0x98, 0x29, 0x4, {0x3b, 0xf, '\x00', [@enc_lim={0x4, 0x1, 0xe}, @generic={0xe, 0x6c, "1d5780427e5759a0a8fb53529b1c858a8e4af6b954d7484fd8da0df5fc4113a88be6b6999c6d6f35232628542a035ded831e33af41be48bde0d68c81cca441664d2626f3b577a64fb8e277730d734d4bb524e1e18c1077baceafb34047a80aeff2a372d99cae309d9b457036"}, @pad1, @jumbo={0xc2, 0x4, 0x7}]}}}, @rthdr_2292={{0x28, 0x29, 0x39, {0x1d, 0x2, 0x0, 0x5, 0x0, [@dev={0xfe, 0x80, '\x00', 0x27}]}}}], 0x138}}], 0x1, 0x804) setsockopt$MRT_DEL_VIF(r10, 0x0, 0xcb, &(0x7f00000000c0)={0x0, 0x4, 0x9, 0x27b, @vifc_lcl_ifindex=r9, @multicast1}, 0x10) recvmsg(r10, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0xf012, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0x200116c0}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) kernel console output (not intermixed with test programs): 0288] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 365.665651][ T46] usb 4-1: config 0 descriptor?? [ 366.016295][ T941] hub 5-1:0.0: hub_ext_port_status failed (err = -71) [ 366.024703][ T5283] usb 5-1: USB disconnect, device number 32 [ 366.102989][ T46] microsoft 0003:045E:07DA.0012: unknown main item tag 0x0 [ 366.121099][ T46] microsoft 0003:045E:07DA.0012: unknown main item tag 0x0 [ 366.144412][ T46] microsoft 0003:045E:07DA.0012: unknown main item tag 0x0 [ 366.177199][ T46] microsoft 0003:045E:07DA.0012: unknown main item tag 0x0 [ 366.197058][ T46] microsoft 0003:045E:07DA.0012: unknown main item tag 0x0 [ 366.219714][ T46] microsoft 0003:045E:07DA.0012: unknown main item tag 0x0 [ 366.243704][ T46] microsoft 0003:045E:07DA.0012: unknown main item tag 0x0 [ 366.269503][ T46] microsoft 0003:045E:07DA.0012: unknown main item tag 0x0 [ 366.278069][ T46] microsoft 0003:045E:07DA.0012: unknown main item tag 0x0 [ 366.303961][ T46] microsoft 0003:045E:07DA.0012: unknown main item tag 0x0 [ 366.329527][ T46] microsoft 0003:045E:07DA.0012: No inputs registered, leaving [ 366.369717][ T46] microsoft 0003:045E:07DA.0012: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 366.391234][ T46] microsoft 0003:045E:07DA.0012: no inputs found [ 366.400700][ T46] microsoft 0003:045E:07DA.0012: could not initialize ff, continuing anyway [ 366.427798][ T46] usb 4-1: USB disconnect, device number 43 [ 366.567712][T10302] binder: BINDER_SET_CONTEXT_MGR already set [ 366.574499][T10302] binder: 10300:10302 ioctl 4018620d 20000040 returned -16 [ 366.778400][T10306] netlink: 'syz.4.909': attribute type 7 has an invalid length. [ 366.799430][ T46] usb 1-1: USB disconnect, device number 26 [ 366.805403][T10306] netlink: 'syz.4.909': attribute type 39 has an invalid length. [ 366.837460][ T46] usblp0: removed [ 366.879742][T10307] netlink: 'syz.4.909': attribute type 7 has an invalid length. [ 367.338691][ T46] usb 2-1: USB disconnect, device number 44 [ 367.797647][ T5283] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 367.925474][T10342] xt_l2tp: v2 sid > 0xffff: 16777216 [ 367.963793][T10342] netlink: 28 bytes leftover after parsing attributes in process `syz.0.920'. [ 368.039240][ T5283] usb 4-1: Using ep0 maxpacket: 16 [ 368.070742][ T5283] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 368.105281][ T5283] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 368.126199][ T5283] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 368.142971][ T46] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 368.143619][ T5283] usb 4-1: Product: syz [ 368.155987][ T5283] usb 4-1: Manufacturer: syz [ 368.176080][ T5283] usb 4-1: SerialNumber: syz [ 368.197869][ T5283] usb 4-1: config 0 descriptor?? [ 368.210000][ T5283] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 368.221238][ T5283] em28xx 4-1:0.0: DVB interface 0 found: bulk [ 368.359170][ T46] usb 2-1: Using ep0 maxpacket: 16 [ 368.370903][ T46] usb 2-1: config 229 has an invalid descriptor of length 129, skipping remainder of the config [ 368.390703][ T46] usb 2-1: config 229 has 0 interfaces, different from the descriptor's value: 1 [ 368.415573][ T46] usb 2-1: New USB device found, idVendor=05ac, idProduct=0217, bcdDevice=2d.9c [ 368.429734][ T941] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 368.432124][ T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 368.446395][ T46] usb 2-1: Product: syz [ 368.459284][T10329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 368.478613][ T46] usb 2-1: Manufacturer: syz [ 368.496580][ T46] usb 2-1: SerialNumber: syz [ 368.511146][T10329] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 368.597730][ T29] kauditd_printk_skb: 88 callbacks suppressed [ 368.597744][ T29] audit: type=1326 audit(1724979408.778:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10345 comm="syz.2.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa507379ef9 code=0x7ffc0000 [ 368.645222][ T29] audit: type=1326 audit(1724979408.818:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10345 comm="syz.2.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa507379ef9 code=0x7ffc0000 [ 368.659201][ T941] usb 5-1: Using ep0 maxpacket: 32 [ 368.684998][ T29] audit: type=1326 audit(1724979408.818:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10345 comm="syz.2.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa507378890 code=0x7ffc0000 [ 368.685048][ T29] audit: type=1326 audit(1724979408.818:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10345 comm="syz.2.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa507379afb code=0x7ffc0000 [ 368.685112][ T29] audit: type=1326 audit(1724979408.818:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10345 comm="syz.2.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa507379afb code=0x7ffc0000 [ 368.685157][ T29] audit: type=1326 audit(1724979408.828:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10345 comm="syz.2.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa507379afb code=0x7ffc0000 [ 368.685197][ T29] audit: type=1326 audit(1724979408.828:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10345 comm="syz.2.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa507379afb code=0x7ffc0000 [ 368.788102][ T941] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 368.801432][ C1] vkms_vblank_simulate: vblank timer overrun [ 368.930062][ T29] audit: type=1326 audit(1724979409.118:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10345 comm="syz.2.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa507379afb code=0x7ffc0000 [ 368.954559][ C1] vkms_vblank_simulate: vblank timer overrun [ 368.961445][ T941] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 368.992100][ T29] audit: type=1326 audit(1724979409.178:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10345 comm="syz.2.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa507379afb code=0x7ffc0000 [ 369.057209][ T941] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 369.057261][ T941] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 369.057274][ T941] usb 5-1: Product: syz [ 369.057283][ T941] usb 5-1: Manufacturer: syz [ 369.057291][ T941] usb 5-1: SerialNumber: syz [ 369.059200][ T5280] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 369.145295][ T29] audit: type=1326 audit(1724979409.328:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10345 comm="syz.2.922" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa507379afb code=0x7ffc0000 [ 369.167537][ C1] vkms_vblank_simulate: vblank timer overrun [ 369.322702][ T5280] usb 3-1: Using ep0 maxpacket: 16 [ 369.335333][ T5280] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 369.354332][ T941] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 33 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 369.399278][ T5280] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 369.456338][ T5283] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 369.482874][ T5280] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 369.509934][ T5280] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.546416][ T5280] usb 3-1: config 0 descriptor?? [ 370.031862][ T5280] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0 [ 370.075423][ T5280] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0 [ 370.129448][ T5280] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0 [ 370.151080][ T5280] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0 [ 370.214774][ T5280] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0 [ 370.265691][ T5280] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0 [ 370.306989][ T5280] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0 [ 370.356889][ T5280] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0 [ 370.381526][T10351] netlink: 4096 bytes leftover after parsing attributes in process `syz.0.923'. [ 370.392137][T10351] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 370.399460][ T5280] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0 [ 370.415786][ T5280] microsoft 0003:045E:07DA.0013: unknown main item tag 0x0 [ 370.476039][ T5280] microsoft 0003:045E:07DA.0013: No inputs registered, leaving [ 370.500162][ T5280] microsoft 0003:045E:07DA.0013: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 370.515965][ T5280] microsoft 0003:045E:07DA.0013: no inputs found [ 370.527643][ T5280] microsoft 0003:045E:07DA.0013: could not initialize ff, continuing anyway [ 370.544098][ T5283] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 370.618764][ T5283] em28xx 4-1:0.0: board has no eeprom [ 370.636333][ T5280] usb 3-1: USB disconnect, device number 24 [ 370.769218][ T5283] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 370.780794][ T46] usb 2-1: USB disconnect, device number 45 [ 370.835344][ T5283] em28xx 4-1:0.0: dvb set to bulk mode. [ 370.903545][ T5241] em28xx 4-1:0.0: Binding DVB extension [ 370.940643][ T5283] usb 4-1: USB disconnect, device number 44 [ 370.982502][ T5283] em28xx 4-1:0.0: Disconnecting em28xx [ 371.149046][ T5241] em28xx 4-1:0.0: Registering input extension [ 371.174779][ T5283] em28xx 4-1:0.0: Closing input extension [ 371.214588][ T5283] em28xx 4-1:0.0: Freeing device [ 371.365158][T10374] FAULT_INJECTION: forcing a failure. [ 371.365158][T10374] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 371.406995][T10374] CPU: 0 UID: 0 PID: 10374 Comm: syz.1.928 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 371.417708][T10374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 371.427760][T10374] Call Trace: [ 371.431049][T10374] [ 371.434143][T10374] dump_stack_lvl+0x241/0x360 [ 371.438842][T10374] ? __pfx_dump_stack_lvl+0x10/0x10 [ 371.444035][T10374] ? __pfx__printk+0x10/0x10 [ 371.448610][T10374] ? __pfx_lock_release+0x10/0x10 [ 371.449672][ T5323] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 371.453622][T10374] should_fail_ex+0x3b0/0x4e0 [ 371.465850][T10374] _copy_from_user+0x2f/0xe0 [ 371.470454][T10374] do_fb_ioctl+0x2cb/0x7b0 [ 371.474860][T10374] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 371.480828][T10374] ? __pfx_do_fb_ioctl+0x10/0x10 [ 371.485771][T10374] ? __fget_files+0x29/0x470 [ 371.490375][T10374] ? bpf_lsm_file_ioctl+0x9/0x10 [ 371.495298][T10374] ? security_file_ioctl+0x87/0xb0 [ 371.500396][T10374] ? __pfx_fb_ioctl+0x10/0x10 [ 371.505063][T10374] __se_sys_ioctl+0xfc/0x170 [ 371.509639][T10374] do_syscall_64+0xf3/0x230 [ 371.514127][T10374] ? clear_bhb_loop+0x35/0x90 [ 371.518814][T10374] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 371.524690][T10374] RIP: 0033:0x7fd876779ef9 [ 371.529096][T10374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 371.548799][T10374] RSP: 002b:00007fd8774ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 371.557206][T10374] RAX: ffffffffffffffda RBX: 00007fd876915f80 RCX: 00007fd876779ef9 [ 371.565167][T10374] RDX: 0000000020000100 RSI: 0000000000004601 RDI: 0000000000000004 [ 371.573127][T10374] RBP: 00007fd8774ce090 R08: 0000000000000000 R09: 0000000000000000 [ 371.581105][T10374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 371.589071][T10374] R13: 0000000000000000 R14: 00007fd876915f80 R15: 00007fd876a3fa28 [ 371.597068][T10374] [ 371.654222][ T5280] usb 5-1: USB disconnect, device number 33 [ 371.668696][ T5280] usblp0: removed [ 371.779165][ T5323] usb 3-1: Using ep0 maxpacket: 32 [ 371.794089][ T5323] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 371.807450][ T5323] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 371.818228][ T5323] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 371.828353][ T5323] usb 3-1: Product: syz [ 371.864290][ T5323] usb 3-1: Manufacturer: syz [ 371.872159][ T5323] usb 3-1: SerialNumber: syz [ 371.895853][ T5323] usb 3-1: config 0 descriptor?? [ 371.924764][ T5323] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 372.034451][ T58] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 372.126402][ T5323] usb 3-1: USB disconnect, device number 25 [ 372.200739][ T12] usb 3-1: Failed to submit usb control message: -71 [ 372.225992][ T12] usb 3-1: unable to send the bmi data to the device: -71 [ 372.240753][ T58] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 372.253979][ T12] usb 3-1: unable to get target info from device [ 372.266168][ T12] usb 3-1: could not get target info (-71) [ 372.289914][ T12] usb 3-1: could not probe fw (-71) [ 372.295217][ T58] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 372.314433][ T58] usb 2-1: New USB device found, idVendor=056a, idProduct=00bc, bcdDevice= 0.00 [ 372.346577][ T58] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.354786][ T5230] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 372.406245][ T58] usb 2-1: config 0 descriptor?? [ 372.565270][ T5230] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 372.578159][ T5230] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 372.603912][ T5230] usb 1-1: New USB device found, idVendor=0c70, idProduct=f00e, bcdDevice= 0.00 [ 372.631398][ T5230] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.654703][ T5230] usb 1-1: config 0 descriptor?? [ 372.676958][ T5230] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 372.875297][ T58] usbhid 2-1:0.0: can't add hid device: -71 [ 372.910132][ T58] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 372.931813][ T58] usb 2-1: USB disconnect, device number 46 [ 372.948886][T10400] SET target dimension over the limit! [ 373.003151][ T5324] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 373.021173][T10401] raw_sendmsg: syz.2.935 forgot to set AF_INET. Fix it! [ 373.239272][ T5324] usb 5-1: Using ep0 maxpacket: 8 [ 373.254249][ T5324] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 373.284624][ T5324] usb 5-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 373.302067][ T5324] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.320404][T10388] netlink: 144 bytes leftover after parsing attributes in process `syz.0.931'. [ 373.330654][ T5324] usb 5-1: Product: syz [ 373.336305][ T5324] usb 5-1: Manufacturer: syz [ 373.341515][ T5324] usb 5-1: SerialNumber: syz [ 373.358264][ T5324] usb 5-1: config 0 descriptor?? [ 373.367485][T10408] Cannot find add_set index 0 as target [ 373.375349][T10388] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 373.387176][ T5324] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 373.404195][T10388] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 373.548704][ T5240] Bluetooth: hci0: unexpected event 0x05 length: 23 > 4 [ 374.027629][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 374.155896][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 374.328234][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 