last executing test programs: 13.397444921s ago: executing program 2 (id=597): openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x602, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)) syz_emit_ethernet(0x32, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbb00000000000008004500002400000000002f9078ac141400e01200010000e5580401907800d8621b002c17a9"], 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) prctl$PR_SET_MM(0x41555856, 0xf7354000, &(0x7f0000ffa000/0x3000)=nil) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) landlock_create_ruleset(&(0x7f0000000040)={0x1000}, 0x10, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) socket(0x22, 0x80805, 0x5) r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_S_CROP(r3, 0x4014563c, &(0x7f000001f9c0)={0xa, {0x0, 0x200}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000300)={{0x0, 0x2, 0xfffffffe, 0x0, 0x1ff}}) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x40605346, &(0x7f0000000440)) close_range(r0, 0xffffffffffffffff, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) timer_create(0xfffffffd, 0x0, &(0x7f00000011c0)) timer_create(0xfffffffd, 0x0, &(0x7f0000000040)) timer_delete(0x0) 13.22675981s ago: executing program 2 (id=599): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000140), 0x208e24b) r1 = io_uring_setup(0x3eae, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) (fail_nth: 2) 12.469811273s ago: executing program 2 (id=600): socket$nl_route(0x10, 0x3, 0x0) io_uring_setup(0x2e34, &(0x7f0000000180)) r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000000)=[0x0], &(0x7f0000000340), 0x0, 0x0, 0x1}) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$DRM_IOCTL_DROP_MASTER(r2, 0x641f) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40010}, 0x4000041) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x982, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-avx\x00'}, 0x58) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r7, 0xae9a) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004c8, 0x0, 0x0, 0x0, 0xfffffffffffffffe]}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB="40000000100039040000000000000000000003e4", @ANYBLOB="e9ff"], 0x40}}, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000002c0)) ioctl$KVM_RUN(r7, 0xae80, 0x0) 11.843941375s ago: executing program 2 (id=605): openat$capi20(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = syz_open_dev$dri(0x0, 0x0, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000003bc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000001640)=[0x0, 0x0, 0x0, 0x0, 0x0]}) r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000003d40), 0x2, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x12, 0x80a01) ioctl$USBDEVFS_IOCTL(r2, 0xc0105500, &(0x7f0000000180)=@usbdevfs_driver={0x0, 0x0, 0x0}) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000), 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000000c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes192\x00'}, 0x58) r4 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040), 0x10) sendmsg$nl_route(r4, 0x0, 0x0) r5 = accept4(r3, 0x0, 0x0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000100)={0x2}, 0x10) sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="240000000a0000000000000000000000af00fcc5dee65867000000000003000000000000"], 0x24}}, 0x0) mkdir(&(0x7f00000022c0)='./file0\x00', 0x0) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB='/'], 0x2) mount$fuse(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0xaaba8c, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x24000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) recvmsg$can_j1939(r5, &(0x7f0000000240)={&(0x7f0000000040)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x80, 0x0}, 0x0) close_range(r7, 0xffffffffffffffff, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r8, &(0x7f0000000280)=ANY=[@ANYRES16=r1, @ANYRES32, @ANYRES8=r7, @ANYRES32=r2], 0xfffffecc) 10.904033201s ago: executing program 2 (id=612): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) syz_emit_vhci(0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r2 = landlock_create_ruleset(&(0x7f0000000040)={0x80}, 0x10, 0x0) r3 = fcntl$dupfd(r1, 0x0, r2) landlock_restrict_self(r3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$inet6(0xa, 0x806, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) listen(r4, 0x3) r5 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r5, &(0x7f0000772000)={0x2, 0x4e23}, 0x10) r6 = accept4(r4, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r6) recvmmsg(r5, &(0x7f0000000380)=[{{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000440)=""/117, 0x75}], 0x1}}], 0x1, 0x20, 0x0) r7 = syz_pidfd_open(r0, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100006ceb85409c240290ad06ba153fde0000000109021200010000000009040000009604c34422b71d2484deddef958a307fc3dfb51aa3356ff39043ea0bd7fa701afaa8061cd6904b546ef8871a88b358a00d43f4be64f9bddc423ef30bc91e431e5a9daf456eb4e7446fa1ea5c7f80df9566e348f480647c6f807a31151f1eb69c1f89a24cfe342bee23392af23bf4994452e62dba6883afd45498d5d6acb4fcf99560477a727e74cbf4868fd19709cc919aeb0dd0ed6ffc607e3c0121b9b1c2f468c4957ab1202c9d132327c6e1716db46fbb10dff1405231d6bc80c22399a74f8cef85f10d52a6e8d3516ec4"], 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000000)={0x34, r9, 0x301, 0x0, 0x0, {0x34}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}}, 0x0) process_mrelease(r7, 0x0) 10.627974177s ago: executing program 2 (id=615): socket$nl_route(0x10, 0x3, 0x0) io_uring_setup(0x2e34, &(0x7f0000000180)) r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000000)=[0x0], &(0x7f0000000340), 0x0, 0x0, 0x1}) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$DRM_IOCTL_DROP_MASTER(r2, 0x641f) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40010}, 0x4000041) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x982, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-avx\x00'}, 0x58) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r7, 0xae9a) preadv2(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000001740)=""/4096, 0x1000}, {&(0x7f0000000440)=""/237, 0xed}], 0x2, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB="40000000100039040000000000000000000003e4", @ANYBLOB="e9ff"], 0x40}}, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000002c0)) ioctl$KVM_RUN(r7, 0xae80, 0x0) 7.625974182s ago: executing program 3 (id=628): r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = memfd_create(&(0x7f00000001c0)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x84\xcdN\xf7\xf6\b~\xed_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xadNaC\xa6\xf9\xa7>c\x84\xd8\xfa\xf1\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8g8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93\xd8\x12\x8cXc5%\x03\x8d`\xdayC\x9b\x9a\xd9c\xe9\xb4\v\x99\x87\xe4\x00\x8a\x8eS\x8e\f\x05ZH\xa2\x0e\xbc\x9c\x95\b2Cf6\x9a\xe7\xb9\x86\xbe\xd0\xda\x91\xc1sl\x11PA\x93\xa5\x93\xc8\xf1w\x7fp6z\xbf\xe8[\'u\xb8\xd2$K\x12\rt\x87\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00r\xe2`\xdf\xd2\xb3\xaf\xe9\xc4!Z\xb4&\xa2\x12\xe2i\x91kC$A\xafR\xb3\xff\x1d=\xec\x10\xb4+\x13\'\x92>\x14\x00\a\xb6R\x8b\xdcz\xc3\xd1Y\xd6\xd9;s \xb0\x938\xb7D9\xdcN\xbd\xdbn\xe35\xa7\x02\x9c\xc1\xd9\x13?