374.488217][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 374.630296][ T58] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 374.719936][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 374.730120][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 374.740847][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 374.758015][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 374.766892][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 374.776351][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 374.849852][ T58] usb 3-1: Using ep0 maxpacket: 32 [ 374.862156][ T58] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 374.874249][ T58] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 374.906233][ T5323] usb 1-1: USB disconnect, device number 27 [ 374.919662][ T58] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 374.932303][ T58] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 374.945514][ T5230] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 374.967053][ T58] usb 3-1: Product: syz [ 374.972337][ T12] bridge_slave_1: left allmulticast mode [ 374.973100][ T58] usb 3-1: Manufacturer: syz [ 374.987015][ T58] usb 3-1: SerialNumber: syz [ 374.994322][ T12] bridge_slave_1: left promiscuous mode [ 375.006423][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 375.043301][ T12] bridge_slave_0: left allmulticast mode [ 375.056065][ T12] bridge_slave_0: left promiscuous mode [ 375.063813][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 375.159680][ T5230] usb 2-1: Using ep0 maxpacket: 16 [ 375.161630][ T5230] usb 2-1: config 0 has no interfaces? [ 375.163143][ T5230] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 375.163172][ T5230] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 375.163236][ T5230] usb 2-1: SerialNumber: syz [ 375.172817][ T5230] usb 2-1: config 0 descriptor?? [ 375.237742][ T58] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 26 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 375.415675][ T5324] gspca_zc3xx: reg_r err -32 [ 375.847097][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 375.863138][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 375.882381][ T12] bond0 (unregistering): Released all slaves [ 375.912912][T10422] vlan2: entered promiscuous mode [ 375.919555][T10422] batadv0: entered promiscuous mode [ 375.979833][T10422] team0: Port device vlan2 added [ 376.057748][ T5323] usb 2-1: USB disconnect, device number 47 [ 376.063790][ T5324] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 376.094520][ T5324] gspca_zc3xx 5-1:0.0: probe with driver gspca_zc3xx failed with error -32 [ 376.133626][ T12] tipc: Disabling bearer [ 376.152786][ T12] tipc: Left network mode [ 376.463037][ T5323] usb 5-1: USB disconnect, device number 34 [ 376.869550][ T5240] Bluetooth: hci1: command tx timeout [ 376.930758][ T12] hsr_slave_0: left promiscuous mode [ 376.936677][ T12] hsr_slave_1: left promiscuous mode [ 376.985389][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 377.000337][ T5323] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 377.014943][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 377.037497][T10460] netlink: 8 bytes leftover after parsing attributes in process `syz.0.951'. [ 377.050410][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 377.066874][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 377.140664][ T12] veth1_macvtap: left promiscuous mode [ 377.149240][ T5283] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 377.157631][ T12] veth0_macvtap: left promiscuous mode [ 377.178942][ T12] veth1_vlan: left promiscuous mode [ 377.205881][ T12] veth0_vlan: left promiscuous mode [ 377.234745][ T5323] usb 5-1: New USB device found, idVendor=0bc3, idProduct=0001, bcdDevice=68.24 [ 377.272221][ T5323] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 377.336151][ T5323] usb 5-1: Product: syz [ 377.353896][ T5323] usb 5-1: Manufacturer: syz [ 377.355708][ T5283] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 377.378724][ T58] usb 3-1: USB disconnect, device number 26 [ 377.383333][ T5283] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 377.406765][ T5283] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 377.436421][ T5283] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 377.470192][ T5323] usb 5-1: SerialNumber: syz [ 377.470298][ T5283] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 377.521672][ T58] usblp0: removed [ 377.530069][ T5323] usb 5-1: config 0 descriptor?? [ 377.547652][ T5283] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.568887][ T5323] ipw 5-1:0.0: IPWireless converter converter detected [ 377.618354][ T5283] usb 2-1: config 0 descriptor?? [ 377.824560][T10448] validate_nla: 1 callbacks suppressed [ 377.824584][T10448] netlink: 'syz.4.949': attribute type 1 has an invalid length. [ 377.837877][T10448] netlink: 168864 bytes leftover after parsing attributes in process `syz.4.949'. [ 378.872327][ T1273] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.885622][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.893588][ T12] team0 (unregistering): Port device team_slave_1 removed [ 378.965753][ T5240] Bluetooth: hci1: command tx timeout [ 379.033327][ T12] team0 (unregistering): Port device team_slave_0 removed [ 379.146656][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 379.385331][T10475] input: syz0 as /devices/virtual/input/input43 [ 380.119690][T10456] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 380.216424][T10424] chnl_net:caif_netlink_parms(): no params data found [ 380.229876][ T58] usb 5-1: USB disconnect, device number 35 [ 380.243366][ T58] ipw 5-1:0.0: device disconnected [ 380.455289][T10482] netlink: 'syz.4.955': attribute type 10 has an invalid length. [ 380.495401][ T5283] usbhid 2-1:0.0: can't add hid device: -71 [ 380.509456][ T5283] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 380.529030][T10482] bond0: (slave netdevsim0): Releasing backup interface [ 380.548538][ T5323] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 380.554919][ T5283] usb 2-1: USB disconnect, device number 48 [ 380.613206][T10482] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 380.630143][T10482] team0: Failed to send options change via netlink (err -105) [ 380.656849][T10482] team0: Port device netdevsim0 added [ 380.745799][T10484] netlink: 'syz.4.955': attribute type 10 has an invalid length. [ 380.760052][ T5323] usb 1-1: Using ep0 maxpacket: 32 [ 380.771502][T10484] team0: Failed to send options change via netlink (err -105) [ 380.812537][ T5323] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 380.839185][ T5323] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 380.842994][T10484] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 380.851862][ T5323] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 380.873096][ T5323] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 380.882780][ T5323] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 380.921987][ T5323] usb 1-1: config 0 descriptor?? [ 380.923450][T10484] team0: Port device netdevsim0 removed [ 380.940453][T10480] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 380.954370][ T5323] hub 1-1:0.0: USB hub found [ 380.983685][T10484] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 381.039521][ T5240] Bluetooth: hci1: command tx timeout [ 381.170782][ T5323] hub 1-1:0.0: 2 ports detected [ 381.215311][T10499] i2c i2c-0: Invalid block write size 65 [ 381.262615][T10424] bridge0: port 1(bridge_slave_0) entered blocking state [ 381.287942][T10424] bridge0: port 1(bridge_slave_0) entered disabled state [ 381.314926][T10424] bridge_slave_0: entered allmulticast mode [ 381.345408][T10424] bridge_slave_0: entered promiscuous mode [ 381.395783][T10424] bridge0: port 2(bridge_slave_1) entered blocking state [ 381.477629][T10424] bridge0: port 2(bridge_slave_1) entered disabled state [ 381.501829][T10424] bridge_slave_1: entered allmulticast mode [ 381.520204][T10424] bridge_slave_1: entered promiscuous mode [ 381.681935][T10424] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 381.722966][T10424] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 381.826111][T10515] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 381.856843][T10424] team0: Port device team_slave_0 added [ 381.866444][T10424] team0: Port device team_slave_1 added [ 381.926126][T10424] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 381.936314][T10424] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 381.972507][T10424] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 382.014655][T10424] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 382.028245][T10424] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 382.054504][ T58] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 382.067238][T10424] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 382.082909][T10520] netlink: 8 bytes leftover after parsing attributes in process `syz.4.962'. [ 382.096314][ T46] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 382.247435][T10424] hsr_slave_0: entered promiscuous mode [ 382.282033][ T58] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 26 [ 382.309116][ T46] usb 3-1: Using ep0 maxpacket: 32 [ 382.327708][ T46] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 382.348607][ T58] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 382.362859][T10424] hsr_slave_1: entered promiscuous mode [ 382.380992][ T58] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 382.389186][ T46] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 382.402841][ T58] usb 2-1: SerialNumber: syz [ 382.421877][ T46] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 382.433920][T10424] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 382.484422][T10424] Cannot create hsr debugfs directory [ 382.490111][ T46] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 382.498220][ T46] usb 3-1: Product: syz [ 382.556552][ T46] usb 3-1: Manufacturer: syz [ 382.563528][ T46] usb 3-1: SerialNumber: syz [ 382.711278][ T5324] usb 1-1: reset high-speed USB device number 28 using dummy_hcd [ 382.792265][ T46] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 27 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 382.899437][ T5324] usb 1-1: device descriptor read/64, error -32 [ 383.109258][ T5240] Bluetooth: hci1: command tx timeout [ 383.136827][ T58] cdc_ether 2-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.1-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 383.422556][T10544] netlink: 'syz.1.959': attribute type 10 has an invalid length. [ 383.479014][T10544] bridge0: port 2(bridge_slave_1) entered disabled state [ 383.487999][T10544] bridge0: port 1(bridge_slave_0) entered disabled state [ 383.571115][T10544] bridge0: port 2(bridge_slave_1) entered blocking state [ 383.578544][T10544] bridge0: port 2(bridge_slave_1) entered forwarding state [ 383.587119][T10544] bridge0: port 1(bridge_slave_0) entered blocking state [ 383.594280][T10544] bridge0: port 1(bridge_slave_0) entered forwarding state [ 383.641736][T10544] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 383.658408][ T29] kauditd_printk_skb: 40 callbacks suppressed [ 383.658422][ T29] audit: type=1326 audit(1724979423.838:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10545 comm="syz.4.963" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f57d9379ef9 code=0x0 [ 383.832669][T10549] netlink: 'syz.0.964': attribute type 7 has an invalid length. [ 383.851649][T10549] netlink: 'syz.0.964': attribute type 39 has an invalid length. [ 383.864345][ T5324] hub 1-1:0.0: set hub depth failed [ 383.869970][ T5230] usb 1-1: USB disconnect, device number 28 [ 384.394339][T10424] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 384.438295][T10424] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 384.498172][T10424] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 384.598125][T10424] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 384.931115][ T46] usb 2-1: USB disconnect, device number 49 [ 385.049693][ T5324] usb 3-1: USB disconnect, device number 27 [ 385.066279][ T46] cdc_ether 2-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.1-1, CDC Ethernet Device [ 385.116168][ T5324] usblp0: removed [ 385.230100][T10424] 8021q: adding VLAN 0 to HW filter on device bond0 [ 385.389513][T10424] 8021q: adding VLAN 0 to HW filter on device team0 [ 385.478298][ T2540] bridge0: port 1(bridge_slave_0) entered blocking state [ 385.485447][ T2540] bridge0: port 1(bridge_slave_0) entered forwarding state [ 385.509809][T10580] netlink: 'syz.4.969': attribute type 4 has an invalid length. [ 385.640842][ T2540] bridge0: port 2(bridge_slave_1) entered blocking state [ 385.648021][ T2540] bridge0: port 2(bridge_slave_1) entered forwarding state [ 385.716811][T10580] netlink: 'syz.4.969': attribute type 4 has an invalid length. [ 385.856970][T10424] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 386.109259][T10559] netlink: 4096 bytes leftover after parsing attributes in process `syz.0.965'. [ 386.122444][T10424] veth0_vlan: entered promiscuous mode [ 386.131858][T10559] openvswitch: netlink: ct_state flags 00000300 unsupported [ 386.164653][T10424] veth1_vlan: entered promiscuous mode [ 386.277509][T10424] veth0_macvtap: entered promiscuous mode [ 386.320740][T10424] veth1_macvtap: entered promiscuous mode [ 386.381487][T10424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 386.492368][T10424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.521078][T10424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 386.541724][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 386.552201][T10424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.562553][T10424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 386.578322][T10424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.590519][T10424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 386.601808][T10424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.612328][T10424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 386.623399][T10424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.726748][T10424] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 386.748450][T10603] netlink: 40 bytes leftover after parsing attributes in process `syz.2.971'. [ 386.767880][T10604] input: syz0 as /devices/virtual/input/input44 [ 386.821613][T10424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 386.876343][T10424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 386.911881][T10424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 386.986755][T10424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 387.017170][T10424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 387.042831][T10424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 387.069305][T10424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 387.094392][T10424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 387.144752][T10424] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 387.177622][T10424] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 387.222249][T10424] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 387.288246][T10424] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 387.333108][T10424] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 387.393510][T10424] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 387.412230][T10424] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 387.466683][T10616] netlink: 'syz.0.974': attribute type 7 has an invalid length. [ 387.481137][T10616] netlink: 'syz.0.974': attribute type 39 has an invalid length. [ 387.582706][T10622] netlink: 'syz.4.976': attribute type 7 has an invalid length. [ 387.604074][T10622] netlink: 'syz.4.976': attribute type 39 has an invalid length. [ 387.759571][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 387.807387][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 387.864103][T10622] netlink: 'syz.4.976': attribute type 7 has an invalid length. [ 387.946555][ T1085] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 387.985806][ T1085] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 388.199990][ T58] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 388.361054][T10643] netlink: 28 bytes leftover after parsing attributes in process `syz.4.979'. [ 388.405697][ T58] usb 3-1: Using ep0 maxpacket: 32 [ 388.429486][ T58] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 388.485873][ T58] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 388.523996][ T58] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 388.565367][ T58] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 388.607171][ T58] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.618337][T10654] netlink: 12 bytes leftover after parsing attributes in process `syz.1.982'. [ 388.675595][ T58] usb 3-1: config 0 descriptor?? [ 388.691892][T10633] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 388.702134][ T58] hub 3-1:0.0: USB hub found [ 388.729228][ T29] audit: type=1326 audit(1724979428.908:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10656 comm="syz.3.