\xc9\xd7\xab\x9c\xf3\x82\xd1\xee^kk\xce\xdbn\x02\x1f\x80\t\xdbr\xa9\xcc\xf1\xcb\x9f@\x8c\xfc\x02W/p\x97\xb0\xbd\x8f\xdb|n2a\xee\x95u\x83\xca\x8a>}\xd3\xd0\xff6.pa\x17\xe3e\xd2\x7f\xf6\xbc\x9d\x112\x1b\x14p\xa1\xd6u\xefn\xb4\xa3\x05D\x8c\xc5l\xcc\b\xeb\xf42\xe9\xf15\xf3\xf2\xee\xd6\xed\t\xb3\xf7\x1a\x7f\xe6\xb4z\x19\xe1\xb4w\xf7\xa6\xd7\\\xfa\x96\xe2\xf9\xb1\x81\xba\xdfg\xadI\x1c\xde*_\xd5\xdf\xeeA\xcd \x91\xc9\xd4\xd1\xcd*.t\x80]', 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f00000002c0)=ANY=[], 0x118) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x5, 0x810, r1, 0xf78e6000) r3 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_MMAP_OFFSETS(r3, 0x11b, 0x1, 0x0, &(0x7f0000000000)) creat(&(0x7f0000000280)='./file0\x00', 0x0) syz_clone3(&(0x7f00000012c0)={0x280000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000000280)=""/4096, 0x0}, 0x58) pipe(&(0x7f0000000100)={0xffffffffffffffff}) r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) flock(r5, 0x2) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x200) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0xffffffff) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r8 = open(&(0x7f0000000180)='.\x00', 0x0, 0x8) flock(r8, 0x2) open(&(0x7f0000000300)='.\x00', 0x0, 0x0) flock(r8, 0x4) r9 = open(&(0x7f0000000300)='.\x00', 0x240200, 0x0) flock(r9, 0x1) r10 = open(&(0x7f0000001280)='./file0\x00', 0x0, 0x0) flock(r10, 0x1) close_range(r4, 0xffffffffffffffff, 0x0) r11 = socket$packet(0x11, 0x3, 0x300) sendto(r11, &(0x7f0000000040)="60dcb8c0ccf9d1f13e280365babe32aa1a812817f784366dc8aa2b433c492102968db0ee93ddb6f5", 0x28, 0x0, &(0x7f0000000080)=@l2={0x1f, 0x9, @any, 0x10, 0x2}, 0x80) setsockopt$inet6_buf(r0, 0x29, 0x2a, &(0x7f0000000140)="4345be9d", 0x4) 7.235519283s ago: executing program 3 (id=629): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="4800000010000305000005000000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b0001006d616373656300001800028005000300100000000c0004000400000100c280"], 0x48}}, 0x0) 5.883421488s ago: executing program 4 (id=633): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xf, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@bloom_filter={0x1e, 0x2, 0x10, 0x1b, 0x200, 0xffffffffffffffff, 0xffffffff, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2, 0x0, 0x4}, 0x48) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000140)="3751f02b82f73ccfc7c431617753f5732f", 0x11}], 0x1) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) r3 = dup(r2) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000040)) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000000c0)=0xffff) ioctl$KVM_RUN(r3, 0xae80, 0x0) 5.708049873s ago: executing program 3 (id=634): r0 = socket$key(0xf, 0x3, 0x2) r1 = memfd_secret(0x0) r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r1, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)={0xd8, r2, 0x100, 0x70bd28, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0xe0b56de6982e9daa}}, {@pci={{0x8}, {0x11}}, {0x8, 0x8e, 0x2}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x8e, 0x3}}]}, 0xd8}, 0x1, 0x0, 0x0, 0x40}, 0x10) sendmsg$key(r0, &(0x7f0000000000)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYRESDEC=r0], 0x78}, 0x1, 0x7}, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000000)={0x400000000000000, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x5, 0x0, 0x9, 0x2, 0x0, 0x0, 0x25dfdbff}, 0x10}}, 0x0) 5.456922994s ago: executing program 3 (id=637): syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) syz_fuse_handle_req(r0, &(0x7f0000004140)="a1af56567af19ce4706948d30f35abf6494690656d554e6190797369db23a30bf328aa47a2e54509379ba2e477e6e0461d2e45920d509fa49de04732cd2f4a4e34d73eb464d09605a698ad2219a2175ebcc560f740fe531ba46ded4232d273d1865282844f5a3b54d7f154c21a8a82228e27b2c1af662a92e53d81cae3ea68707ce43f89c3321797039a0a39e24b83035dbfb1ac9668b5f87c4ae50250e92c8b113ed58f60015d9c1990253e6646c02901b08a2ec0acceb7ac1e28f59b1e22663432bd5435083b604934bda5f4897467677ac5609bb6e1d1f938a1a8238d2df6db69fcffa48a08ef9231830ceb045a999a9ba43b4d605ce7bb4736ee8bdaac3399576ad3d434c12f1ae8fc5e06dbbfac985d7105c3b7f431854465b6f732e1397e4647e88e86b0a3b01c1ef689a4bd3963deb3b06190576c690ab257b9845b4d412f248184e124b5228f4236d020d4b80ff0772d9515685918c41cad06498a6833d591c191916067759bfeceec176d582621bf23b8d827e2c8977822d64ca19c168fa8a4ea90a60ed60854342e7c42ce11f414dcff1fff715d10ed263d305e5c563ee13a1527795b012e01b8442026032a761cf5104f00dc28a761596d8393e3750be1a8788fa7152a3cd8e051a963120467df86251e7adff7b95b6d17af9bd3e659bbaac6406a70ba347641aeffac9436fc2352bf7822dabd7a4911a5b947f9c07f805e67ec8c7d787ff358b426494b87aaac46c2d4061ccf3d19201d8d099dddf2b257cacbba656cb7626b0d3fa11881e99799b92f0a07813eac359a64a61a03d6527a24a4fee8e6cbd74932adba5ad3a865788e874b796cc8555522b19f76676646f21f31fad8c360982ce2b23fd4aec43bff16e0f3f1e1e804daf28f236081d0686108fde25f7e6a7bef08b793beca5b21b5f4893543ef1e3a216378cb76a54fa879ad9624a60a0b3306c8548e1a22b735213969421dc9ef70338bb7f2ad55adfb6b4f4ca3d8ce7c697ce3f0a6210a27cc900ea2218c52ac06bbcbb91adff643f1a3b93db67d7902f23eb89ab2f892970551127b39e7bb9f37c62adb8abed20c8c84531d143c6be2b8b05766e248a94aae400b36a3399ba1748f77d68d7d7e44ffe14ffd354f508ce30ea991f57018a3534e0eac9cb49d0e6085f93b367d817ee83b24c11f9d38044a9739f4fd41b6a8129fda808bb9301cba6223dfe154b23d7c39ac4fb6656169275c31e15d37d3d96b0aaa13637f1c28178f5fc4ebbe1af6acc985c783a30dffde8d7eb0c8863e3481caf2606a4b6930c234736404d4eeefdda697193f57d332540a423831db671d7d3e8e15ef3d6a26b83a5053bdc2f0b378c6b39ad0b8b9c7bd5c4bf81018ce15d0b344772f6c6f469e40c9848cbcb1b3ccb721b4b1f895a6e034380d882bd30a20f1c2b8ae138e6728306e16f6093774d21b798cd73a16bc577be751deb434ef019dd454fa3ce3cc3b2634ea4957548bf226d0b24bce757382c639dae891e55dcb24ffc9dc2c08acfafabd4565dbcad34e1a8e781c56e9144f0e85a5cf6c79a5d1a8b3479cdc178215f05081eebdc03607798c66fd043824756e896c2b69fe5e843e0eb26c86a37a8944e93a7f3b2a863136d56579d0377f9424cf00dd6da7b19066f990ce05e1b93479f125cbcc5c91aea56ef04950164079f5e22ebfd77d54676b2de392ab20298876bce1ae9941ae109d7088edb29d02539aec8f