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20a7d79ef9 code=0x7ffc0000 [ 388.823440][ T29] audit: type=1326 audit(1724979428.908:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10656 comm="syz.3.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f20a7d79ef9 code=0x7ffc0000 [ 388.873728][ T8] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 388.896628][ T29] audit: type=1326 audit(1724979428.938:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10656 comm="syz.3.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f20a7d78890 code=0x7ffc0000 [ 388.925404][ T29] audit: type=1326 audit(1724979428.938:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10656 comm="syz.3.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f20a7d79afb code=0x7ffc0000 [ 388.926185][ T58] hub 3-1:0.0: 2 ports detected [ 388.948487][ T29] audit: type=1326 audit(1724979428.938:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10656 comm="syz.3.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f20a7d79afb code=0x7ffc0000 [ 389.002624][ T29] audit: type=1326 audit(1724979428.938:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10656 comm="syz.3.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f20a7d79afb code=0x7ffc0000 [ 389.026444][ T29] audit: type=1326 audit(1724979428.938:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10656 comm="syz.3.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f20a7d79afb code=0x7ffc0000 [ 389.029338][ T46] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 389.057105][ T29] audit: type=1326 audit(1724979429.058:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10656 comm="syz.3.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f20a7d79afb code=0x7ffc0000 [ 389.086483][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 389.113413][ T8] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 389.129200][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 389.144886][ T8] usb 1-1: Product: syz [ 389.152832][ T8] usb 1-1: Manufacturer: syz [ 389.158164][ T8] usb 1-1: SerialNumber: syz [ 389.163245][ T5241] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 389.169850][ T29] audit: type=1326 audit(1724979429.138:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10656 comm="syz.3.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f20a7d79afb code=0x7ffc0000 [ 389.196573][ T29] audit: type=1326 audit(1724979429.248:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10656 comm="syz.3.983" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f20a7d79afb code=0x7ffc0000 [ 389.257831][ T8] usb 1-1: config 0 descriptor?? [ 389.270144][ T46] usb 4-1: Using ep0 maxpacket: 16 [ 389.284454][ T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 389.313270][ T46] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 389.330473][ T46] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 389.348461][ T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.359219][ T5241] usb 2-1: Using ep0 maxpacket: 16 [ 389.370115][ T46] usb 4-1: config 0 descriptor?? [ 389.392887][ T5241] usb 2-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice= 6.8a [ 389.403793][ T5241] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 389.418347][ T5241] usb 2-1: Product: syz [ 389.423397][ T5241] usb 2-1: Manufacturer: syz [ 389.428053][ T5241] usb 2-1: SerialNumber: syz [ 389.478489][ T5241] usb 2-1: config 0 descriptor?? [ 389.503969][ T8] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 389.521326][ T5241] mcba_usb 2-1:0.0: Can't find endpoints [ 389.606123][T10678] validate_nla: 1 callbacks suppressed [ 389.606144][T10678] netlink: 'syz.4.986': attribute type 7 has an invalid length. [ 389.627495][T10678] netlink: 'syz.4.986': attribute type 39 has an invalid length. [ 389.727014][ T5241] usb 2-1: USB disconnect, device number 50 [ 389.800678][ T46] microsoft 0003:045E:07DA.0014: unknown main item tag 0x0 [ 389.818045][ T46] microsoft 0003:045E:07DA.0014: unknown main item tag 0x0 [ 389.826402][T10685] openvswitch: netlink: Message has 8 unknown bytes. [ 389.834659][ T46] microsoft 0003:045E:07DA.0014: unknown main item tag 0x0 [ 389.847236][ T46] microsoft 0003:045E:07DA.0014: unknown main item tag 0x0 [ 389.857342][ T46] microsoft 0003:045E:07DA.0014: unknown main item tag 0x0 [ 389.873146][ T46] microsoft 0003:045E:07DA.0014: unknown main item tag 0x0 [ 389.881234][ T46] microsoft 0003:045E:07DA.0014: unknown main item tag 0x0 [ 389.888505][ T46] microsoft 0003:045E:07DA.0014: unknown main item tag 0x0 [ 389.906401][ T46] microsoft 0003:045E:07DA.0014: unknown main item tag 0x0 [ 389.922922][ T46] microsoft 0003:045E:07DA.0014: unknown main item tag 0x0 [ 389.938252][ T46] microsoft 0003:045E:07DA.0014: No inputs registered, leaving [ 389.969985][ T46] microsoft 0003:045E:07DA.0014: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 390.010229][ T46] microsoft 0003:045E:07DA.0014: no inputs found [ 390.022929][ T46] microsoft 0003:045E:07DA.0014: could not initialize ff, continuing anyway [ 390.054112][ T46] usb 4-1: USB disconnect, device number 45 [ 390.398134][T10707] netlink: 'syz.4.990': attribute type 7 has an invalid length. [ 390.407099][T10707] netlink: 'syz.4.990': attribute type 39 has an invalid length. [ 390.513762][T10709] bridge4: port 1(gretap1) entered blocking state [ 390.569320][T10709] bridge4: port 1(gretap1) entered disabled state [ 390.593251][T10709] gretap1: entered allmulticast mode [ 390.620353][T10709] gretap1: entered promiscuous mode [ 390.736216][T10716] IPv6: addrconf: prefix option has invalid lifetime [ 390.995234][T10655] netlink: 5300 bytes leftover after parsing attributes in process `syz.0.981'. [ 391.000518][ T5284] hub 3-1:0.0: hub_ext_port_status failed (err = -71) [ 391.011501][ T5323] usb 3-1: USB disconnect, device number 28 [ 391.038116][T10655] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 391.326596][T10655] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 391.349766][T10655] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 391.567882][T10735] netlink: 8 bytes leftover after parsing attributes in process `syz.1.995'. [ 391.612070][ T8] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 391.670224][ T8] usb 1-1: USB disconnect, device number 29 [ 391.933593][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 392.037558][T10751] netlink: 'syz.3.997': attribute type 7 has an invalid length. [ 392.081108][T10751] netlink: 'syz.3.997': attribute type 39 has an invalid length. [ 392.170470][ T5323] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 392.187253][T10754] input: syz0 as /devices/virtual/input/input47 [ 392.389826][ T5323] usb 3-1: Using ep0 maxpacket: 32 [ 392.412498][ T5323] usb 3-1: config index 0 descriptor too short (expected 26, got 21) [ 392.450398][ T5323] usb 3-1: config 0 has an invalid descriptor of length 203, skipping remainder of the config [ 392.557328][ T5323] usb 3-1: New USB device found, idVendor=04e2, idProduct=1403, bcdDevice=1c.b2 [ 392.583201][T10765] FAULT_INJECTION: forcing a failure. [ 392.583201][T10765] name failslab, interval 1, probability 0, space 0, times 0 [ 392.585905][ T5323] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 392.615263][ T5323] usb 3-1: Product: syz [ 392.622122][T10765] CPU: 1 UID: 0 PID: 10765 Comm: syz.3.998 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 392.632827][T10765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 392.642887][T10765] Call Trace: [ 392.646153][T10765] [ 392.649073][T10765] dump_stack_lvl+0x241/0x360 [ 392.653762][T10765] ? __pfx_dump_stack_lvl+0x10/0x10 [ 392.658944][T10765] ? __pfx__printk+0x10/0x10 [ 392.663524][T10765] ? kmem_cache_alloc_noprof+0x44/0x2a0 [ 392.669068][T10765] ? __pfx___might_resched+0x10/0x10 [ 392.674362][T10765] should_fail_ex+0x3b0/0x4e0 [ 392.679055][T10765] ? fuse_get_req+0x3e7/0xad0 [ 392.683818][T10765] should_failslab+0xac/0x100 [ 392.688482][T10765] ? fuse_get_req+0x3e7/0xad0 [ 392.693146][T10765] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 392.698507][T10765] fuse_get_req+0x3e7/0xad0 [ 392.703087][T10765] ? __pfx_fuse_get_req+0x10/0x10 [ 392.708100][T10765] fuse_simple_request+0x140/0x1b90 [ 392.713290][T10765] ? process_measurement+0x793/0x1fb0 [ 392.718647][T10765] ? __pfx_fuse_simple_request+0x10/0x10 [ 392.724271][T10765] ? __pfx_validate_chain+0x10/0x10 [ 392.729452][T10765] ? up_write+0x1a9/0x590 [ 392.733772][T10765] ? __pfx_validate_chain+0x10/0x10 [ 392.738948][T10765] ? ima_get_action+0x75/0xb0 [ 392.743628][T10765] fuse_do_getattr+0x39a/0x7f0 [ 392.748390][T10765] ? __pfx_fuse_do_getattr+0x10/0x10 [ 392.753697][T10765] ? __pfx_validate_chain+0x10/0x10 [ 392.758973][T10765] ? __lock_acquire+0x137a/0x2040 [ 392.764009][T10765] fuse_update_get_attr+0xa01/0x1870 [ 392.769307][T10765] ? mark_lock+0x9a/0x350 [ 392.773650][T10765] ? __pfx_fuse_update_get_attr+0x10/0x10 [ 392.779376][T10765] ? __pfx_lock_acquire+0x10/0x10 [ 392.784399][T10765] ? aa_file_perm+0x137/0xf60 [ 392.789068][T10765] ? register_lock_class+0x102/0x980 [ 392.794362][T10765] ? __pfx_lock_release+0x10/0x10 [ 392.799418][T10765] ? aa_file_perm+0x137/0xf60 [ 392.804131][T10765] ? aa_file_perm+0x3ef/0xf60 [ 392.808808][T10765] ? __lock_acquire+0x137a/0x2040 [ 392.813828][T10765] ? __pfx_aa_file_perm+0x10/0x10 [ 392.818845][T10765] fuse_file_read_iter+0x3df/0x600 [ 392.823945][T10765] ? __pfx_fuse_file_read_iter+0x10/0x10 [ 392.829572][T10765] ? __mutex_trylock_common+0x183/0x2e0 [ 392.835124][T10765] ? end_current_label_crit_section+0x151/0x180 [ 392.841362][T10765] vfs_read+0x9bd/0xbc0 [ 392.845511][T10765] ? __pfx_lock_release+0x10/0x10 [ 392.850528][T10765] ? __pfx_vfs_read+0x10/0x10 [ 392.855225][T10765] ksys_read+0x1a0/0x2c0 [ 392.859459][T10765] ? __pfx_ksys_read+0x10/0x10 [ 392.864202][T10765] ? do_syscall_64+0x100/0x230 [ 392.868950][T10765] ? do_syscall_64+0xb6/0x230 [ 392.873617][T10765] do_syscall_64+0xf3/0x230 [ 392.878106][T10765] ? clear_bhb_loop+0x35/0x90 [ 392.882775][T10765] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.888656][T10765] RIP: 0033:0x7f20a7d79ef9 [ 392.893058][T10765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 392.912674][T10765] RSP: 002b:00007f20a8b86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 392.921079][T10765] RAX: ffffffffffffffda RBX: 00007f20a7f16058 RCX: 00007f20a7d79ef9 [ 392.929043][T10765] RDX: 000000007ffff000 RSI: 0000000020012400 RDI: 0000000000000005 [ 392.937012][T10765] RBP: 00007f20a8b86090 R08: 0000000000000000 R09: 0000000000000000 [ 392.944967][T10765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 392.952941][T10765] R13: 0000000000000000 R14: 00007f20a7f16058 R15: 00007f20a803fa28 [ 392.960929][T10765] [ 392.970945][ T5323] usb 3-1: Manufacturer: syz [ 392.978002][ T5323] usb 3-1: SerialNumber: syz [ 393.010967][ T5323] usb 3-1: config 0 descriptor?? [ 393.234283][ T5230] usb 3-1: USB disconnect, device number 29 [ 393.465240][T10783] syz_tun: refused to change device tx_queue_len [ 393.762912][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 393.903429][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 394.033366][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 394.294861][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 394.560467][T10799] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1009'. [ 394.709153][T10801] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1011'. [ 394.793119][ T12] bridge_slave_1: left allmulticast mode [ 394.798816][ T12] bridge_slave_1: left promiscuous mode [ 394.868690][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 394.946043][ T12] bridge_slave_0: left allmulticast mode [ 394.978630][ T12] bridge_slave_0: left promiscuous mode [ 394.994153][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 395.007758][T10817] input: syz0 as /devices/virtual/input/input48 [ 395.029460][T10817] input: failed to attach handler leds to device input48, error: -6 [ 395.121241][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 395.132283][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 395.149504][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 395.159609][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 395.185267][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 395.195309][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 395.238194][T10822] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.1014'. [ 395.287210][T10822] openvswitch: netlink: VXLAN extension message has 3 unknown bytes. [ 395.811610][ T5230] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 395.848628][T10835] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 396.026611][T10836] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 396.041230][ T5230] usb 2-1: Using ep0 maxpacket: 32 [ 396.072111][ T5230] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 396.083739][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 396.092461][ T5230] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 396.105572][ T5230] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 396.117195][ T5230] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 396.128822][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 396.139675][ T5230] usb 2-1: Product: syz [ 396.144531][ T5230] usb 2-1: Manufacturer: syz [ 396.154450][ T12] bond0 (unregistering): Released all slaves [ 396.164492][ T5230] usb 2-1: SerialNumber: syz [ 396.186767][T10817] netlink: 'syz.0.1013': attribute type 10 has an invalid length. [ 396.216277][T10817] team0: Cannot enslave team device to itself [ 396.296569][T10831] netlink: 'syz.2.1017': attribute type 10 has an invalid length. [ 396.372204][T10831] team0: Failed to send options change via netlink (err -105) [ 396.386554][ T5230] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 51 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 396.409824][T10831] team0: Port device netdevsim0 added [ 396.431479][T10834] netlink: 'syz.2.1017': attribute type 10 has an invalid