276b862bb28fa6a68bb1a0bda1b0ec6e5891e93777d9b126d6add7eb36a7f75c435618d368c04156f8a116d0c843ad04842d7b7c84cd87e75fb81ec16ef184fd3119c16c950b84bca9a12a86f0e333d9fe34622f5a51e9772dc8b94c491e16db0c537e211b01c9f13f9e7a7b2f4d8053baded5d6018561b547562efbeac75fd7f520da7aea0f63a278052925c6c88307bed0336c5632ca98086e7712af309f99a6adb3ec4417eaa9aefe3fd43c4402bc13868832d6dfaa97de7ed43fe3711917de97058d60067d5eeb90ecb428182d07092c516e6eef6781756e308926faa9796dd1a29dd4c3827115fa8e14bbe449f4144785b9581a198273adb8bab0d4080adbb592b25fd74d426233f537562a4a98b07f4b2060b4f496c66a0169391b713fdd991fa90cfc313245f57900d980adcbd46ada0a7bdfdfec4bf8ba12e37724c9dfd7fbbe4541bf21cc393249a555746268e7e33bdb43f2cd4932e39fc818e49d0e588d12a3a297be074ad83db57be9d4455ab0685b087e8ee9f5c7c33e10c9d6be572b58c88b79756c45eb9eed6d0275944d9cc1cbc8c498917aa2fd79c00567d4f9f768579f891e23fa9548c5fbff150d2873ecc72da8d0077a223f9d18700b690d8046783bba756a2c9863b7ffc7022b2da68a332f72f704bc38a0fcc4f445891f1ca1ef5dad28b87ce8bdef23ffe29ee23f2c0a002c80cf99399dc7276aec6f9d8b6ff3d7554409a4e38d2029a43f8a70da62b33c44f5f4f299eec825302c52e5f83d462b81512775107059826c8880578f01d8cbd3af86ad61a7e36c2ccdf55ce197ec2a78219a5b952a9bd12ac2cc3271e84e6dad464c7ec9d9f0310614200a98cfa933d5db05c00c95c59fc5bb8844ff856ee7f9b091700b1a93ae1c00a40d9e5e6ce036f90a6dc34faa9dc8e8972c49b055f9a43ae10251705a960f2cfc8430cf9bcafc26c8eccc8b75a788beb41d180d4364f3083f3ffb5e39049979903c76f440810b7ea608ff84f5e56f9e0653bf15b6b6332d458f8d2e2b17d7bd2305a8909996d2ebfc2ee2ff697fccb215bd8c73d4b9f5b597308f98ed8fbda58f52cf8443f5a9db7f0f6e75e1c9e47d73f8d0624e9e6f33c2dee3c6ff394082d78ffd3a68309b3085e1a7c106f62c3959a353672cadadf6c058fe366b03fcd95a23f564c55a3ce9a914c11c8b2d6040147a1539b106adecce531646fea4db06775fe5d1bf9cb0107941b620043ac9b7936b2af9849eca9c46062945b137dfa355a7ee0c81a0193fa60a70e59b407af06a7f181a3e4ccc81f2c580a6c6cf67a8bf93eb8ff2151b7074144bf7c5cff97814e0c00c138d984559ac8b95a45a4497174130bbb0db22fa53187db1d923d9ded441a4d2fcbe0ff5736ecc3d94bfbb2df632ac88a02f2c9f73312e7a9c2d8d6c0bbfc774595e2e63669f2b5bbf6ee6a1ab0c25e3135ed819b02c785494eda4cace033e96b1ecc5b155a14e0c8d51d54d8bf33e499d0913d9605a419bc6c73c6bb07d1a306adb279fedbe81a386fb3bb659764442c4d9d66673a916ee5a6ae59abc994fff64f2db0c83e2b18944f619cfdea0ea0911064ab690b2e03670a3e3667651c1980d0491a40312307e4534671c9c8ca8712506eff211577783c81dc05ffae4a9c6d7554f9fec07b25451c70e6f4d4b160544b66d66dd88ef1c77f09133db317c39fca05b68ef3eee3c28cbe31982adb0693fe9699d06654150346915ccdb17c69ea3aa8bb36b5f321060f6237dec73a011b233b81a6337bd77da5da753593fe30282456a0da2c4a18911ab5a8af13c8f623e5684f74f322ba103482d9abec31a684707671759ac8bb2592d66350745f77f18bd6a6cba542644f1fdf0dca14a08f4ffd1365969ee896cb39e845f71590eb4c73cc624cdcfbdea2352ad5173e5e919fcb98f6d960341047d181075ec8b1e92f40ecd5a1bf157925329748cc7af0239a7803a0c947479e070b026baf6738c29c9a8351685abd43775726ec0bfeff4d51fd3fcb04b108de286c5f61a82ef496e20133ef8b4ae243e81b20822ea6285c70bf1a33cb9f4ceeec053f60992c0023bd5acb0d4a9a55ef377f2837784ada634070a85b0a42fabf288130d6b74ca23473fbce932bedb44cd51dae78efd058dde5d7eb4aadfe3dd8346420567e745ced5189db6df22edbc66580a236f6ab148a3efd69bdea3dac7cffb47df44dbef7fcb436902bb30d65d65d5320c3b76ac17f43d27b2deda8692ba03ac2ae60e4ed2a9232c71a98b9869259a410b901f38cd6712f69f2dc3f92b7c5909f3595e99c9fc77d4d33f9a0e57d5f121e2de782b22cf7fb9bf22fc6afde5e42876ff8005f8a042bb5a9b67d60f40a7ad1cd73810a4f704f14823d4074e5a32b028c8360432b8aff539705961fee84d6c60b2b4d2efad60fb20c1da653869349b81e6c3d56c96ce56a833ee9a2b3e92a4b96c5a545910406751b4e7da24a328de0e20042d1ecc3bf7fd97071bb2740f497307501d90fa9c8e5cd63a703096955f4934d9140ad295cae59232cf005574d875e098637ecb757305a51d102ae5323b23a61c1a1b888c5974a243e42bfc391114ba5ba28e2375cf1d6d1a63e6bd5cf9aff9af16bdc927f642151597fe6d18ab008426f25054ee8e39136e2c217ad1f4cbfccdaf9a0cbd97edef5fef9b2ec486a4b21d79021103deec2ceb26c0b0035856ea2370aa3a8de925797722aeeee2d504184988f9f8727915c389f043c3de2b0d8e3046c46b33cb1615f291f272ade0029cad1f1d2e723e62cf739b667b005de14c3ed265e3bc2d553bb232f88b92a8284996c50e141608623ca7677a9cefb85fb0e0e77e23b9767dd65fbc119a15969ecd10f8033d9f37a748a895fd39390563f577998bb10eda8610855eaeb2499d8234975edb16c438069e8701bec0a86ae108a19b9f54782648af4b7b04a1d7b6b3a853c24f2393120918d1eed7b40f467c88857ee9cddf5f01db495f3138984387adfe3cf51a47dca021f9f31b44af1d12e7c9f4c768f2a46d5c012a937985f56436ae15528ae3597590c927be9676a4ca80a19d44457b06991c02488c96e31094cd963b64e8623fc7000009ddb29b0dbb13671c321d24e322a05cf215dd04eabc2cc6fdaed762d3f9da0f1e0e4b7ba13a6036771c9403457dfddecb71579de33c597860a2e49d7b5052a6b018ddb409a7a84f8f6651d070a4c913b7a721490c8f97c085de8315019952deae16434a3e5fd5d242b1b333d8a801aaa67e4aa599b818c8e747ecac2e9c6176bec7e34ecb84450903f5aa6c6c6bf539b240506562d73c5dfbacdfbcc9db3089701f2c7fe6d6b8d6728f8a1b90a911338463e6fd824ecda51578865b3c363b4b79f6c698e27760c1090f8ae52d6fd3f0f9488f1c25feab4b48c03ddcf74a8b6d2b0fc6b5a89b8051c99edee357fcb875f523f7a88a5f25222fc0ba159873b47fe906e88f920943e453048cdea455dd98fe77f55d9c92e205b87120ac5ef791cd7d6ce7d2cfe689db61096c6e4fc359c9aa4dd3d1205358da38882073ef7268239f7c74b0f3cd60ca239b2fcdc3f5c774559ffbb2b821f1314987d8cbe5342db9567a864d569abfde85f1124e2b178be4d020c4244ddb0cf4ef7124f295a81b9c10227ea886e6f6ea2dca031a026a4f946f49598b76141a0b18170bb3cfa9135db44f2f09c412b823db1e65553aa03bec9b0a35c31eb4e6b0dab02ec2c2d851a731be9cec6078456631c68761e14dbc9afa2c3f631a160ebf9d1fd3c2ecccf6d4aebaf0fafe2e9f47ea9d386425a7950671cde77c6951ef43a1ed32f0ed6fcda74ca9333d2513e4a40cfca01a1773bc13b0229e2b16400880d96e4c687fc54ed0b34326126f845bd7cd2063c51abbf8bb61f6f1dc3606959f2dececc6e3e08d808841c4779ca0f5f51e7e03260d0b75b1b0355f8544c1639b2f0bfd6f95c4f6d151073a086ecc890d6366acbcee869020cf347e700a8361bd8d5c53e6480526aaf31c9c655eae11831184746a709387e60d68c062e5e05e578d11687f6a5411ffac4cfd62331f63a9726ae77c5799bcca05d6983c985cd23d025e3367ef8c7ee903de557322f38629628ee3076ac483f8257c6335a478412cad1d73b6fd43c37a62dd7a0ae7601f12b4478c3f2ee105a915ff2052d23a8b9af3ca59013f553006259d4cce52212862d22c08c29affa3520b33a6b68cf2b9f91d9258dc5052bf360977ba81a37701118f635379d852b6481843604c111bcfa4970afd5a0fa52824cb27ac9a77b7575e3e0cd043c29c5682a47fe94fd6c2c225b6d9939b99c18b5fb898c5f28e87a5b6a0bbeaa2c4725cf5494765d79a50d2417e84130bb37f540e8db7064e57935ec3c6f9caa2a9a1ced0f8c6eebcb9b688490b31f864dcd9b726628218b42f45aa82f2bcdf2c7532c9669ea7ffb6842451ac314a35cdb0855312448c24efd6583a582e15ad5e7f7b714f0ac703a24e2ee8769a868079af8660931ba325ea1c9b636ef7b13776204dd733c3bc69f11e026c382ac0fa5ce8413fb9f84408e4648a5e66b8592093a17a42cb105b616b8239d2031200eecb9beca6d411a71f072fd159eac0a4f4392a0cedb96248dad497b2379f3162254045ce276503093e5e7ab062b942cf6f2302a5ab9af1b3a315ec67faf84b70fdbdb39044a22cd7bd0f62ba66ce2257f3aa0f56d53c8157c4db3297087e25ec24696813430f386f5ad55bf6289f62e1492dc6ac3bb5047e933d54ec338cafb3bfae8336215611bc3e8a5cafaca7c70f580570518a675cc2075c7593e1d98ef02b74f06b041b6ed9b06e820d32b413de06235441a52346c3fd2e723816c7b481fbf564a525646ba62c615060b2f9fb0ff0f00c376c6dfcdb060aca7af2f07f6030a2ca324c8380c11f9c1182acdea2123c52f5a40b44909180a14037c760c4ecc10f20206445aa65cf835f09633491f608598f1fe5cb5175ddc48070fe0608335af27ded864f97dd52c235b7c4ece6bda153224b773c64235c1099054a55849cd1af7832abd1383e82f63715c9cc24543397bd56e34fd5d28e49021bb483617a3444fdcf8cdeb33bd8675334a897e17966fcbc1e5c5c5399bb6bf02a9bbfaa5f3c58d2efd007dcb1190af4ab4b71987ff7824bd9b9c6d6fb0b144c1fd462805aabf2c7fbb043ff22b496e41a4a81957892efe74d614d62d4b04bbf544fb03826e9baa2a84f32da4d1154c1d0fbdcc17f24a49633761d2b5962e618d8a9be2bf373cdc9c45ecff0148f355075fde5ad5e8da5d59498eb2b7f77a4c0622edd29d7dfedd748b750d0b48057fa7b8ff575714a408a926f6e0cad081eb24780fdbb116fb8dfefb2006f765ff95fe4def6b83fa97b3f54204a0c00cf71c4a1efeface1198a94610570816d08c19af76b03afa42f722abbfebb2c99a905300918dbcd131fce84632bf4f7f5dabd1b5b05742755b45e50eb89ee278e0f6f1a8ad3d9f907b9accbe4845f6591f8361b52e4dd8f19823efd7e89c2ba80c70671eea397e1953daa12907ce59d940a6dcfb3eef7ba7405bb489c38319ac4fee62dec986f6eb9e2fb032b5c99bdbca90c42e7f3b1928154af66de5e54b16d8b6541f55daa90812ea7dab78a87d969e4bf95c47f70ce84f9e41e542bbb91f77105c8314e8bd5d8d37e11d9af07c5dcedfab1f21642bb30fb332f7c6bfe13cde2f28f104344777066afe5b0f6db14390f587e64417b0dab027cef4c5daedc75812a7452d45e57e8e274ad8cd8a10b2b9ce0f371809101e9340f2fa0a59501020e48f862572fef70b350938e00a921fb1c080e933eaad2d56daeed692e7d69d4b95a2d1a620da88247314bd73a20cc7a504427df77ba969b5adbf74321e982c2a1913b66a8687960c8fb71a850c1003c76fe1c3bbbc8eb142dfa01f5df52b72bde0c8884374f72eeb8038ad57beb6c732c511bd5847ae8d4b69e195f87b03379279936dda69e11cfda279f37e53a05cb787f118d66f62a87037981937d6083e47e31de6a2700cb7976c0dfcf972bdd458e561f13b3e30368c8bacb722611db7627ad4e00a34f69a5eb9edc7eae464b2422a4c38bed04c49b15fce25ccd22347720273127236d6e8178cb414d1b4dc36cabd19f713782bde48db7094577042083cf5d42224eaa69e0d70b57e6f1764a825909c48858cda13ab13ee203fd0d57291acf508f91f9bc428d4c9ea06a9df3c9ce183e0c101a4d52fd87866c2146219beb15e616ce239cb025ef3dfdb3a2568a833c88a66a580ca9d3f2b770647d5baa42a707351688dc0be3b15d2cead64792e9f9688ef95ea5274c08ee13c4a3797ce346dceeaf7d81a18181839ebeed412baf43ec1abb35b7930ed7a528f9a0bbccd1ea6eb525488c6731150afe791bf58e524de4cc62e174d134bf5d170132efdb2cbb42b882219de563cbe6280ce4cd8482699442b236d1bd54517c3ad25fb3d68a649920357d85f343f0b46ce4a78b1836b6ecb198f1f1686597206c09ad4534717402eefc0d5a90639f91b84d3de00e7d815059640ada64140687c3e404432c74e91907cdcf3e07e997eed9de114767829833920a9fa5bebf7d99fc4f461375f3426b136b680230c7aa135f0d2d72be7bdf8667a8cf0dd0bf5490e393b5a465d37b9ee0d659c8c0f96681b71a867978b3d11b8ca953ab01ec1714ca9ca1e1ed5998e02934901dcac10a2553a94618db7d79c4a48741afe3bceaa994833595808f8080f6eafadd31caee252a7d115db962320be9503147d39adbd11b1cd4cf2cd4bf94d9036ea61b2d4791c6326af653847d2b6dd83f5df51eb9473ae0c305abe5f3896175d82a2b569bf100166004886dc58432cd678c0a4a152013b2646a68284567b898e6f3d38a9187b6d10075234b2e11b7c929b308bbcb82f4a8ceafc503f18536092f2965d13875060c926b5404ccf3bcfb1389688fb4bf57ff79201d8a00cbb54a12b3be4693b4a295284c90e7d0f08b632eb0411bbd01d51112afe5db173a8159dd38fe6e9804f6ae779479ffdc697ec572b0934704dfcc3e9b2bec95587285299d1d79192b2324e4eaf4de74df050170562c08e0a821f47745f63ecbbb767846ddcc331f459013ec90de697346f1e57345a51fd9d2233cb3591c406bc05ff5c098c331cd026aca7ac1fb1c35c3d3597c7deb89620a364044b30c77d5071bea5b196a0c380ad40370985713838b1c830130a5fc15c5501748a2c8369e77c3fd4ec2f5de572ee183f526359f28865d68eb87c21f8fcd4a09d76ee6d9ef31561d9c97ae3672500e342a798b04177f2c5896bd06b4c96a58aa839185ae44b838d763872bbf1e7b665848f1e186b5ab6cd4628f4725324981b0aff0b9af2f78883dc8433d2dc26c1766e0ec77c4eb63da1f859c09ace8889fd2c5ec7f7e11eeb547900dd9332b7b96ea6be35aea692e54c1cc3d1211bc843f8e8ce71abb88873e132fe214a7e7670fcac38516b6935b9e0a2eeb43a0aebd25676db551d8cff4fe0b6cecbd59701317022511a2d612864c09496c99af48e1cd066c5bae55b415ec08e99947ac94885ddf875d8f8af199aba32c0bfc27f6e19e57380618e7940481077edf6270ea3befce28a55c2a68a961142e959690ba294afd57c5530a5fbd5f60d791a3f06720947c74cec26a571a9f2e5cf98cccefba8beff72f2570f8a0e1a130c0e85d4fbb6a6f0b881af274c9eb063ef09176d43f8f18bdb35a0acb1c6305ba5563d1b6baff53b1251305de413052667c4cf9f94460bf348fb27ab5719ae44faf02dae55d8eab643040834b04aab15a197568e8ebd296638b01e5ea34e39ed47ffb58a47027d4b7d978028b7812a141df233065e93c20dc736af1cdcedcf7e766eab238b3b4d3df022f50b43973c47d1c80055e4fdf569e50fd382e840b76a666e5b3db6c06b1f0603a2234b9175c5e15a22855b57cd5257d9b5a456712f281f83e1c6c87f58be8166f8b2e85e9f54d24fe3b420d77a22745e6c7ebc89e21acf1c6649324f4c5bf53e188ce3216dbdec21a06fa9e61d830814697727305fb48c705c4d6c4bdfb874e43a8fb1423e2d2d6bdfe22a0d2b211d3beb86937c639c934cfe9a4b6c2853ff353829028854e8d7d75f29f01c4d7c297fe0236345ecce914b3be4907788a39c093c9f9e2c930a15563cc453d08123deadf853c83db0e3986d993e44e441a874411b7905708462e1ba42ea22521d7c57089a77b14b6dbe57f0ce69c7c4f1c0d53385655a8ed6294f113d33ad8867ac05e80403e6a8103d1574fab80f43a4a3af93a67678346d7b3b977a1381afb93990b1cc3aa73cc463f72bd898f647f3f5a3b342fb5e37140ddc499edda92ee624039ef3f802c9055e20b7d6e4f5a109cb4ca1bf84d37d1e78d45a10f45602b61216ea8969eba3a0075256faf8e577de835bf0b37311d16310645effca6751cf502a035d7ac7d1ca2c23547a739116efb586dfe2762ca4bf5ce5fc48913efb41a4a93fdb240f0895cdf306ddd13337d38a58402561dd663bbc675e1a378d4f770ba5e308c6ada84faf18ab2b387b0ac139a57dc534e278a1afecafcaed3746701cee14edcd3f35cc39c91ed5be8a178d2fcd97567e8ab661d573278062bfc3c83acbfcdeec7f08d3c1197ccf830c883eaaa01e2cc44e91cdc1c47c03797528a9dd63cde259b4b211b57af121b125fefb26c110da83bbc150e2663a22273cc855cb3c52d02fd92db59a7c876d1a18e66cd64708aa478f3f10e726210dbbe2fb1afedb2034a7d59ad774e73f97d7b4b121cc25b90dd4fb5179816174dc4650b2da366d11a519f4310972944625c839b01040c712c635d967269c6c07189b5b1b496403e35e9ef01ecf7e795c357ae08b4736d2c1bcbe556cc671ffa37677b740baebaeb1b74c922d1ac83cb3ab86735d07ebffe072ca08ebd56d0ae89d5535a63bee75810468b1560534ecdb4a16495f9a7f42164df055942e94011848c5dac783a69fbdcac9c477850320af0c10da48775434088c7d090202f927463123639dbc1d48a871e4f20f75563f6dba586db6d12e2e7f36e7da4915037fcddb4413336b423f6b888bcf297fb8d33493e9fc2e992afeb1b83aaeaf46f4aba9bb0aa2708272ce5b0c90ef9f6c366c20e90d0f87aeba828196acdc4306131c515319776dfab27de1e3a501cfc560bd3a1dd29e54b87de9a01d0351184ed5cc3323cef72fd423dfbb0ac90eeec5474432ec1e4c64d68605c378320c0e97a3d89a409b7d969d6e116c2ba861f57418d8eaac5bff85c416ec5224d92df53d8f272c7e02e832bd21ef4d6b4a9bd307f8c1756c3e6c155bb2ce5807311d60b2fb31357c89119af443af2d3a4d08fb6221aaeee97bfdae51ebf6c51f98300033ec513ad6996041441d474ccf3a2548a11b94527ebc2e24d7519b1ded645da3af62060a4ae19eddc3bf331c4c762d9672de22558c655ba05338d985da134230fef2d0639743bdb4695517dd9e3733827050617b3cc792d12b3280eb1f5b22ad5130b27f9a5e25b965028874db5b5efdf881043e1279187294bbc35865af7662b23b9adf614a9af41fe4d0c9cfe62106a2bb6d294d3ca554062b2c7a0299f82fd5eb6841fedf096753b1a63a6b4dcce3837ee36062055c9f52b3272f411709db86d59db530fd1ed9cc2138817c290a2777d1d54cf4b7b2f8737444b58334a1c26f63ffda10b749b5796fa61ce6f74fecef2c4766a05d0468c1d7056beb8fa9cf7d51d5115690bcb889f09dbe01b1c55ac860a00cc159f6683d33fdca16d815fab5bbf00", 