length. [ 396.498434][T10834] team0: Failed to send options change via netlink (err -105) [ 396.525788][T10834] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 396.565460][T10834] team0: Port device netdevsim0 removed [ 396.593243][T10834] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 397.269529][ T54] Bluetooth: hci1: command tx timeout [ 397.286616][ T12] hsr_slave_0: left promiscuous mode [ 397.324054][ T12] hsr_slave_1: left promiscuous mode [ 397.381460][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 397.449019][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 397.483385][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 397.506261][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 397.648557][ T12] veth1_macvtap: left promiscuous mode [ 397.654681][ T12] veth0_macvtap: left promiscuous mode [ 397.671863][ T12] veth1_vlan: left promiscuous mode [ 397.677677][ T12] veth0_vlan: left promiscuous mode [ 397.989127][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 398.457546][ T5323] usb 2-1: USB disconnect, device number 51 [ 398.492193][ T5323] usblp0: removed [ 398.739248][ T29] kauditd_printk_skb: 37 callbacks suppressed [ 398.739264][ T29] audit: type=1326 audit(1724979438.928:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf0f79ef9 code=0x7ffc0000 [ 398.796683][ T29] audit: type=1326 audit(1724979438.958:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fadf0f78890 code=0x7ffc0000 [ 398.828135][ T29] audit: type=1326 audit(1724979438.958:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fadf0f79afb code=0x7ffc0000 [ 398.866410][ T29] audit: type=1326 audit(1724979438.958:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fadf0f79afb code=0x7ffc0000 [ 398.896334][ T29] audit: type=1326 audit(1724979438.968:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fadf0f79afb code=0x7ffc0000 [ 398.940662][ T29] audit: type=1326 audit(1724979438.968:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fadf0f79afb code=0x7ffc0000 [ 398.970663][ T29] audit: type=1326 audit(1724979439.108:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fadf0f79afb code=0x7ffc0000 [ 399.012245][ T5323] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 399.020862][ T29] audit: type=1326 audit(1724979439.188:689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fadf0f79afb code=0x7ffc0000 [ 399.071231][ T46] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 399.081162][ T29] audit: type=1326 audit(1724979439.268:690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fadf0f79afb code=0x7ffc0000 [ 399.148110][T10883] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1026'. [ 399.164952][ T29] audit: type=1326 audit(1724979439.268:691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10877 comm="syz.0.1024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fadf0f79afb code=0x7ffc0000 [ 399.219412][ T5323] usb 2-1: Using ep0 maxpacket: 16 [ 399.229485][ T5323] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 399.242595][ T5323] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 399.268575][ T5323] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 399.281807][ T46] usb 1-1: Using ep0 maxpacket: 16 [ 399.309422][ T46] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 399.329380][ T5323] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 399.348461][ T46] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 399.363133][ T54] Bluetooth: hci1: command tx timeout [ 399.370805][ T5323] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 399.392231][ T46] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 399.410549][ T5323] usb 2-1: config 0 descriptor?? [ 399.430678][ T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 399.455095][ T46] usb 1-1: config 0 descriptor?? [ 399.697177][ T12] team0 (unregistering): Port device team_slave_1 removed [ 399.792348][ T12] team0 (unregistering): Port device team_slave_0 removed [ 399.874091][ T5323] HID 045e:07da: Invalid code 65791 type 1 [ 399.945222][ T46] microsoft 0003:045E:07DA.0016: unknown main item tag 0x0 [ 399.990219][ T5323] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0015/input/input49 [ 400.004850][ T46] microsoft 0003:045E:07DA.0016: unknown main item tag 0x0 [ 400.028099][ T46] microsoft 0003:045E:07DA.0016: unknown main item tag 0x0 [ 400.036314][ T46] microsoft 0003:045E:07DA.0016: unknown main item tag 0x0 [ 400.044683][ T46] microsoft 0003:045E:07DA.0016: unknown main item tag 0x0 [ 400.052765][ T46] microsoft 0003:045E:07DA.0016: unknown main item tag 0x0 [ 400.079512][ T5323] microsoft 0003:045E:07DA.0015: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 400.107256][ T46] microsoft 0003:045E:07DA.0016: unknown main item tag 0x0 [ 400.127835][ T46] microsoft 0003:045E:07DA.0016: unknown main item tag 0x0 [ 400.139555][ T5323] usb 2-1: USB disconnect, device number 52 [ 400.154549][ T46] microsoft 0003:045E:07DA.0016: unknown main item tag 0x0 [ 400.163714][ T46] microsoft 0003:045E:07DA.0016: unknown main item tag 0x0 [ 400.177668][ T46] microsoft 0003:045E:07DA.0016: No inputs registered, leaving [ 400.266601][ T46] microsoft 0003:045E:07DA.0016: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 400.309429][ T46] microsoft 0003:045E:07DA.0016: no inputs found [ 400.322644][ T46] microsoft 0003:045E:07DA.0016: could not initialize ff, continuing anyway [ 400.389480][ T46] usb 1-1: USB disconnect, device number 30 [ 400.518021][T10895] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1027'. [ 401.106234][T10913] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1031'. [ 401.440119][ T54] Bluetooth: hci1: command tx timeout [ 401.490033][T10918] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1032'. [ 401.854563][T10823] chnl_net:caif_netlink_parms(): no params data found [ 402.015863][T10944] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1037'. [ 402.433870][T10823] bridge0: port 1(bridge_slave_0) entered blocking state [ 402.479642][ T5323] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 402.492726][T10823] bridge0: port 1(bridge_slave_0) entered disabled state [ 402.536462][T10823] bridge_slave_0: entered allmulticast mode [ 402.612705][T10823] bridge_slave_0: entered promiscuous mode [ 402.661682][T10823] bridge0: port 2(bridge_slave_1) entered blocking state [ 402.726750][ T5323] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 255, changing to 11 [ 402.732490][T10823] bridge0: port 2(bridge_slave_1) entered disabled state [ 402.784508][T10823] bridge_slave_1: entered allmulticast mode [ 402.785523][T10823] bridge_slave_1: entered promiscuous mode [ 402.818752][ T5323] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 59391, setting to 1024 [ 402.818799][ T5323] usb 5-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 402.818813][ T5323] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.830338][ T5323] usb 5-1: config 0 descriptor?? [ 402.831402][T10942] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 402.834613][ T5323] gspca_main: spca561-2.14.0 probing abcd:cdee [ 403.012538][T10823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 403.015409][T10823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 403.347023][ T5323] spca561 5-1:0.0: probe with driver spca561 failed with error -22 [ 403.348165][ T5323] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 403.348216][ T5323] usb 5-1: MIDIStreaming interface descriptor not found [ 403.385919][T10823] team0: Port device team_slave_0 added [ 403.486643][T10823] team0: Port device team_slave_1 added [ 403.509441][ T54] Bluetooth: hci1: command tx timeout [ 403.655596][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 404.020511][T10823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 404.074259][T10823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 404.222714][T10823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 404.240461][T10823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 404.285483][T10823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 404.379234][T10823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 404.395616][T10942] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 404.441463][T10942] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 404.553594][T10991] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1044'. [ 404.642244][T10823] hsr_slave_0: entered promiscuous mode [ 404.661984][T10823] hsr_slave_1: entered promiscuous mode [ 404.677531][T10823] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 404.690172][T10823] Cannot create hsr debugfs directory [ 405.380796][T11001] x_tables: eb_tables: quota.0 match: invalid size 24 (kernel) != (user) 0 [ 405.679949][ T5230] usb 5-1: USB disconnect, device number 36 [ 405.909978][ T5283] usb 3-1: new full-speed USB device number 30 using dummy_hcd [ 406.132197][ T5283] usb 3-1: device descriptor read/64, error -71 [ 406.259204][ T5230] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 406.449195][ T5230] usb 1-1: Using ep0 maxpacket: 32 [ 406.469753][ T5283] usb 3-1: new full-speed USB device number 31 using dummy_hcd [ 406.471016][ T5230] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 406.528044][ T5230] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 406.549301][ T54] Bluetooth: hci2: command 0x0406 tx timeout [ 406.571877][ T5230] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 406.588756][ T5230] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 406.597468][ T5230] usb 1-1: Product: syz [ 406.604179][ T5230] usb 1-1: Manufacturer: syz [ 406.609546][ T5230] usb 1-1: SerialNumber: syz [ 406.637034][T10823] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 406.663313][T10823] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 406.670284][ T5283] usb 3-1: device descriptor read/64, error -71 [ 406.686920][T10823] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 406.705893][T10823] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 406.789639][ T5283] usb usb3-port1: attempt power cycle [ 406.855368][ T5230] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 31 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 406.909716][ T5323] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 406.943711][T10823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 406.996843][T10823] 8021q: adding VLAN 0 to HW filter on device team0 [ 407.017668][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 407.024896][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 407.048339][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 407.055600][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 407.129259][ T5323] usb 2-1: Using ep0 maxpacket: 8 [ 407.142704][ T5323] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 407.176374][ T5323] usb 2-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 407.187139][ T5323] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 407.222246][ T29] kauditd_printk_skb: 39 callbacks suppressed [ 407.222264][ T29] audit: type=1800 audit(1724979447.398:731): pid=11047 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1054" name="/" dev="fuse" ino=1 res=0 errno=0 [ 407.249598][ T5283] usb 3-1: new full-speed USB device number 32 using dummy_hcd [ 407.258541][ T5323] usb 2-1: config 0 descriptor?? [ 407.296829][ T5323] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 407.303803][T11042] FAULT_INJECTION: forcing a failure. [ 407.303803][T11042] name failslab, interval 1, probability 0, space 0, times 0 [ 407.312195][ T5283] usb 3-1: device descriptor read/8, error -71 [ 407.335076][T11042] CPU: 1 UID: 0 PID: 11042 Comm: syz.4.1054 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 407.345874][T11042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 407.356033][T11042] Call Trace: [ 407.359303][T11042] [ 407.362219][T11042] dump_stack_lvl+0x241/0x360 [ 407.366909][T11042] ? __pfx_dump_stack_lvl+0x10/0x10 [ 407.372112][T11042] ? __pfx__printk+0x10/0x10 [ 407.376721][T11042] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 407.382181][T11042] ? __pfx___might_resched+0x10/0x10 [ 407.387459][T11042] ? lockdep_init_map_type+0xa1/0x910 [ 407.392837][T11042] should_fail_ex+0x3b0/0x4e0 [ 407.397512][T11042] should_failslab+0xac/0x100 [ 407.402178][T11042] ? fuse_direct_IO+0x2cc/0x13a0 [ 407.407109][T11042] __kmalloc_cache_noprof+0x6c/0x2c0 [ 407.412405][T11042] ? __init_swait_queue_head+0xae/0x150 [ 407.417978][T11042] fuse_direct_IO+0x2cc/0x13a0 [ 407.422747][T11042] ? filemap_check_errors+0xe1/0x140 [ 407.428132][T11042] ? kiocb_write_and_wait+0x318/0x400 [ 407.433505][T11042] ? __pfx_kiocb_write_and_wait+0x10/0x10 [ 407.439250][T11042] ? __pfx_fuse_direct_IO+0x10/0x10 [ 407.444452][T11042] ? register_lock_class+0x102/0x980 [ 407.449731][T11042] ? __pfx_lock_release+0x10/0x10 [ 407.454759][T11042] ? atime_needs_update+0x202/0x6c0 [ 407.459954][T11042] ? aa_file_perm+0x3ef/0xf60 [ 407.464620][T11042] ? touch_atime+0xf8/0x690 [ 407.469121][T11042] generic_file_read_iter+0x231/0x430 [ 407.474488][T11042] fuse_file_read_iter+0x4e2/0x600 [ 407.479591][T11042] ? __pfx_fuse_file_read_iter+0x10/0x10 [ 407.485209][T11042] ? __mutex_trylock_common+0x183/0x2e0 [ 407.490738][T11042] ? end_current_label_crit_section+0x151/0x180 [ 407.496981][T11042] vfs_read+0x9bd/0xbc0 [ 407.501123][T11042] ? __pfx_lock_release+0x10/0x10 [ 407.506147][T11042] ? __pfx_vfs_read+0x10/0x10 [ 407.511024][T11042] ksys_read+0x1a0/0x2c0 [ 407.515284][T11042] ? __pfx_ksys_read+0x10/0x10 [ 407.520065][T11042] ? do_syscall_64+0x100/0x230 [ 407.524832][T11042] ? do_syscall_64+0xb6/0x230 [ 407.529504][T11042] do_syscall_64+0xf3/0x230 [ 407.533995][T11042] ? clear_bhb_loop+0x35/0x90 [ 407.538665][T11042] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 407.544547][T11042] RIP: 0033:0x7f57d9379ef9 [ 407.548952][T11042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 407.568583][T11042] RSP: 002b:00007f57da1e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 407.576991][T11042] RAX: ffffffffffffffda RBX: 00007f57d9516058 RCX: 00007f57d9379ef9 [ 407.584955][T11042] RDX: 000000007ffff000 RSI: 0000000020012400 RDI: 0000000000000005 [ 407.592920][T11042] RBP: 00007f57da1e6090 R08: 0000000000000000 R09: 0000000000000000 [ 407.600914][T11042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 407.609054][T11042] R13: 0000000000000000 R14: 00007f57d9516058 R15: 00007f57d963fa28 [ 407.617054][T11042] [ 407.712395][T10823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 407.877373][T10823] veth0_vlan: entered promiscuous mode [ 407.899419][ T5283] usb 3-1: new full-speed USB device number 33 using dummy_hcd [ 407.916894][T10823] veth1_vlan: entered promiscuous mode [ 407.935063][T11056] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1052'. [ 407.970660][ T5283] usb 3-1: device descriptor read/8, error -71 [ 408.004681][T10823] veth0_macvtap: entered promiscuous mode [ 408.024970][T10823] veth1_macvtap: entered promiscuous mode [ 408.088476][T10823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 408.109527][ T5283] usb usb3-port1: unable to enumerate USB device [ 408.123433][T10823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.175046][T10823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 408.200358][ T5323] gspca_vc032x: reg_w err -110 [ 408.209214][ T5323] vc032x 2-1:0.0: probe with driver vc032x failed with error -110 [ 408.217292][T10823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.233537][T10823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 408.254874][T10823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.278296][T10823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 408.300156][T10823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.319874][T10823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 408.341623][T10823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.385995][T10823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 408.446378][T10823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 408.465290][T10823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.476021][T10823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 408.487809][T10823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.498134][T10823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 408.509391][T10823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.519840][T10823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 408.553121][T10823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.567854][T10823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 408.580565][T10823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 408.604862][T10823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 408.634608][T10823] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.661687][T10823] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.672080][T10823] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.682978][T10823] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 408.924622][ T1085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 408.933116][ T5283] usb 1-1: USB disconnect, device number 31 [ 408.967103][ T1085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 408.987271][ T5283] usblp0: removed [ 409.077728][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 409.203618][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 409.539246][ T5283] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 409.694030][ T8] usb 2-1: USB disconnect, device number 53 [ 409.740511][ T5283] usb 3-1: Using ep0 maxpacket: 32 [ 409.770256][ T5283] usb 3-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 409.815631][ T5283] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 409.855184][ T5283] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 409.864721][ T5283] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.880235][ T5283] usb 3-1: config 0 descriptor?? [ 409.897612][ T5283] hub 3-1:0.0: bad descriptor, ignoring hub [ 409.930920][ T5283] hub 3-1:0.0: probe with driver hub failed with error -5 [ 409.951470][ T5283] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 410.245402][ T8] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 410.452800][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 410.491222][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 410.506205][ T8] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 410.516523][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 410.534976][ T8] usb 2-1: Product: syz [ 410.543549][ T8] usb 2-1: Manufacturer: syz [ 410.548226][ T8] usb 2-1: SerialNumber: syz [ 410.574807][ T8] usb 2-1: config 0 descriptor?? [ 410.631565][ T8] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 410.646223][ T35] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.675485][ T8] em28xx 2-1:0.0: DVB interface 0 found: bulk [ 410.836308][ T35] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.841792][T11103] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 410.932495][T11103] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 411.050395][ T35] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.214103][ T35] bond0: (slave netdevsim0): Releasing backup interface [ 411.232893][ T35] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.510597][ T35] bridge_slave_1: left allmulticast mode [ 411.510626][ T35] bridge_slave_1: left promiscuous mode [ 411.510808][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 411.538040][ T35] bridge_slave_0: left allmulticast mode [ 411.538064][ T35] bridge_slave_0: left promiscuous mode [ 411.538220][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 411.584366][ T35] gretap1: left allmulticast mode [ 411.584394][ T35] gretap1: left promiscuous mode [ 411.584560][ T35] bridge4: port 1(gretap1) entered disabled state [ 411.588035][ T8] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 412.052843][ T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 412.065166][ T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 412.102012][ T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 412.126650][ T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 412.135564][ T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 412.144430][ T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 412.479662][ T5283] usb 3-1: USB disconnect, device number 34 [ 412.944380][ T8] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 412.975063][ T8] em28xx 2-1:0.0: board has no eeprom [ 413.109573][ T8] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 413.123622][ T8] em28xx 2-1:0.0: dvb set to bulk mode. [ 413.163255][ T5283] em28xx 2-1:0.0: Binding DVB extension [ 413.186327][ T8] usb 2-1: USB disconnect, device number 54 [ 413.207680][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 413.237366][ T8] em28xx 2-1:0.0: Disconnecting em28xx [ 413.261655][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 413.263280][ T5283] em28xx 2-1:0.0: Registering input extension [ 413.283934][ T8] em28xx 2-1:0.0: Closing input extension [ 413.286354][ T35] bond0 (unregistering): Released all slaves [ 413.328128][ T8] em28xx 2-1:0.0: Freeing device [ 413.388698][T11156] tipc: Started in network mode [ 413.413752][T11156] tipc: Node identity 3a1414aa, cluster identity 4711 [ 413.435390][T11156] tipc: Enabling of bearer rejected, failed to enable media [ 413.800203][T11166] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1068'. [ 413.842695][T11166] netlink: 172 bytes leftover after parsing attributes in process `syz.0.1068'. [ 413.860217][T11169] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1069'. [ 413.896034][T11169] netlink: 172 bytes leftover after parsing attributes in process `syz.1.1069'. [ 413.986890][ T35] hsr_slave_0: left promiscuous mode [ 414.009967][ T35] hsr_slave_1: left promiscuous mode [ 414.036964][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 414.060926][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 414.083450][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 414.093401][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 414.139948][ T35] veth1_macvtap: left promiscuous mode [ 414.146006][ T35] veth0_macvtap: left promiscuous mode [ 414.163804][ T35] veth1_vlan: left promiscuous mode [ 414.177045][ T35] veth0_vlan: left promiscuous mode [ 414.241772][ T54] Bluetooth: hci4: command tx timeout [ 414.525773][ T5240] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 414.539902][ T5240] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 414.548832][ T5240] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 414.566790][ T5240] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 414.585035][ T5240] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 414.592625][ T5240] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 414.903613][ T35] team0 (unregistering): Port device team_slave_1 removed [ 414.951276][ T35] team0 (unregistering): Port device team_slave_0 removed [ 415.642883][T11143] chnl_net:caif_netlink_parms(): no params data found [ 415.758389][T11199] FAULT_INJECTION: forcing a failure. [ 415.758389][T11199] name failslab, interval 1, probability 0, space 0, times 0 [ 415.785428][T11199] CPU: 1 UID: 0 PID: 11199 Comm: syz.1.1073 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 415.796322][T11199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 415.806407][T11199] Call Trace: [ 415.809700][T11199] [ 415.812646][T11199] dump_stack_lvl+0x241/0x360 [ 415.817347][T11199] ? __pfx_dump_stack_lvl+0x10/0x10 [ 415.822546][T11199] ? __pfx__printk+0x10/0x10 [ 415.827133][T11199] ? __pfx_lock_acquire+0x10/0x10 [ 415.832152][T11199] ? __pfx___might_resched+0x10/0x10 [ 415.837432][T11199] ? __pfx_lock_release+0x10/0x10 [ 415.842449][T11199] should_fail_ex+0x3b0/0x4e0 [ 415.847128][T11199] should_failslab+0xac/0x100 [ 415.851801][T11199] ? zswap_store+0x646/0x1620 [ 415.856466][T11199] kmem_cache_alloc_node_noprof+0x71/0x320 [ 415.862265][T11199] zswap_store+0x646/0x1620 [ 415.866768][T11199] ? __pfx_zswap_store+0x10/0x10 [ 415.871783][T11199] ? _raw_spin_unlock+0x28/0x50 [ 415.876625][T11199] ? folio_free_swap+0x514/0xbf0 [ 415.881566][T11199] swap_writepage+0x79/0x1a0 [ 415.886146][T11199] shrink_folio_list+0x35fe/0x8c90 [ 415.891288][T11199] ? __pfx_shrink_folio_list+0x10/0x10 [ 415.896741][T11199] ? validate_chain+0x11e/0x5900 [ 415.901666][T11199] ? __pfx_validate_chain+0x10/0x10 [ 415.906856][T11199] ? __pfx_validate_chain+0x10/0x10 [ 415.912046][T11199] ? __pfx_validate_chain+0x10/0x10 [ 415.917238][T11199] ? folio_prealloc+0x31/0x170 [ 415.922031][T11199] ? __pfx_validate_chain+0x10/0x10 [ 415.927218][T11199] ? __pfx_validate_chain+0x10/0x10 [ 415.932428][T11199] ? __lock_acquire+0x137a/0x2040 [ 415.937452][T11199] ? __pfx_cgroup_rstat_updated+0x10/0x10 [ 415.943169][T11199] reclaim_pages+0x918/0xc60 [ 415.947767][T11199] ? __pfx_reclaim_pages+0x10/0x10 [ 415.952992][T11199] ? madvise_cold_or_pageout_pte_range+0x213a/0x32a0 [ 415.959658][T11199] ? madvise_cold_or_pageout_pte_range+0x293b/0x32a0 [ 415.966322][T11199] ? __pfx_lock_release+0x10/0x10 [ 415.971343][T11199] ? folio_isolate_lru+0x754/0xee0 [ 415.976452][T11199] madvise_cold_or_pageout_pte_range+0x2964/0x32a0 [ 415.982960][T11199] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 415.989821][T11199] walk_pgd_range+0xba1/0x1810 [ 415.994603][T11199] ? __pfx_mt_find+0x10/0x10 [ 415.999190][T11199] ? __pfx_walk_pgd_range+0x10/0x10 [ 416.004392][T11199] __walk_page_range+0x132/0x720 [ 416.009324][T11199] ? find_vma+0xf9/0x170 [ 416.013568][T11199] ? __pfx_find_vma+0x10/0x10 [ 416.018254][T11199] ? process_vma_walk_lock+0x135/0x390 [ 416.023712][T11199] walk_page_range+0x58f/0x7c0 [ 416.028477][T11199] ? __pfx_walk_page_range+0x10/0x10 [ 416.033761][T11199] ? tlb_gather_mmu+0x24e/0x310 [ 416.038602][T11199] do_madvise+0x3384/0x4760 [ 416.043125][T11199] ? __pfx_do_madvise+0x10/0x10 [ 416.047965][T11199] ? __pfx_lock_release+0x10/0x10 [ 416.052986][T11199] ? kstrtouint_from_user+0x128/0x190 [ 416.058380][T11199] ? vfs_write+0x7c4/0xc90 [ 416.062790][T11199] ? __mutex_unlock_slowpath+0x21d/0x750 [ 416.068412][T11199] ? __pfx_vfs_write+0x10/0x10 [ 416.073170][T11199] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 416.079146][T11199] ? __fget_files+0x3f6/0x470 [ 416.083834][T11199] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 416.090156][T11199] ? do_syscall_64+0x100/0x230 [ 416.094938][T11199] __x64_sys_madvise+0xa6/0xc0 [ 416.099701][T11199] do_syscall_64+0xf3/0x230 [ 416.104195][T11199] ? clear_bhb_loop+0x35/0x90 [ 416.108864][T11199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.114753][T11199] RIP: 0033:0x7fd876779ef9 [ 416.119172][T11199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 416.138782][T11199] RSP: 002b:00007fd8774ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 416.147283][T11199] RAX: ffffffffffffffda RBX: 00007fd876915f80 RCX: 00007fd876779ef9 [ 416.155248][T11199] RDX: 0000000000000015 RSI: 000000000040001e RDI: 0000000020000000 [ 416.163211][T11199] RBP: 00007fd8774ce090 R08: 0000000000000000 R09: 0000000000000000 [ 416.171173][T11199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 416.179160][T11199] R13: 0000000000000000 R14: 00007fd876915f80 R15: 00007fd876a3fa28 [ 416.187134][T11199] [ 416.190278][ C1] vkms_vblank_simulate: vblank timer overrun [ 416.340622][ T54] Bluetooth: hci4: command tx timeout [ 416.709236][ T54] Bluetooth: hci1: command tx timeout [ 416.769471][ T5283] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 416.811457][T11143] bridge0: port 1(bridge_slave_0) entered blocking state [ 416.892702][T11143] bridge0: port 1(bridge_slave_0) entered disabled state [ 416.915539][T11143] bridge_slave_0: entered allmulticast mode [ 416.934650][T11143] bridge_slave_0: entered promiscuous mode [ 416.966504][ T5283] usb 3-1: Using ep0 maxpacket: 32 [ 416.972386][T11143] bridge0: port 2(bridge_slave_1) entered blocking state [ 416.985675][T11143] bridge0: port 2(bridge_slave_1) entered disabled state [ 416.987687][ T5283] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 417.003465][T11143] bridge_slave_1: entered allmulticast mode [ 417.014977][T11143] bridge_slave_1: entered promiscuous mode [ 417.026092][T11188] chnl_net:caif_netlink_parms(): no params data found [ 417.067060][ T5283] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 417.101301][ T5283] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 417.115435][ T5283] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 417.146730][ T5283] usb 3-1: Product: syz [ 417.159130][ T5283] usb 3-1: Manufacturer: syz [ 417.180795][ T5283] usb 3-1: SerialNumber: syz [ 417.353964][ T35] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.407933][T11143] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 417.435392][ T5283] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 35 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 417.442458][T11143] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 417.666889][ T35] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.693313][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 417.758965][T11143] team0: Port device team_slave_0 added [ 417.862118][T11235] input: syz0 as /devices/virtual/input/input53 [ 417.879385][ T35] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.931029][T11143] team0: Port device team_slave_1 added [ 418.086162][ T35] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 418.164948][T11188] bridge0: port 1(bridge_slave_0) entered blocking state [ 418.185344][T11188] bridge0: port 1(bridge_slave_0) entered disabled state [ 418.195508][T11188] bridge_slave_0: entered allmulticast mode [ 418.204847][T11188] bridge_slave_0: entered promiscuous mode [ 418.215483][T11188] bridge0: port 2(bridge_slave_1) entered blocking state [ 418.224714][T11188] bridge0: port 2(bridge_slave_1) entered disabled state [ 418.233341][T11188] bridge_slave_1: entered allmulticast mode [ 418.244789][T11188] bridge_slave_1: entered promiscuous mode [ 418.283529][T11143] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 418.290831][ T8] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 418.308974][T11143] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 418.340563][T11143] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 418.392264][T11143] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 418.399661][ T54] Bluetooth: hci4: command tx timeout [ 418.411835][T11143] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 418.441476][T11143] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 418.461284][T11188] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 418.519124][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 418.526114][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 418.538970][T11188] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 418.568014][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 418.614847][ T8] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 418.657143][ T8] usb 1-1: New USB device found, idVendor=050d, idProduct=3201, bcdDevice= 0.00 [ 