0x2000, &(0x7f0000000600)={&(0x7f00000002c0)={0x50, 0x0, 0x0, {0x7, 0x28, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r0, &(0x7f00000061c0)="e0332f8f5747b9f778142cc174a9b5f0244b78bb6346cb5fc9135b8220090ee698fddc241870359d32327f299718466d88c89e68097036bb35abfe03e3c02234dcdb2c7d1209c657485ca1aa3f2fb80e71397b80fca6f3cf2367fb19eb95e5b4a0170063374645d9e020099ffd7def3d94cd29412b3d7b7a47bc70121be848cfcecea78d41a93622b134bd06e84dec07a9e5abc29cb02d5b9091e748cffacf48352628822bab7b24a17bdf4b3f3bd9fb17793496aa6490da3f58039ce5b40745dd63f82d93bed80b50ca5742d67d39029a98db95c9392e2d5fd9a35bad30cfe98682b5a069738a12c3cfd25949106cfc839202fd21c2b28e44be73280d5037351ead2dd1c277d9cc9088c6b14365eb0937ea9685f6b26232293803260f2c84fe176b55df304bc2865b8f52581afc4beed445ae8cc405cb7bcc51103aef812c41437c5b070a3591ad0964677f4f9017bb300727dfab009056bee3671a9694be2e2f2173fcc06ceba5aed0d9da697cd88365c5c354788efcc705e90d572e34e9e566fc206a8167970ecb9cbc43f4d9de4d43688582b6600dfcfc7379c831e756a45835647bd87879a3e3942c61b9ea2c2af35d49a4caa9a109b0beb972996ff8924ea371e15dc48efd12b1203a7f1fe354977fcf9e4ee2c8f210387e551ddb55e5f67ee6bb9bc8772649693b0adf24606e8ccc59f020834d8cbfcadfa1770549fe464dfc412308fbaee8d30bd20c002794bfb923bac6b490841248d12ad9a0e54d1d96e3aff5dc4930a6c8b7c75264a46af7a6339725fb84e0363463ebaaaf58d6b9309ae7c87a8df8c68d2487d684011de1fa7645f3f48cf3bb61bee8bcace2f8ef5f967f2765f8086aeaa5dcc34c84e379a7ddd6438cccb5b80952fae37863708041eadbc4ad2b2ef98412a46f74a171ad056429dbb723cdb9ca9f9f03170dba2870e5988b7cb755599d1eb8f7eaf5c8ded4b56022cb479d0bdfae18f69f9ecc42f4c181ea10838229ba5db7f088ad8d5f77e49c1fd93ed6b983c43b23c7eeb1233f0c114885057a27cd3f67a309e3fecba241836bc92308b830b10b04af6c9595b44e859b9ca7ef079e151fdd500060787be3a7a5b3e23b06ec70f087134504f8b8e7b6799ebfe14f698ba7a813a380e6f92cace9230aa8094a2465f7224e2becad469d0aaf0e48b0098eacfb17abdb69bb2ebba97a09d2b739b532d70db91fcb0fcb38bccdc01d7c8113024ea8b619e385e58d31899721416e10b408504a9c4fcf870d21051227440a616cf62f6637b62eceaee09029f88009be02269cb5e5ed090c6f5e6c652c31214aef301bd23ec2504f90991cd27539c1b8b54db51825e951d076cd0e70f56de4b91894ce22049205483a0fe7d7886b36118bebd96d138980e26604b6e70a7275c6b81501143119a8c2c271558202eda196704ef9ae3c33301e1afbe56d069ce4926bf531d960f3df58192f3da558adc111ae8ed6e24e04e95c406b34b1f4ed2726ef0f6a67dd84c75636984191d019cebfa883fdf99affcdb4c874614a5312455403895891daf7469d6721583ccd1290ab05b14516f22965fc52c4a528f1a5c20cc133fea279d9efc991ec4d51d2654daceda234f6d3b0c635db697aba3eeaf8356319adba42428266ac09a6e6495ca8f60c1c4e052068511696296e88ef86a591948627ba97df634e0063eb5f208df00a069b1213c29e58cf76f591253d60de9d7c01d29992ccc728140299c429fec0df9d90f83fa2467ce00de83b16d10c7edb80ff8d4b1b19eea9bd1e2783a0d41215c9cf23bc3ca1ff414e3f29aadba00c5a8d5b44c28c10e99140e5428278e54bfd880a93fd1b54b560422ab2bfcf120a7902373b6442c6e9867b19aa0a6b77b1634ab6fd1c8a1d90d99ebb9ebcb89d593562b266fbc53c40501f9298690283c45059b3f6ee278e46cb3904c947446c28af8855b2a68e6e0c0da205a6e12fdd15b393d579039b31c1a54230ac2ea13cf1f5540046b4dcccdd731fff7323c4880e5d2d8668d8a7f08920715c17ef9652eb55f224c82a6fdb970dbf1032403f283bd868a23f4785a6ab9c0bcd2308dba1a1f258ae512cf64784e501008db366ab7093a6cc4b6ee86154d44a1a15c10834602dd5ccf730f6d1142ac19d113496dbcb80021cb5733924265d082a8453b5c21e0245e4a2627e8df090da6a129ee49c58c1a7437369acdee15f5e4e5638f05d9f6391572d9890219def702a013a2b05239664dba44feec2a9508a3200b47de03e6a784bca2f3633df534af33da0a95a34ca845b61a22ff55a5a4c04ff9e06e7162f458a8c56e106e75ffb76a921f4057dd73d5f3801aa78ca4c78d6b79bce560404c2fe3d57876287f73e84c27c486ffb997951f9e0b3aa81a5e7804ac7360add11e7851842d0ed8df041c999e50226fef006373bbb53d5d8e9d1653924e60234fd0b6645b821746f3d88591ff66e294e8e958ca425ddbc7d604f7cbbcb9d5fe0d4ad53878eb16bc801def1005e1eb12a6d4924d2179948e7aa542f2600ba3c6c600629d64c529c7326c1f38aa4e1a6cc259e58f86400d65d67856c8f4fffc33ad4c279dc05367307f562f8127f37b03c3cf38a97cfde0c02aad8ac40d347a9e0a496f227c068dc6c666fb2b6a18990f607399b0707d135752d93739e1840b5b4c125c81eeeb318869b408f87778451e49f3ad988a8aa97672989ad367833ff7e7f0e79c37ac794fe466623e122127fb94ebbc01bc775183b26b2dc407b1aa1a55d4ce04dbe1df4fba0377fea4c4bfa5a37c4dd733fd116b9c7f50b11dd512ad68646b9ddca295fe27bee78476901fbb5c8d2856ae0e9e21ab26e3587c1325f1fa28edb4081f2ba309d5fc39f7f54abbd0d5a152c2f7e3a8b3a5ef6e097b109061c91124f41f33055a7bb86706629f614d40346715cf2fe387ef4e4fc6646839824d3ef85eeac85bc5e681320f6fa7057e0a10de8c4678b48510f77b91bb397dd1209eaba8ea1f237c348e9e0d7af1229e2c04b6560e48e3a7491f3066b63a8923becdcfd8594c1c55098a51283b599765b049831cacd9478e5e996c778d524b476f6677218c94886d7548be7617e5796e35bb3c9b13d70e4897867d85f0350e9329985f051fb556b861aef7dead54e6b29b9ad837cb4774f47a5371ef034612aa0c151345546b876b53e9f2c06e3ce0113e67eba8842f4ac5b51a61315bf050078c710dcf14371d9593730b1d0302ef999f488bbf42b7360171da98ad68932bda4937358fd1d0c2bcd04f7dbe2beaffa0d53cccda316cb19270cf4aa56695ef3203b49fe92d1623cc1d714da6b8f94112db1781562ab2ae50bda23debd55da440434299c992f2f8c264310d6d8ccdd042737db0253d6889d8bf36fe99a131b73300c9798b8fd58b5fc681b97e71230cd3094e441fe5cf1294bbc28f41146f06e39d5e19e673dd489dbddfc16fe281160a8008e375025cbf25e84945f2f0a5ffb2cd58273328ea9d7533b2f0861eff95823cea18dc1877183fefab808bda0890f91f1d79b36953b138fd62caea3411900647a4afadfecade2ff6274175f06614d108daaf9821c413a137e33c826957953bb39e2d852097f978c3577abcb71d68b45794247d8e82614979708f6d6d0e469828206b22913d6d320d815d42c0d943640c63196f703f946089f535eac511e26c6a5a529e875eb15aaf65fd50dcbaf37a009f2f9081cdbc744cf7aa2336913e89f1961581ad4bb6aeb1d23a787e2d3f99639871df5842c30581263d5139128f076767ef48bb636d7aae06581de6baa55a12019d3ed831950915fdc1eee819dd01047bda606f2852699529718c99606246a92bb1dd9435d8f3a48646c0e423441bc783be358c0c91e6846419b6c0a81354500cb2721834dc11ba40c3bbe5717e5142922a168ca0e20fc269ea584c7f68ff7cced62c4277385368b4ad596b79c45a9c4575c37f300cab37a5693cb777fabed412934d3a77505b17cb2628119ddff45f3fcbffb50386eb9cfb6f82b37fa852ad4b65bf8e2898b11bf051cb7fb0fa81cbf81b9d9ebb05498aeb2691eb15297edd682976d5a4f444cdaa82f063bc4482c28c4e6257c7cf3e5ee5a502c6527b77b12725e7526ff896ee2f8066536dce04d63072a34