418.720163][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.753667][ T8] usb 1-1: config 0 descriptor?? [ 418.799409][ T54] Bluetooth: hci1: command tx timeout [ 418.849834][T11143] hsr_slave_0: entered promiscuous mode [ 418.865524][T11143] hsr_slave_1: entered promiscuous mode [ 418.926039][T11188] team0: Port device team_slave_0 added [ 419.006130][T11188] team0: Port device team_slave_1 added [ 419.184461][ T35] bridge_slave_1: left allmulticast mode [ 419.195007][T11243] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 419.241328][T11243] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 419.250375][ T35] bridge_slave_1: left promiscuous mode [ 419.277077][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 419.332249][ T8] belkin 0003:050D:3201.0017: item fetching failed at offset 5/7 [ 419.340380][ T35] bridge_slave_0: left allmulticast mode [ 419.347248][ T35] bridge_slave_0: left promiscuous mode [ 419.373977][ T8] belkin 0003:050D:3201.0017: parse failed [ 419.381615][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 419.410475][ T8] belkin 0003:050D:3201.0017: probe with driver belkin failed with error -22 [ 419.442742][ T5284] usb 3-1: USB disconnect, device number 35 [ 419.497506][ T5284] usblp0: removed [ 419.629645][ T8] usb 1-1: USB disconnect, device number 32 [ 419.744211][T11259] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1081'. [ 419.757034][T11259] netlink: 172 bytes leftover after parsing attributes in process `syz.2.1081'. [ 420.106251][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 420.120247][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 420.134594][ T35] bond0 (unregistering): Released all slaves [ 420.169204][ T5284] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 420.271207][T11188] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 420.278268][T11188] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 420.306487][ T29] audit: type=1326 audit(1724979460.488:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.0.1084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf0f79ef9 code=0x7ffc0000 [ 420.308248][T11188] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 420.355734][ T29] audit: type=1326 audit(1724979460.518:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.0.1084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fadf0f79ef9 code=0x7ffc0000 [ 420.379908][ T29] audit: type=1326 audit(1724979460.528:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.0.1084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fadf0f78890 code=0x7ffc0000 [ 420.407968][ T29] audit: type=1326 audit(1724979460.528:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.0.1084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fadf0f79afb code=0x7ffc0000 [ 420.414874][T11188] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 420.443195][ T29] audit: type=1326 audit(1724979460.528:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.0.1084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fadf0f79afb code=0x7ffc0000 [ 420.466383][T11188] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 420.494447][ T29] audit: type=1326 audit(1724979460.528:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.0.1084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fadf0f79afb code=0x7ffc0000 [ 420.501670][ T54] Bluetooth: hci4: command tx timeout [ 420.518740][T11188] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 420.522808][ T5284] usb 2-1: Using ep0 maxpacket: 32 [ 420.522990][ T29] audit: type=1326 audit(1724979460.528:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.0.1084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fadf0f79afb code=0x7ffc0000 [ 420.523279][ T29] audit: type=1326 audit(1724979460.678:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.0.1084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fadf0f79afb code=0x7ffc0000 [ 420.585115][ T5284] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 420.595011][ T5284] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 420.626439][ T5284] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 420.634593][ T29] audit: type=1326 audit(1724979460.798:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.0.1084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fadf0f79afb code=0x7ffc0000 [ 420.635903][ T5284] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.669190][ T5323] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 420.685110][ T5284] usb 2-1: Product: syz [ 420.685134][ T5284] usb 2-1: Manufacturer: syz [ 420.685150][ T5284] usb 2-1: SerialNumber: syz [ 420.688482][ T29] audit: type=1326 audit(1724979460.868:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11268 comm="syz.0.1084" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fadf0f79afb code=0x7ffc0000 [ 420.812373][T11188] hsr_slave_0: entered promiscuous mode [ 420.825511][T11188] hsr_slave_1: entered promiscuous mode [ 420.835946][T11188] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 420.851824][T11188] Cannot create hsr debugfs directory [ 420.869225][ T54] Bluetooth: hci1: command tx timeout [ 420.894003][ T5323] usb 1-1: Using ep0 maxpacket: 16 [ 420.903706][ T5323] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 420.930260][ T5323] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 420.951127][ T5284] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 55 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 420.962631][ T5323] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 420.981314][ T5323] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 420.995513][ T5323] usb 1-1: config 0 descriptor?? [ 421.193594][ T35] hsr_slave_0: left promiscuous mode [ 421.200309][ T35] hsr_slave_1: left promiscuous mode [ 421.208397][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 421.219397][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 421.232360][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 421.250886][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 421.287748][ T35] veth1_macvtap: left promiscuous mode [ 421.293693][ T35] veth0_macvtap: left promiscuous mode [ 421.300239][ T35] veth1_vlan: left promiscuous mode [ 421.305644][ T35] veth0_vlan: left promiscuous mode [ 421.443982][ T5323] microsoft 0003:045E:07DA.0018: unknown main item tag 0x0 [ 421.456637][ T5323] microsoft 0003:045E:07DA.0018: unknown main item tag 0x0 [ 421.475594][ T5323] microsoft 0003:045E:07DA.0018: unknown main item tag 0x0 [ 421.505479][ T5323] microsoft 0003:045E:07DA.0018: unknown main item tag 0x0 [ 421.522269][ T5323] microsoft 0003:045E:07DA.0018: unknown main item tag 0x0 [ 421.544938][ T5323] microsoft 0003:045E:07DA.0018: unknown main item tag 0x0 [ 421.562824][ T5323] microsoft 0003:045E:07DA.0018: unknown main item tag 0x0 [ 421.571199][ T5323] microsoft 0003:045E:07DA.0018: unknown main item tag 0x0 [ 421.579444][ T5323] microsoft 0003:045E:07DA.0018: unknown main item tag 0x0 [ 421.586891][ T5323] microsoft 0003:045E:07DA.0018: unknown main item tag 0x0 [ 421.606503][ T5323] microsoft 0003:045E:07DA.0018: No inputs registered, leaving [ 421.628857][ T5323] microsoft 0003:045E:07DA.0018: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 421.641056][ T5323] microsoft 0003:045E:07DA.0018: no inputs found [ 421.647836][ T5323] microsoft 0003:045E:07DA.0018: could not initialize ff, continuing anyway [ 421.688978][ T5323] usb 1-1: USB disconnect, device number 33 [ 422.234507][ T35] team0 (unregistering): Port device team_slave_1 removed [ 422.328111][ T35] team0 (unregistering): Port device team_slave_0 removed [ 422.549341][ T5280] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 422.752197][ T5280] usb 1-1: Using ep0 maxpacket: 32 [ 422.787120][ T5280] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 422.802002][ T5280] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 422.814495][ T5280] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 422.834710][ T5280] usb 1-1: config 0 descriptor?? [ 422.842550][ T5280] hub 1-1:0.0: bad descriptor, ignoring hub [ 422.858061][ T5280] hub 1-1:0.0: probe with driver hub failed with error -5 [ 422.867668][ T5280] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 422.954543][ T54] Bluetooth: hci1: command tx timeout [ 423.121665][ T8] usb 2-1: USB disconnect, device number 55 [ 423.134208][ T8] usblp0: removed [ 423.309429][ T5280] usb 3-1: new low-speed USB device number 36 using dummy_hcd [ 423.479187][ T5280] usb 3-1: device descriptor read/64, error -71 [ 423.705185][T11143] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 423.730862][T11143] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 423.749845][ T5280] usb 3-1: new low-speed USB device number 37 using dummy_hcd [ 423.767691][T11143] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 423.818150][T11143] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 423.919363][ T5280] usb 3-1: device descriptor read/64, error -71 [ 424.049642][ T5280] usb usb3-port1: attempt power cycle [ 424.067791][T11143] 8021q: adding VLAN 0 to HW filter on device bond0 [ 424.132732][T11143] 8021q: adding VLAN 0 to HW filter on device team0 [ 424.276636][ T1071] bridge0: port 1(bridge_slave_0) entered blocking state [ 424.283852][ T1071] bridge0: port 1(bridge_slave_0) entered forwarding state [ 424.308829][T11188] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 424.322980][T11188] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 424.342449][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 424.371081][T11188] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 424.396388][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 424.403557][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 424.418853][T11188] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 424.459438][ T5280] usb 3-1: new low-speed USB device number 38 using dummy_hcd [ 424.589912][ T5280] usb 3-1: device descriptor read/8, error -71 [ 424.597612][T11309] input: syz0 as /devices/virtual/input/input55 [ 424.818154][T11143] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 424.889969][ T5280] usb 3-1: new low-speed USB device number 39 using dummy_hcd [ 424.961244][ T5280] usb 3-1: device descriptor read/8, error -71 [ 424.987815][T11188] 8021q: adding VLAN 0 to HW filter on device bond0 [ 425.018860][T11143] veth0_vlan: entered promiscuous mode [ 425.043228][T11188] 8021q: adding VLAN 0 to HW filter on device team0 [ 425.102578][ T5280] usb usb3-port1: unable to enumerate USB device [ 425.166108][T11143] veth1_vlan: entered promiscuous mode [ 425.187634][ T1071] bridge0: port 1(bridge_slave_0) entered blocking state [ 425.194790][ T1071] bridge0: port 1(bridge_slave_0) entered forwarding state [ 425.263600][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 425.270733][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 425.364216][T11143] veth0_macvtap: entered promiscuous mode [ 425.396908][T11143] veth1_macvtap: entered promiscuous mode [ 425.469536][ T5280] usb 1-1: USB disconnect, device number 34 [ 425.546743][T11143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.562738][T11143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.576439][T11143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.588776][T11143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.603376][T11143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.614514][T11143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.625002][T11143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 425.642713][T11143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.659819][T11143] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 425.726816][T11143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.745111][T11143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.757420][T11143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.769573][T11143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.783794][T11143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.795577][T11143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.806091][T11143] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 425.817749][T11143] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 425.832574][T11143] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 425.853620][T11321] tipc: Started in network mode [ 425.881887][T11321] tipc: Node identity 00000000000001060000000000000001, cluster identity 4711 [ 425.895642][T11321] tipc: Enabling of bearer rejected, failed to enable media [ 425.942830][T11143] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.959260][T11143] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.973955][T11143] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 425.986394][T11143] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 426.187715][T11188] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 426.336814][ T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 426.386199][ T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 426.400744][T11333] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1096'. [ 426.530166][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 426.578768][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 426.701269][T11188] veth0_vlan: entered promiscuous mode [ 426.842764][T11188] veth1_vlan: entered promiscuous mode [ 427.178680][T11188] veth0_macvtap: entered promiscuous mode [ 427.282932][T11188] veth1_macvtap: entered promiscuous mode [ 427.496917][T11188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 427.548208][T11188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 427.581892][T11188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 427.600080][T11188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 427.615665][T11188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 427.627658][ T29] kauditd_printk_skb: 38 callbacks suppressed [ 427.627674][ T29] audit: type=1326 audit(1724979467.808:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11361 comm="syz.1.1101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd876779ef9 code=0x7ffc0000 [ 427.664357][T11188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 427.676237][T11188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 427.687770][ T29] audit: type=1326 audit(1724979467.848:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11361 comm="syz.1.1101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=108 compat=0 ip=0x7fd876779ef9 code=0x7ffc0000 [ 427.721667][T11188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 427.735481][T11188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 427.746704][ T29] audit: type=1326 audit(1724979467.848:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11361 comm="syz.1.1101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd876779ef9 code=0x7ffc0000 [ 427.760519][T11188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 427.772522][ T29] audit: type=1326 audit(1724979467.848:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11361 comm="syz.1.1101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd876779ef9 code=0x7ffc0000 [ 427.806309][ T29] audit: type=1326 audit(1724979467.848:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11361 comm="syz.1.1101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd876778890 code=0x7ffc0000 [ 427.847348][ T29] audit: type=1326 audit(1724979467.848:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11361 comm="syz.1.1101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd876779afb code=0x7ffc0000 [ 