c19d533d4dbdb93e7185482cbf7510c5eef2f8aebebad011727cd8061a367b7e1868252bb43d9a74c9c6a10539e357d5367fac69a9296fe5a79a2e5b45950ff462e0e882aa32ff7f29b5644e5311f3e0b076c58683de29ad9dd8b2c92a41ca8313ac997e44981e82aec550bbf6c88adf3d54e9fdf93d9dce95289e9086043d888f19d209cbea79e0f5b2c81b2c3889eae1cb5305e282b883c4cfa3798eceeabb442a74ff6a8470020a296ef01d8e32553663c844e67e5a3a44375f0074ce9547a6c489ee86d7652219491f35c6b904d51a26c3d2cc77d8ff97050dd0d0aed4a1ecf1db7ac48673a1dcc70ac16f709dcf4b90148aede5302111ceaa3a81c49b724cfa206283b62513f96c1da77efafe2d2d08a5f391ab690b5d974ceed2e95e85b1039def0e94c79cc0aa1de1f8133e985adfadf4a657710487b265bb6692fd2b91a06ac98d50b052b8a13168e2638b93209238fbe67f4590a81a2cdbcc479ca9178720a6ec05bc9457f27ad2e2fd2f4e9c643ef85b6287a01f7fd597799cce7d6464ed3c95110733d4ba92314ba3dd81e51f541a6e37f8bb14376e41560f9049b4ff349a467defc205f915a345b5f06d090645180ca642c719f03e9813bff7fd635660efe38b022130d42f2cedd792bcba2bfb14385c6d1cbe5ff2e38c22f1f8d5e4d93d296042507e43f24ff904827b16f2a3572d26078d7fdb0cfdbe2e6bee07b94ae441e510681c96f97ef0ddbd7efbd80ce0689f6e2022a189dd2937d3eadd82a154a5fac91b5ef48523706957b8d5f55077973e9a036009d745a6df39ba154dc59c4ef784d62b3f2d782dc508242a1b0e4cc294b6e62e98ef946f0d984c3174cf86b8a0beb615f046ec50dd0c8a9c0f36df60bd162f1130f894085e7c47b6c28ff336f5d75166c1840e7ad07204fc10ce976505f6aece0316d8c65b973f61cea2fe4c6db722717985c25249f041c07a86b878702a8c9ab7c33fe41039041aa38489b02a28f18d69ab34619e9e35514c54592c8059984ace64b5302b5f22d68c35c7ffb23c63ce877a1e1b160dd2c329eabcc0e1e3072021bd811de3c0c7a68af20ddb9e2912b7eecc2a8cf083a252d0fe31629b20559f00006e4d8625644385c692b8cdc2886a42d750962d0dee10a1546ecb7ef961216cc456d2450a44aab07014fe0be076ca6bcb46b644af844b2ad8b3817f1895a5d579af3dc937541f4b7e9203e7a7af534b406d8f6e3bc555d767603122ab1c4e62de19d6af63be8e39fe45732859d6d92e11f1a847f7d62764b6364aa7f95f03cc7deba178fb03a467da5be71657ae50ff6bf93c51efb7d19ac9887e92fe5f3c9d545209eff307c9e02073bd3404827e148aa63c135ed668589bdfec38cb4771620124d02f1b03993f89e96b33b32e52ddffb0580dac45422ba7a3fef76e519a3dc8d12eac60c2d2f8c4303aafa3e80135c403360d51c9cdeba3ffb31e664302f587e0e983ede7f9b2bfe2bc64bd5029cfa88445e043e08f3e9affee25e980e75d2664738726e3d2eade7dce0ece78a514bbbe5a54c121374d079e3b05996052d66889742232b73e950e1a9892e7352c9e546a8cfb48332d2b2be6327208ca51dc2869a562581947f62b0d5bfb3e0911d4854f822d6738b4deb195840d2bbae0b074b8d1e1010c24ec00052dce7d259e3044aab1a99d261fb3b49cf09dfc85473f94db06d49e202ca12182283d48144f8389a5301679901600bf8130d36315b277a99204b85a1598f84bd2d4c4893108f6717bf44234181467d6eeee61e1823268b5c60bf04d0e13e429f411b51adfca20ff1a1b1eee203d59b03da1643c3e9fc474a91470116c6c5275542adb10f3adae2ae87e88b93f334e0cebb22b89b807627b427a815aea0dbca69e5fb215ee996395d8a21a1c67ac295be33c6517504e1f00f579f8c484873cc670b5b9e787b1c30ca1f0b25f8bb8f4bde3b3f4fa730c292cbf97b25068ba9c65f78c555d5f75d52a57958d7111e824f3afa16484f625abf62afc80654c36fd9f8284466422fb18e08274e8febc719d45b784974d50d187ad2349429af3f7930252a4d45997762e9d5f5493d408ca144532aa89aa3d43c46951dafb8f81794e2e9679ce238cfe86e112f4f046d87feec3be04461032819d62f217faa71fa9dc6da8861015567d1f7309090e25b7015dcc6d72a5e7ba53296ab1bc72467ac50831628cf5238155aed3fb189a8b527ebd38771e16454fe51e3edde55cea454414690491207c23f6cf33aaeeda432de2d1ede04e039a16245e66cce6f4e4ea534f290f02a2a81a46d6ffea7967dfbe37461f83d472091156594852823392efc953f4ac099d74e2d0328d9f47bd952352981a34055acd0273309484ab56afa85ff0c22fb53ac5d7cc8e346b4c2f38a4e2451738146b7b90c14f826c7dbc1b2be79d83772a8d629f2dfaf15286a15be1ea22a05d4ee3de6a6bfb7e208dbbcc88e77baac940d6438aeeb77c3a32db08b46e79545b65f7f3c1bd433092bc9116668c338ab35c01cb5871167868c6b61bd4c0ca5f96e5ce2465da06c4a320839f3bb7c0dffd40d5bb9a32fcbc6f691787de7211da062616272c77c62ac83e4cb29fb954ab27d9009877b79be54acd336bfe2a6e087abaab004743f5ea4ec8ddfb8086920e8e458a413adb98077a3cf860513cc8a453eb129556c871be7e7232a6130c4332819ad17b289fdb31f8f8854dffb4cfeca6d792567b444c750820a2a8a2e0f93779e61a4966650909369fc8bd5bd2bad4ff95cc8a14f6cd83ae6411b4bfe1a9b5cdf1fcf32c54cef1731edc47d41fa581376b25006fc859b98805d70a157e501a2cb2ab425340965213adfecdb5addb2b4b2ec5cc6935e4e279bb98283fb20dfcd8a2c91aefda9dc5a57bba4d8803d1eb0f4ba9529de01e39c2aa60a91267c31d036a3f669b9377661837f58c6950fdf38986ea13ff5e9c4d966bf999002da1a854d54aa225b259d91eb88425328e7d13b06dea321a151a8dfc44755214da97168e8acf027d66b7fff45ded94fcde53ff80342d4595644549c4ed827225596e2b30480e94eb049b6cd718fe8424d044bb5098e0206047ddb81755e3cb92131dd47ec754b64c4b78f663e364cf8a74cdd9857c81316dc4ccd5f02a84b310abfbc9d6a23ee6d1eaf6b8fc1544cfeb06002c8a40fb0e49859d2073a7b1cb112713518ad5e007d0a256f901469bfa5cae98841f877faeb584d41bfe695da72ca5700ae085f39c99f769502ea9f43c0b84ca4611441d5adb3e5d0a426297e535258748169cad487f97d171c0630642943508206ce648aad2971297f3d4037d73e5fbc73460ca7401b7dbd7807273ae077a81fd0d4bc90b6068e3ec95afcfeab16619306fb23942a4308e8253b35f4912df392dfc5daf35dd842a5a1f78fc294cbdbd504056f0c7779121b5b3db7461e437347452476f3b0bb22e63aa23cb9d3e797c6c95513058d8fb2c27864ac0e1f5001c988e29c79bfa4236c7be41dee5561d825c1f0fbebc0c06cc4712e88ad5efd94f4eb4e93794af42a9752a2ebc57dc2f3881c75bbb23ad25b69619f9f5b07fe114ba291d2b5b4c1c175e1aa3ee3eda55e6126b3ad1e613bf8e0bbac727b879e7796fa0ad100893677a18b53f5eb31db43a97370d3749afa92fd0291fa96b05daa6beb43b9c1c11d9515976976d1cc1e44f35d317299ceb68ea2545f2a2b92b4e1046f6f92c33aae6995593189bb2611576599fd765b8e6fe2e88674ffd57ee8252287b1904d622c36a502db45c72b0d5fc3d983cc44bc955eb43911404667a4ab147d72b69ef2514dfb820ad75758e85df88499cea94ed658b4c1c2f49fe2bbb8d2dd97f844a6df289296cfb9cd5bc8d17aa235e2c4501b1422b25acd6dbc3a91d03904c545320524f9034955ab02f5d058097c37d23984baf808d28b3e12821eb8919a77c1b6a8bdeceecfcc487c39db592817dd378a7c5127b427e7279b2a82f6b8eec6b3fabe0947e353e7a386475b15011de93e2f2891f772ef90f4aba1ee1c4d7321c81ce4dcaa378daeabb93182c319494436dbe67d252a01291cacb59686ebd53c6df21c083e98fa299cf5e9b59f1ccea95c62b1437c8ff8754a6372b5b879ebc3241f6430871eafe35337d75cb68c42862846df4342ab434f7f0a7b9f66824e1e696e3dbecde179592774b7511e5a7a1a06ba601eb5f2a935c7cef0f83ecd412a84afdd05120fceb1afb6445ebfcdf12c2287bfb75dddccc45afb4f5bb1308d39309c92c0b61a322d5229881fa5d598113cce54107036ca9f63fe863d257c706fe89d5c7ae59a459c6f15ba48d80da4aff541797b26418acddb987df3544bc4918cdbbdd8dd1bc2163c89635044e7b4da878457727a667c0146a12b4c46639497243259bfe4aa5ea50eb79f39fa9209256c9a685e3e39d6d8b6a9ca7d3554fbff0908ad6c6ecf68e506c20b16cd4a98e3ada9eb0cb3eb0b75b13b6d80bf99eddf2282da52cec085d3a725b71c29395d605e1eb26143290946a3a0d24347fa46145735dbf4eabc12150b8d5f7eeca804d7ed1fecd0132d1b94ebec65cbc07dfd4d54a5140567e77c646bd92666922c43aca8e482c59b970fa43087eb76d6715e4e8e5ebe54ca391383ef685b133534fcc1e5c5eb56f9d76a888506c4ac8d289c37039e0c4f927b0e11e85c5c7ec1cf4b19bebee6014cb89ee57f2ade8d166005e956d46a0c01f60b58299479e8a59a2e88f1a7ffd08b27d92fc2772b338959bd0a1c9cb95075c3cc17043c818345b29b76c0b8ed41c8c7259cc780c657cb9509daec1558453cfe061f54e08523a55d3223897559d51096b680802144f1dfbc114cee5ba322e007c2af0c08867291dd732bfe4b24d1d5ae517a7f5903c369ac6b157d42eb6ca8c0d7b50fd533a56c814e7cf04db3012eebd53ec1b123d65ab1e462d9f9182b690d56a88ad5a1f4d89f1749b005e88085505cc6d7de8eeee08def67bc1d1519d44b7a62dc07e491f328f786956d9200f00d78829e6af7c1a5835366201374b9487330920d4c57e2f7073292e173acc2424bb0d5e0e9448b4c02f9cfc99bc408110b6a3e9bc3799e4b178c2871069bc7d9ceba564378f02b2932c36f159478b5facd452b595a86d119216af9d860bd3997305320159a69a70fc62284141d23d2dc1e5394b271d99e5570450f1c55807e96c7cbe1b7c2e3e96f69fecf0f375e36e0d2acf319e37199e98486a8d145ce2d996c1909402744cce63664a75e480b197c345360321e830e5572d1d7bfe5a129a67fa98e6eda5268fa588047859daa11d087d0dbf0ccc7e120e3a5820cb4f5dc06748317e3f866518eb66e39dc8a68a7411b3403fc8eeab8283dee4d767e8e5842ed922e03ae5b3c9c494d5ebc61527ccd1222740fedd9e469ba6b30761cf387d654081c7e63182860e4548748058914a9cea01caf074fe6a78fafa2b45c516f9f20af9ac6773a400fa9661a872f6b55f0ed52a9be9e9c35502604b924f0eb628d6545da322e0713f9a5587e87e4b04fa495423b7c72093b764adfd1430a2e608b7af3d2bf80fef00e5b69abe386618274921ff57621bb99739de2e066ff17e95eba027f6a35170af3a69e93359a9643e155832d45c1aa9a8f71ad35504b99d3d0a1c11ae108664ea36f4dcded083aee17ac9efe7ee3fdf7b63c7c09bcef62caa88708510d45cea79d323083ddbfe7e5d3d9138f206a7af82ef1d26c85015c3e55a285a35d0052546493536b9061db27291a9292033753b7bddac63dac6f6271689240e43523c434a65e1d35299e386c953d0c92f21057e0b7883e049d20961e75069587eb3df6206496f76bbfd96635bb19837ba2ab193d79072ffb8829306b63697ff104a65031b8a38c24cca9ba23d5cdf753169a00fe2b2c3849f234a7029b657b3324c10d553e601aa97d17024f7bf5a99f96392f4a079a83daa27f4e3b512ee8536e764ce4dc36fd0874dfa502a693e55bd9f116202c5e906703e2c43d84448598b7af78aa60a205c152841e75e23436738ccaa6bbcef87e6a237d86d1a5e38e56c162cd6d61a4fb8b410b1643ad557a22348edfa82c23db11c9abdd8141fce263a66537512e93a930a4801ad862a902c7c1e00eb7c7466b1351318b7196c2a9016c55a05e104e124bdb568132f9397e31b10d04e5284bd029ea2f6a3ed11854e09b5871d6a725c21a9ef5d7e729a90a8206d5f61e6e42e47dda3e31b9134d47872a0dd7a576b665ec6ceaa5fd7d85ed7feede9ac9fc23e40241c0318077edda75b62eb271e28fb3705f7b4950c14b721a3a74a7a4e4de02cef5de76a1602b906016c0892ef37db51b0a1dd53f28b3d896f20abbad1ad0e0220960423267fc6e1779d1150fd584dd184bb43278d2d68ff21ac0daeef5408348cb80f4a9e0e606f6048bbaa517289451f084fffb63c5d904788cfc310b5495528a58f4650dafc4e4675b99d35ebab710ac6fefcee6c51a2835510fb6d2dbd8f97c3e53fb7a23c3f3c0283eb2271504581b9c1fa31e35c117e56a5d668a9c57df3b4e1129ca019a8b877fa4a22768dfbdd9d2154e17f4a7755b065090d88982471bfb242d89af5c6782693a6ab1b1be74dfa5655ac3b5ef4ace8dc595803cf4025bdf5c0e9fbe7a12a3a313311809591da08a2cc6cd8480dc960e1f79fa208440a0e589be5756c36d5830a51c4bdc39c2a85c0431bae3a7331b2ffdf23623693d343a7938a8a8a4dd4d523c6450a705bccbb38427f06f4f84a18adf303c0ddecf4ce2b6cdde4e09a4c31816195f0fe9f05fcdc0609f8a75ad2f23d5c24faaf346c13ec0512a5c29477ac561c878085d1a323f6bab08e2fb9ee57d7bb621ef21caf3609d74036c6dc1d7be0b6058d89d2b8d9aa4462fa0a740be66e3fdaa957f27c5a26dc586ac8c927ab2d7cf1b761798ea4191be8f4423cf1a6727d0c5f27a9969a753573afa584dea82678f3471ba36d726c396d68c671e579120f1a11cd50fa66b26fc2d6cb74ba07edbd5d3a288cf58ed1255381df02b2fb8983b7cf833433d1ab8fdef12651c3507e4b69fbc4b234678cca36761e8da434e5f036f204a1400da15277ef27ac140e2d574b89c0fd617da27e6ce862883bbe81c288834b9477d0d440c15dad505b363fcc1cfef8e2e3a96438809505844196acd0af751dedfced67f209c2ffa9c6da842c93ff4b5fd54a67df904f2f31b4236728c99582a667a8461d397770a657ffa7d514b0f076d7f35e9704a836e7882a2acf0a0ec2158ac7234953c3696abdc791c0b163ee76fbcc5adc18b6fa0f51f76f3d313a0d891f1deb69f6e44289b1aa43a768b8d13270959763a2c45129daeea493a5b0d7b36753b223dca9a8037368653400", 0x2000, &(0x7f0000000a80)={&(0x7f0000000340)={0x50, 0xffffffffffffffaa}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000100)='./file0/file0\x00', 0x0) 5.364978817s ago: executing program 4 (id=639): r0 = socket(0x1, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000c044}, 0x0) 5.124211447s ago: executing program 4 (id=640): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r2}, &(0x7f0000000300), &(0x7f0000000080)=r0}, 0x20) recvmsg(r1, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0) 4.834787756s ago: executing program 1 (id=643): prlimit64(0xffffffffffffffff, 0xe, 0x0, 0x0) 4.663820691s ago: executing program 1 (id=645): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x3, &(0x7f00000004c0)=ANY=[@ANYBLOB="070000000850fd9d7f00000000c8b476a9"], 0x0}, 0x80) capset(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffdfffff}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x15, 0xa, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0}, 0x90) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_int(r0, &(0x7f0000000000), 0xffffff6a) ioctl$FS_IOC_RESVSP(r0, 0x40305839, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2}) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000080)) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r1 = socket$packet(0x11, 0x0, 0x300) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x0, 0x0}, 0x10) r2 = inotify_init1(0x0) inotify_add_watch(r2, &(0x7f0000000200)='.\x00', 0x10000a0) r3 = dup(r2) bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@base={0x1e, 0x1, 0x8001, 0x3, 0x4, r3, 0x800, '\x00', 0x0, r3, 0x5, 0x2, 0x1}, 0xfffffc67) bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x20, 0xff, 0xffffff5a, 0x200, 0x4a9, 0xffffffffffffffff, 0x6ab2, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x3}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x5, 0x8000, 0x3, 0x8, 0xffffffffffffffff, 0x9, '\x00', 0x0, r0, 0x1, 0x0, 0x2, 0xd}, 0x48) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r5 = fanotify_init(0x200, 0x0) fanotify_mark(r5, 0x201, 0x4800003e, r4, 0x0) open(&(0x7f0000000240)='./file0\x00', 0x80000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r6 = getpid() sched_setscheduler(r6, 0x5, &(0x7f0000000580)) 4.465098502s ago: executing program 3 (id=647): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x14, 0x1, 0x8, 0x5}, 0x14}}, 0x0) 4.21939785s ago: executing program 4 (id=650): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x20000023896) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) prctl$PR_GET_SECCOMP(0x15) sendmsg$TIPC_CMD_GET_NETID(r3, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0xffffffff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x20000004}, 0x1c) socket$packet(0x11, 0x0, 0x300) fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0) 