427.894807][T11188] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 427.909227][ T5241] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 427.918337][ T29] audit: type=1326 audit(1724979467.848:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11361 comm="syz.1.1101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd876779afb code=0x7ffc0000 [ 427.987466][T11188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 428.019248][ T5284] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 428.042918][T11188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 428.139195][ T5241] usb 3-1: Using ep0 maxpacket: 8 [ 428.151462][T11188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 428.163309][T11188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 428.174280][T11188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 428.185076][T11188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 428.195513][T11188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 428.208383][ T5284] usb 2-1: config 0 has an invalid interface number: 182 but max is 0 [ 428.208400][ T29] audit: type=1326 audit(1724979467.898:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11361 comm="syz.1.1101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd876779afb code=0x7ffc0000 [ 428.255237][ T5241] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 428.259682][T11188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 428.275198][ T5284] usb 2-1: config 0 has no interface number 0 [ 428.281600][T11188] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 428.292811][ T5284] usb 2-1: New USB device found, idVendor=eb1a, idProduct=e350, bcdDevice=f8.fa [ 428.292966][ T29] audit: type=1326 audit(1724979467.898:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11361 comm="syz.1.1101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd876779afb code=0x7ffc0000 [ 428.303035][T11188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 428.337283][ T5284] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 428.350093][T11188] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 428.366586][ T5284] usb 2-1: config 0 descriptor?? [ 428.404872][ T5241] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 428.416859][T11188] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 428.427402][T11188] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 428.436476][ T29] audit: type=1326 audit(1724979468.028:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11361 comm="syz.1.1101" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd876779afb code=0x7ffc0000 [ 428.490729][T11188] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 428.500174][ T5241] usb 3-1: Product: syz [ 428.504688][ T5241] usb 3-1: Manufacturer: syz [ 428.506022][T11188] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 428.526323][ T5241] usb 3-1: SerialNumber: syz [ 428.578472][ T5241] usb 3-1: config 0 descriptor?? [ 428.723122][T11370] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 428.755480][T11382] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1103'. [ 428.779276][T11370] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 428.790489][ T1071] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 428.808966][ T5241] usb 3-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 428.849421][ T1071] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 428.923609][ T5284] usb 2-1: USB disconnect, device number 56 [ 428.949553][ T1071] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 428.958811][ T1071] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 429.026056][T11390] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1105'. [ 429.204429][T11395] (unnamed net_device) (uninitialized): (slave veth0_to_bridge): Device is not bonding slave [ 429.251046][T11395] (unnamed net_device) (uninitialized): option active_slave: invalid value (veth0_to_bridge) [ 429.292959][T11399] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 429.475268][T11402] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 429.539875][ T5323] usb 1-1: new full-speed USB device number 35 using dummy_hcd [ 429.758296][ T5323] usb 1-1: New USB device found, idVendor=07ca, idProduct=b808, bcdDevice=db.2f [ 429.773383][ T5323] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 429.814610][ T5323] usb 1-1: Product: syz [ 429.831219][ T5323] usb 1-1: Manufacturer: syz [ 429.839500][ T5323] usb 1-1: SerialNumber: syz [ 429.866856][ T5323] usb 1-1: config 0 descriptor?? [ 430.097318][T11395] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 430.117453][T11395] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 430.136901][T11395] netlink: 198116 bytes leftover after parsing attributes in process `syz.0.1106'. [ 430.164611][T11395] TCP: TCP_TX_DELAY enabled [ 430.193002][T11395] netlink: 108 bytes leftover after parsing attributes in process `syz.0.1106'. [ 430.432591][ T5323] dvb-usb: found a 'AVerMedia AVerTV DVB-T Volar' in warm state. [ 430.493132][ T5323] dvb-usb: will use the device's hardware PID filter (table count: 32). [ 430.531864][ T5323] dvbdev: DVB: registering new adapter (AVerMedia AVerTV DVB-T Volar) [ 430.565712][ T5323] usb 1-1: media controller created [ 430.605865][ T5323] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 430.664367][ T5241] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 430.716114][ T5241] dvbdev: DVB: registering new adapter (Terratec H7) [ 430.769210][ T5241] usb 3-1: media controller created [ 430.812045][ T5323] DVB: Unable to find symbol dib7000p_attach() [ 430.831697][ T5323] dvb-usb: no frontend was attached by 'AVerMedia AVerTV DVB-T Volar' [ 430.873661][ T5241] usb read operation failed. (-71) [ 430.889522][ T5230] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 430.921606][ T5241] dvb_usb_az6007 3-1:0.0: probe with driver dvb_usb_az6007 failed with error -5 [ 431.001329][ T5241] usb 3-1: USB disconnect, device number 40 [ 431.099719][ T5323] rc_core: IR keymap rc-dib0700-rc5 not found [ 431.116062][ T5230] usb 4-1: Using ep0 maxpacket: 32 [ 431.130770][ T5323] Registered IR keymap rc-empty [ 431.143612][ T5230] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 431.156955][ T5323] dvb-usb: could not initialize remote control. [ 431.178565][ T5230] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 2 [ 431.192151][ T5323] dvb-usb: AVerMedia AVerTV DVB-T Volar successfully initialized and connected. [ 431.229273][ T5230] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 431.249353][ T5323] usb 1-1: USB disconnect, device number 35 [ 431.263425][ T5230] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 431.304600][ T5230] usb 4-1: Product: syz [ 431.308850][ T5230] usb 4-1: Manufacturer: syz [ 431.344160][ T5230] usb 4-1: SerialNumber: syz [ 431.351679][ T5323] dvb-usb: AVerMedia AVerTV DVB-T Volar successfully deinitialized and disconnected. [ 431.600693][T11436] sctp: [Deprecated]: syz.3.1110 (pid 11436) Use of int in max_burst socket option deprecated. [ 431.600693][T11436] Use struct sctp_assoc_value instead [ 432.121326][ T5280] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 432.159175][ T5240] Bluetooth: hci5: command 0x0406 tx timeout [ 432.345174][T11465] netlink: 4096 bytes leftover after parsing attributes in process `syz.4.1116'. [ 432.372738][T11465] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 432.390203][ T5280] usb 1-1: Using ep0 maxpacket: 8 [ 432.404075][ T5280] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 432.447195][ T5280] usb 1-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 432.494409][ T5280] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 432.543389][ T5280] usb 1-1: config 0 descriptor?? [ 432.565931][ T5280] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 433.287399][ T5280] gspca_vc032x: reg_w err -110 [ 433.303482][ T5280] vc032x 1-1:0.0: probe with driver vc032x failed with error -110 [ 433.489192][ T5241] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 433.559250][ T46] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 433.621299][ T5280] usb 4-1: USB disconnect, device number 46 [ 433.689357][ T5241] usb 5-1: Using ep0 maxpacket: 32 [ 433.736112][ T5241] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 433.749730][ T5240] Bluetooth: hci1: command 0x0405 tx timeout [ 433.760855][ T5241] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 433.769705][ T46] usb 3-1: Using ep0 maxpacket: 32 [ 433.790454][ T5241] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 433.817253][ T46] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 433.828206][ T46] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 433.846574][T11511] FAULT_INJECTION: forcing a failure. [ 433.846574][T11511] name failslab, interval 1, probability 0, space 0, times 0 [ 433.869313][T11511] CPU: 1 UID: 0 PID: 11511 Comm: syz.3.1124 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 433.875407][ T5241] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 433.880103][T11511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 433.880124][T11511] Call Trace: [ 433.880134][T11511] [ 433.880144][T11511] dump_stack_lvl+0x241/0x360 [ 433.880178][T11511] ? __pfx_dump_stack_lvl+0x10/0x10 [ 433.880203][T11511] ? __pfx__printk+0x10/0x10 [ 433.880229][T11511] ? fs_reclaim_acquire+0x93/0x140 [ 433.880253][T11511] ? __pfx___might_resched+0x10/0x10 [ 433.880280][T11511] should_fail_ex+0x3b0/0x4e0 [ 433.934048][T11511] ? tomoyo_encode+0x26f/0x540 [ 433.938826][T11511] should_failslab+0xac/0x100 [ 433.943517][T11511] ? tomoyo_encode+0x26f/0x540 [ 433.948265][T11511] __kmalloc_noprof+0xd8/0x400 [ 433.953018][T11511] tomoyo_encode+0x26f/0x540 [ 433.957598][T11511] tomoyo_realpath_from_path+0x59e/0x5e0 [ 433.963220][T11511] tomoyo_path_number_perm+0x23a/0x880 [ 433.968669][T11511] ? tomoyo_path_number_perm+0x208/0x880 [ 433.974287][T11511] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 433.980281][T11511] ? __fget_files+0x29/0x470 [ 433.984853][T11511] ? __fget_files+0x3f6/0x470 [ 433.989525][T11511] ? __fget_files+0x29/0x470 [ 433.994120][T11511] security_file_ioctl+0x75/0xb0 [ 433.999053][T11511] __se_sys_ioctl+0x47/0x170 [ 434.003644][T11511] do_syscall_64+0xf3/0x230 [ 434.008129][T11511] ? clear_bhb_loop+0x35/0x90 [ 434.012793][T11511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.018671][T11511] RIP: 0033:0x7fc0fad79ef9 [ 434.023070][T11511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 434.042666][T11511] RSP: 002b:00007fc0fba93038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 434.051067][T11511] RAX: ffffffffffffffda RBX: 00007fc0faf15f80 RCX: 00007fc0fad79ef9 [ 434.059024][T11511] RDX: 0000000020000100 RSI: 0000000000004601 RDI: 0000000000000003 [ 434.066988][T11511] RBP: 00007fc0fba93090 R08: 0000000000000000 R09: 0000000000000000 [ 434.074942][T11511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 434.082896][T11511] R13: 0000000000000000 R14: 00007fc0faf15f80 R15: 00007fc0fb03fa28 [ 434.090866][T11511] [ 434.093988][ C1] vkms_vblank_simulate: vblank timer overrun [ 434.109397][T11489] netlink: 4096 bytes leftover after parsing attributes in process `syz.1.1121'. [ 434.118687][ T5241] usb 5-1: Product: syz [ 434.127461][ T5241] usb 5-1: Manufacturer: syz [ 434.127786][ T46] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 434.139865][T11489] openvswitch: netlink: ct_state flags 00000300 unsupported [ 434.151973][ T5241] usb 5-1: SerialNumber: syz [ 434.186687][ T46] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.189293][T11511] ERROR: Out of memory at tomoyo_realpath_from_path. [ 434.196319][ T46] usb 3-1: Product: syz [ 434.220617][ T46] usb 3-1: Manufacturer: syz [ 434.226717][ T46] usb 3-1: SerialNumber: syz [ 434.372485][ T5241] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 37 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 434.455707][ T46] usblp 3-1:1.0: usblp1: USB Unidirectional printer dev 41 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 435.063423][ T5283] usb 1-1: USB disconnect, device number 36 [ 435.569269][ T5283] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 435.870519][ T5283] usb 1-1: Using ep0 maxpacket: 32 [ 435.887944][ T5283] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 435.954265][T11556] syz.1.1129: vmalloc error: size 16781312, failed to allocated page array size 32776, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 436.028950][T11556] CPU: 1 UID: 0 PID: 11556 Comm: syz.1.1129 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 436.039749][T11556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 436.049821][T11556] Call Trace: [ 436.053112][T11556] [ 436.056057][T11556] dump_stack_lvl+0x241/0x360 [ 436.060730][T11556] ? __pfx_dump_stack_lvl+0x10/0x10 [ 436.066013][T11556] ? __pfx__printk+0x10/0x10 [ 436.070595][T11556] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 436.076999][T11556] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 436.083488][T11556] warn_alloc+0x278/0x410 [ 436.087825][T11556] ? __pfx_warn_alloc+0x10/0x10 [ 436.092704][T11556] ? xskq_create+0xb6/0x170 [ 436.097215][T11556] ? __get_vm_area_node+0x23d/0x270 [ 436.102406][T11556] __vmalloc_node_range_noprof+0x6a2/0x1400 [ 436.108322][T11556] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 436.114639][T11556] ? __kasan_kmalloc+0x98/0xb0 [ 436.119395][T11556] ? xskq_create+0x54/0x170 [ 436.123888][T11556] vmalloc_user_noprof+0x74/0x80 [ 436.128812][T11556] ? xskq_create+0xb6/0x170 [ 436.133305][T11556] xskq_create+0xb6/0x170 [ 436.137624][T11556] xsk_init_queue+0xa1/0x100 [ 436.142201][T11556] xsk_setsockopt+0x598/0x950 [ 436.146866][T11556] ? __pfx_xsk_setsockopt+0x10/0x10 [ 436.152119][T11556] ? __pfx_lock_acquire+0x10/0x10 [ 436.157148][T11556] ? aa_sock_opt_perm+0x79/0x120 [ 436.162074][T11556] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 436.167614][T11556] ? security_socket_setsockopt+0x87/0xb0 [ 436.173408][T11556] ? __pfx_xsk_setsockopt+0x10/0x10 [ 436.178596][T11556] do_sock_setsockopt+0x3af/0x720 [ 436.183610][T11556] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 436.189152][T11556] ? __fget_files+0x29/0x470 [ 436.193748][T11556] ? __fget_files+0x3f6/0x470 [ 436.198417][T11556] __sys_setsockopt+0x1ae/0x250 [ 436.203258][T11556] __x64_sys_setsockopt+0xb5/0xd0 [ 436.208276][T11556] do_syscall_64+0xf3/0x230 [ 436.212766][T11556] ? clear_bhb_loop+0x35/0x90 [ 436.217430][T11556] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 436.223308][T11556] RIP: 0033:0x7fd876779ef9 [ 436.227708][T11556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 436.247479][T11556] RSP: 002b:00007fd8774ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 436.255887][T11556] RAX: ffffffffffffffda RBX: 00007fd876915f80 RCX: 00007fd876779ef9 [ 436.263845][T11556] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000003 [ 436.271801][T11556] RBP: 00007fd8767e793e R08: 0000000000000004 R09: 0000000000000000 [ 436.279757][T11556] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000 [ 436.287720][T11556] R13: 0000000000000000 R14: 00007fd876915f80 R15: 00007fd876a3fa28 [ 436.295694][T11556] [ 436.298760][ C1] vkms_vblank_simulate: vblank timer overrun [ 436.345082][ T46] usb 5-1: USB disconnect, device number 37 [ 436.349192][T11556] Mem-Info: [ 436.356165][ T46] usblp0: removed [ 436.371591][T11556] active_anon:7496 inactive_anon:1 isolated_anon:0 [ 436.371591][T11556] active_file:12070 inactive_file:38368 isolated_file:0 [ 436.371591][T11556] unevictable:768 dirty:159 writeback:0 [ 436.371591][T11556] slab_reclaimable:9257 slab_unreclaimable:102812 [ 436.371591][T11556] mapped:26279 shmem:1244 pagetables:968 [ 436.371591][T11556] sec_pagetables:0 bounce:0 [ 436.371591][T11556] kernel_misc_reclaimable:0 [ 436.371591][T11556] free:1353859 free_pcp:2295 free_cma:0 [ 436.422126][ T5283] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 436.445087][ T5280] usb 3-1: USB disconnect, device number 41 [ 436.458679][ T5283] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.468718][ T5280] usblp1: removed [ 436.483907][ T5283] usb 1-1: config 0 descriptor?? [ 436.498652][T11556] Node 0 active_anon:28184kB inactive_anon:4kB active_file:48228kB inactive_file:153392kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:103940kB dirty:636kB writeback:0kB shmem:3440kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:4096kB writeback_tmp:0kB kernel_stack:10240kB pagetables:3772kB sec_pagetables:0kB all_unreclaimable? no [ 436.544740][ T5283] hub 1-1:0.0: bad descriptor, ignoring hub [ 436.567577][ T5283] hub 1-1:0.0: probe with driver hub failed with error -5 [ 436.575213][T11556] Node 1 active_anon:0kB inactive_anon:0kB active_file:52kB inactive_file:80kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:20kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 436.585845][ T5283] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 436.605470][ C1] vkms_vblank_simulate: vblank timer overrun [ 436.687704][T11556] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 436.714841][ C1] vkms_vblank_simulate: vblank timer overrun [ 436.863689][T11577] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1133'. [ 436.878714][T11556] lowmem_reserve[]: 0 2561 2562 0 0 [ 436.899700][T11556] Node 0 DMA32 free:1466364kB boost:0kB min:35020kB low:43772kB high:52524kB reserved_highatomic:0KB active_anon:24324kB inactive_anon:4kB active_file:48228kB inactive_file:152072kB unevictable:1536kB writepending:636kB present:3129332kB managed:2651236kB mlocked:0kB bounce:0kB free_pcp:3692kB local_pcp:1016kB free_cma:0kB [ 436.935332][T11577] ------------[ cut here ]------------ [ 436.941173][T11577] WARNING: CPU: 1 PID: 11577 at kernel/kcov.c:871 kcov_remote_start+0x542/0x7d0 [ 436.950217][T11577] Modules linked in: [ 436.954132][T11577] CPU: 1 UID: 0 PID: 11577 Comm: syz.4.1133 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 436.964905][T11577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 436.975061][T11577] RIP: 0010:kcov_remote_start+0x542/0x7d0 [ 436.980824][T11577] Code: 4c 89 ff be 03 00 00 00 e8 cb 55 1e 03 e9 04 fb ff ff e8 51 40 25 0a 41 f7 c6 00 02 00 00 0f 84 f2 fa ff ff e9 7f fc ff ff 90 <0f> 0b 90 e8 76 5d 25 0a 89 c0 48 c7 c7 c8 d4 02 00 48 03 3c c5 40 [ 436.988753][T11556] lowmem_reserve[]: [ 437.000433][T11577] RSP: 0018:ffffc90004cc6bf0 EFLAGS: 00010002 [ 437.000493][T11577] RAX: 0000000080000200 RBX: ffff888022128000 RCX: 0000000000000002 [ 437.000509][T11577] RDX: dffffc0000000000 RSI: ffffffff8c0ae6e0 RDI: ffffffff8c608500 [ 437.000526][T11577] RBP: 0000000000000000 R08: ffffffff937408af R09: 1ffffffff26e8115 [ 437.000540][T11577] R10: dffffc0000000000 R11: fffffbfff26e8116 R12: ffffffff819395d7 [ 437.000554][T11577] R13: ffff888067eda280 R14: 0000000000000246 R15: ffff8880b932d4c8 [ 437.000567][T11577] FS: 00007f9a524116c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 437.000584][T11577] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 437.000598][T11577] CR2: 00007f6c281a5ba8 CR3: 0000000026572000 CR4: 00000000003526f0 [ 437.000616][T11577] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 437.000630][T11577] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 437.000646][T11577] Call Trace: [ 437.000655][T11577] [ 437.000666][T11577] ? __warn+0x163/0x4e0 [ 437.000692][T11577] ? kcov_remote_start+0x542/0x7d0 [ 437.000724][T11577] ? report_bug+0x2b3/0x500 [ 437.000751][T11577] ? kcov_remote_start+0x542/0x7d0 [ 437.000778][T11577] ? handle_bug+0x3e/0x70 [ 437.119127][T11577] ? exc_invalid_op+0x1a/0x50 [ 437.123809][T11577] ? asm_exc_invalid_op+0x1a/0x20 [ 437.128829][T11577] ? kcov_remote_start+0x97/0x7d0 [ 437.133863][T11577] ? kcov_remote_start+0x542/0x7d0 [ 437.138972][T11577] ? mark_lock+0x9a/0x350 [ 437.143303][T11577] ieee80211_rx_list+0x799/0x3780 [ 437.148322][T11577] ? __lock_acquire+0x137a/0x2040 [ 437.153352][T11577] ? __pfx_ieee80211_rx_list+0x10/0x10 [ 437.158818][T11577] ? __pfx_lock_acquire+0x10/0x10 [ 437.163840][T11577] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 437.169819][T11577] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 437.176148][T11577] ? ieee80211_rx_napi+0xd6/0x3c0 [ 437.181169][T11577] ieee80211_rx_napi+0x18a/0x3c0 [ 437.186117][T11577] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 437.192443][T11577] ? __local_bh_disable_ip+0x179/0x220 [ 437.197896][T11577] ? __pfx_ieee80211_rx_napi+0x10/0x10 [ 437.203440][T11577] ? skb_dequeue+0x113/0x150 [ 437.208029][T11577] ieee80211_handle_queued_frames+0xe7/0x1e0 [ 437.214011][T11577] ? ieee80211_stop_device+0x2a/0xf0 [ 437.219299][T11577] ieee80211_stop_device+0x3f/0xf0 [ 437.224418][T11577] ieee80211_do_stop+0x1917/0x1f40 [ 437.229542][T11577] ? __pfx_ieee80211_do_stop+0x10/0x10 [ 437.234998][T11577] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 437.241325][T11577] ? wiphy_work_cancel+0x1f0/0x3e0 [ 437.246434][T11577] ieee80211_stop+0x436/0x4a0 [ 437.251112][T11577] ? __pfx_ieee80211_stop+0x10/0x10 [ 437.256306][T11577] __dev_close_many+0x219/0x300 [ 437.261156][T11577] ? __pfx___dev_close_many+0x10/0x10 [ 437.266527][T11577] ? nl80211_del_interface+0xa3/0x140 [ 437.271913][T11577] ? __pfx_lock_release+0x10/0x10 [ 437.276961][T11577] dev_close_many+0x24e/0x4c0 [ 437.281652][T11577] ? __mutex_lock+0x2ef/0xd70 [ 437.286342][T11577] ? ref_tracker_alloc+0x332/0x490 [ 437.291463][T11577] ? __pfx_dev_close_many+0x10/0x10 [ 437.296664][T11577] ? __mutex_unlock_slowpath+0x21d/0x750 [ 437.302299][T11577] ? nl80211_pre_doit+0x59f/0x8b0 [ 437.307335][T11577] dev_close+0x1c0/0x2c0 [ 437.311584][T11577] ? __pfx_dev_close+0x10/0x10 [ 437.316362][T11577] ? __nla_parse+0x40/0x60 [ 437.320790][T11577] nl80211_del_interface+0xd5/0x140 [ 437.326006][T11577] genl_rcv_msg+0xb14/0xec0 [ 437.330518][T11577] ? mark_lock+0x9a/0x350 [ 437.334860][T11577] ? __pfx_genl_rcv_msg+0x10/0x10 [ 437.339997][T11577] ? __pfx_lock_acquire+0x10/0x10 [ 437.345192][T11577] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 437.350570][T11577] ? __pfx_nl80211_del_interface+0x10/0x10 [ 437.356372][T11577] ? __pfx_nl80211_post_doit+0x10/0x10 [ 437.361833][T11577] ? __pfx___might_resched+0x10/0x10 [ 437.367124][T11577] netlink_rcv_skb+0x1e3/0x430 [ 437.371890][T11577] ? __pfx_genl_rcv_msg+0x10/0x10 [ 437.376949][T11577] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 437.382248][T11577] ? __netlink_deliver_tap+0x77e/0x7c0 [ 437.387718][T11577] genl_rcv+0x28/0x40 [ 437.391693][T11577] netlink_unicast+0x7f6/0x990 [ 437.396486][T11577] ? __pfx_netlink_unicast+0x10/0x10 [ 437.401791][T11577] ? __virt_addr_valid+0x183/0x530 [ 437.406907][T11577] ? __check_object_size+0x49c/0x900 [ 437.412200][T11577] ? bpf_lsm_netlink_send+0x9/0x10 [ 437.417325][T11577] netlink_sendmsg+0x8e4/0xcb0 [ 437.422105][T11577] ? __pfx_netlink_sendmsg+0x10/0x10 [ 437.427390][T11577] ? __import_iovec+0x536/0x820 [ 437.432323][T11577] ? aa_sock_msg_perm+0x91/0x160 [ 437.437260][T11577] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 437.442545][T11577] ? security_socket_sendmsg+0x87/0xb0 [ 437.448004][T11577] ? __pfx_netlink_sendmsg+0x10/0x10 [ 437.453278][T11577] __sock_sendmsg+0x221/0x270 [ 437.457958][T11577] ____sys_sendmsg+0x525/0x7d0 [ 437.462729][T11577] ? __pfx_____sys_sendmsg+0x10/0x10 [ 437.468019][T11577] __sys_sendmsg+0x2b0/0x3a0 [ 437.472609][T11577] ? __pfx___sys_sendmsg+0x10/0x10 [ 437.477712][T11577] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 437.483726][T11577] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 437.490052][T11577] ? do_syscall_64+0x100/0x230 [ 437.494896][T11577] ? do_syscall_64+0xb6/0x230 [ 437.499567][T11577] do_syscall_64+0xf3/0x230 [ 437.504062][T11577] ? clear_bhb_loop+0x35/0x90 [ 437.508736][T11577] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 437.514621][T11577] RIP: 0033:0x7f9a51579ef9 [ 437.519038][T11577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 437.538741][T11577] RSP: 002b:00007f9a52411038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 437.547155][T11577] RAX: ffffffffffffffda RBX: 00007f9a51716058 RCX: 00007f9a51579ef9 [ 437.555121][T11577] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000006 [ 437.563099][T11577] RBP: 00007f9a515e793e R08: 0000000000000000 R09: 0000000000000000 [ 437.571065][T11577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 437.579029][T11577] R13: 0000000000000000 R14: 00007f9a51716058 R15: 00007f9a5183fa28 [ 437.587016][T11577] [ 437.590032][T11577] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 437.597299][T11577] CPU: 1 UID: 0 PID: 11577 Comm: syz.4.1133 Not tainted 6.11.0-rc5-syzkaller-00081-gd5d547aa7b51 #0 [ 437.608138][T11577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 437.618186][T11577] Call Trace: [ 437.621457][T11577] [ 437.624381][T11577] dump_stack_lvl+0x241/0x360 [ 437.629067][T11577] ? __pfx_dump_stack_lvl+0x10/0x10 [ 437.634275][T11577] ? __pfx__printk+0x10/0x10 [ 437.638860][T11577] ? _printk+0xd5/0x120 [ 437.643019][T11577] ? vscnprintf+0x5d/0x90 [ 437.647344][T11577] panic+0x349/0x860 [ 437.651240][T11577] ? __warn+0x172/0x4e0 [ 437.655390][T11577] ? __pfx_panic+0x10/0x10 [ 437.659800][T11577] ? show_trace_log_lvl+0x4e6/0x520 [ 437.665012][T11577] __warn+0x346/0x4e0 [ 437.668986][T11577] ? kcov_remote_start+0x542/0x7d0 [ 437.674100][T11577] report_bug+0x2b3/0x500 [ 437.678425][T11577] ? kcov_remote_start+0x542/0x7d0 [ 437.683536][T11577] handle_bug+0x3e/0x70 [ 437.687686][T11577] exc_invalid_op+0x1a/0x50 [ 437.692635][T11577] asm_exc_invalid_op+0x1a/0x20 [ 437.697493][T11577] RIP: 0010:kcov_remote_start+0x542/0x7d0 [ 437.703221][T11577] Code: 4c 89 ff be 03 00 00 00 e8 cb 55 1e 03 e9 04 fb ff ff e8 51 40 25 0a 41 f7 c6 00 02 00 00 0f 84 f2 fa ff ff e9 7f fc ff ff 90 <0f> 0b 90 e8 76 5d 25 0a 89 c0 48 c7 c7 c8 d4 02 00 48 03 3c c5 40 [ 437.722834][T11577] RSP: 0018:ffffc90004cc6bf0 EFLAGS: 00010002 [ 437.728911][T11577] RAX: 0000000080000200 RBX: ffff888022128000 RCX: 0000000000000002 [ 437.736877][T11577] RDX: dffffc0000000000 RSI: ffffffff8c0ae6e0 RDI: ffffffff8c608500 [ 437.744874][T11577] RBP: 0000000000000000 R08: ffffffff937408af R09: 1ffffffff26e8115 [ 437.752844][T11577] R10: dffffc0000000000 R11: fffffbfff26e8116 R12: ffffffff819395d7 [ 437.760811][T11577] R13: ffff888067eda280 R14: 0000000000000246 R15: ffff8880b932d4c8 [ 437.768779][T11577] ? kcov_remote_start+0x97/0x7d0 [ 437.773823][T11577] ? mark_lock+0x9a/0x350 [ 437.778152][T11577] ieee80211_rx_list+0x799/0x3780 [ 437.783177][T11577] ? __lock_acquire+0x137a/0x2040 [ 437.788213][T11577] ? __pfx_ieee80211_rx_list+0x10/0x10 [ 437.793678][T11577] ? __pfx_lock_acquire+0x10/0x10 [ 437.798699][T11577] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 437.804678][T11577] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 437.811007][T11577] ? ieee80211_rx_napi+0xd6/0x3c0 [ 437.816027][T11577] ieee80211_rx_napi+0x18a/0x3c0 [ 437.820963][T11577] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 437.827291][T11577] ? __local_bh_disable_ip+0x179/0x220 [ 437.833012][T11577] ? __pfx_ieee80211_rx_napi+0x10/0x10 [ 437.838478][T11577] ? skb_dequeue+0x113/0x150 [ 437.843071][T11577] ieee80211_handle_queued_frames+0xe7/0x1e0 [ 437.849061][T11577] ? ieee80211_stop_device+0x2a/0xf0 [ 437.854352][T11577] ieee80211_stop_device+0x3f/0xf0 [ 437.859461][T11577] ieee80211_do_stop+0x1917/0x1f40 [ 437.864585][T11577] ? __pfx_ieee80211_do_stop+0x10/0x10 [ 437.870052][T11577] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 437.876401][T11577] ? wiphy_work_cancel+0x1f0/0x3e0 [ 437.881600][T11577] ieee80211_stop+0x436/0x4a0 [ 437.886279][T11577] ? __pfx_ieee80211_stop+0x10/0x10 [ 437.891476][T11577] __dev_close_many+0x219/0x300 [ 437.896330][T11577] ? __pfx___dev_close_many+0x10/0x10 [ 437.901700][T11577] ? nl80211_del_interface+0xa3/0x140 [ 437.907071][T11577] ? __pfx_lock_release+0x10/0x10 [ 437.912100][T11577] dev_close_many+0x24e/0x4c0 [ 437.916862][T11577] ? __mutex_lock+0x2ef/0xd70 [ 437.921532][T11577] ? ref_tracker_alloc+0x332/0x490 [ 437.926644][T11577] ? __pfx_dev_close_many+0x10/0x10 [ 437.931850][T11577] ? __mutex_unlock_slowpath+0x21d/0x750 [ 437.937477][T11577] ? nl80211_pre_doit+0x59f/0x8b0 [ 437.942501][T11577] dev_close+0x1c0/0x2c0 [ 437.946743][T11577] ? __pfx_dev_close+0x10/0x10 [ 437.951500][T11577] ? __nla_parse+0x40/0x60 [ 437.955914][T11577] nl80211_del_interface+0xd5/0x140 [ 437.961122][T11577] genl_rcv_msg+0xb14/0xec0 [ 437.965709][T11577] ? mark_lock+0x9a/0x350 [ 437.970051][T11577] ? __pfx_genl_rcv_msg+0x10/0x10 [ 437.975087][T11577] ? __pfx_lock_acquire+0x10/0x10 [ 437.980106][T11577] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 437.985475][T11577] ? __pfx_nl80211_del_interface+0x10/0x10 [ 437.991272][T11577] ? __pfx_nl80211_post_doit+0x10/0x10 [ 437.996724][T11577] ? __pfx___might_resched+0x10/0x10 [ 438.002013][T11577] netlink_rcv_skb+0x1e3/0x430 [ 438.006778][T11577] ? __pfx_genl_rcv_msg+0x10/0x10 [ 438.011892][T11577] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 438.017188][T11577] ? __netlink_deliver_tap+0x77e/0x7c0 [ 438.022656][T11577] genl_rcv+0x28/0x40 [ 438.026631][T11577] netlink_unicast+0x7f6/0x990 [ 438.031399][T11577] ? __pfx_netlink_unicast+0x10/0x10 [ 438.036679][T11577] ? __virt_addr_valid+0x183/0x530 [ 438.041785][T11577] ? __check_object_size+0x49c/0x900 [ 438.047072][T11577] ? bpf_lsm_netlink_send+0x9/0x10 [ 438.052184][T11577] netlink_sendmsg+0x8e4/0xcb0 [ 438.056952][T11577] ? __pfx_netlink_sendmsg+0x10/0x10 [ 438.062230][T11577] ? __import_iovec+0x536/0x820 [ 438.067071][T11577] ? aa_sock_msg_perm+0x91/0x160 [ 438.072003][T11577] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 438.077281][T11577] ? security_socket_sendmsg+0x87/0xb0 [ 438.082737][T11577] ? __pfx_netlink_sendmsg+0x10/0x10 [ 438.088052][T11577] __sock_sendmsg+0x221/0x270 [ 438.092731][T11577] ____sys_sendmsg+0x525/0x7d0 [ 438.097497][T11577] ? __pfx_____sys_sendmsg+0x10/0x10 [ 438.102811][T11577] __sys_sendmsg+0x2b0/0x3a0 [ 438.107394][T11577] ? __pfx___sys_sendmsg+0x10/0x10 [ 438.112758][T11577] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 438.118680][T11577] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 438.125090][T11577] ? do_syscall_64+0x100/0x230 [ 438.129851][T11577] ? do_syscall_64+0xb6/0x230 [ 438.134524][T11577] do_syscall_64+0xf3/0x230 [ 438.139016][T11577] ? clear_bhb_loop+0x35/0x90 [ 438.143702][T11577] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 438.149591][T11577] RIP: 0033:0x7f9a51579ef9 [ 438.153999][T11577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 438.173597][T11577] RSP: 002b:00007f9a52411038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 438.182093][T11577] RAX: ffffffffffffffda RBX: 00007f9a51716058 RCX: 00007f9a51579ef9 [ 438.190063][T11577] RDX: 0000000000000000 RSI: 00000000200004c0 RDI: 0000000000000006 [ 438.198025][T11577] RBP: 00007f9a515e793e R08: 0000000000000000 R09: 0000000000000000 [ 438.205987][T11577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 438.213949][T11577] R13: 0000000000000000 R14: 00007f9a51716058 R15: 00007f9a5183fa28 [ 438.221930][T11577] [ 438.225176][T11577] Kernel Offset: disabled [ 438.229579][T11577] Rebooting in 86400 seconds..