4.086974766s ago: executing program 3 (id=651): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x3f, 0x0, &(0x7f0000000200)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)) inotify_init() open(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d, 0x0, 0x0, 0x0}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r8}, 0x10) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) bpf$PROG_LOAD(0x5, 0x0, 0x0) 3.498638961s ago: executing program 1 (id=655): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x5}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0}, &(0x7f0000000400), &(0x7f00000004c0)=r1}, 0x20) mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) setsockopt$IPT_SO_SET_ADD_COUNTERS(0xffffffffffffffff, 0x0, 0x61, 0x0, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001680)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@func={0x6}]}, {0x0, [0x0, 0x0, 0x0, 0x61, 0x2e]}}, 0x0, 0x2b}, 0x20) 3.14021836s ago: executing program 0 (id=657): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) syz_emit_ethernet(0x6a, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffff12abaaaaaaaa0086dd602e5cea00343c00fc000000000000000000000000000000ff0200000000000000000000000000010003"], 0x0) 2.984824893s ago: executing program 0 (id=658): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) request_key(&(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000140)='#$*\x00', r4) keyctl$restrict_keyring(0xa, r4, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000000)='id:cb2e') 2.091564131s ago: executing program 4 (id=659): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9, 0x84}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r0}, 0x38) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000031c0000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000680), 0x0, 0x6c, r0}, 0x38) 960.283782ms ago: executing program 1 (id=660): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000000340)={'tunl0\x00', &(0x7f00000002c0)={'ip_vti0\x00', 0x0, 0x8, 0x20, 0x7, 0xc10d, {{0x5, 0x4, 0x2, 0x7, 0x14, 0x67, 0x0, 0x7, 0x4, 0x0, @multicast2, @rand_addr=0x64010102}}}}) 781.61035ms ago: executing program 0 (id=661): keyctl$search(0xa, 0x0, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0) 644.558944ms ago: executing program 0 (id=662): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x36, 0x4, 0x0, 0x0, 0xd8, 0x0, 0x0, 0x0, 0x29, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x0, 0x4]}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x1, [{@private=0xa010100}, {@multicast1, 0x40005}, {@remote, 0x8}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev}, {@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 335.806225ms ago: executing program 0 (id=663): r0 = creat(&(0x7f0000000300)='./bus\x00', 0x0) r1 = open(0x0, 0x16d43e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r1, 0x0) ftruncate(r1, 0x7fff) io_setup(0x27, &(0x7f0000000100)=0x0) io_submit(r2, 0x2, &(0x7f00000002c0)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, r0, 0x0}, &(0x7f0000000280)={0x0, 0x0, 0x2, 0x2, 0x0, r0, 0x0, 0x0, 0xfffffffffffffffd}]) 335.283613ms ago: executing program 4 (id=664): setpriority(0x0, 0xffffffffffffffff, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x3f, 0x0, &(0x7f0000000200)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)) inotify_init() open(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, 0x0, 0x0) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d, 0x0, 0x0, 0x0}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r8}, 0x10) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000002c0)={0x30, 0x30, 0x30}}}], 0x0, 0x0, 0x0}) 256.392849ms ago: executing program 1 (id=665): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x9, 0xf, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 52.291988ms ago: executing program 0 (id=666): bpf$MAP_CREATE(0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f000000c400)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(0xffffffffffffffff, &(0x7f00000002c0)={0x50, 0x0, r0, {0x7, 0x1f, 0x0, 0x401408}}, 0x50) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() socket$nl_generic(0x10, 0x3, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000fcffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r5}, 0x10) socket$unix(0x1, 0x0, 0x0) r6 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r6, &(0x7f0000000000), 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00') 0s ago: executing program 1 (id=667): r0 = socket$inet(0xa, 0x1, 0x0) socket$packet(0x11, 0x0, 0x300) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000440)={&(0x7f0000000280), 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=@gettclass={0x24, 0x2a, 0x100, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x9, 0x5}, {0xfff3, 0xc}, {0xf, 0xffff}}, ["", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x4004) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000b00)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000480)=@mangle={'mangle\x00', 0x44, 0x6, 0x418, 0x2b0, 0x2b0, 0x2b0, 0x138, 0x98, 0x380, 0x380, 0x380, 0x380, 0x380, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11, 0x0, 0x44}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @ECN={0x28}}, {{@ip={@loopback, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@broadcast, @empty, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xd0, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x478) kernel console output (not intermixed with test programs): 14 endpoint 0x5 has an invalid bInterval 36, changing to 9 [ 193.815871][ T7428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.821987][ T5273] usb 2-1: config 4 interface 231 altsetting 14 endpoint 0x5 has invalid maxpacket 1543, setting to 1024 [ 193.842410][ T7428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 193.842436][ T7428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.842452][ T7428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 193.842465][ T7428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 193.891614][ T25] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 193.963521][ T7428] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 193.970433][ T5273] usb 2-1: config 4 interface 231 altsetting 14 has 1 endpoint descriptor, different from the interface descriptor's value: 7 [ 194.005028][ T5273] usb 2-1: config 4 interface 109 has no altsetting 0 [ 194.017273][ T5273] usb 2-1: config 4 interface 231 has no altsetting 0 [ 194.036254][ T7428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 194.059882][ T7428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.064356][ T5273] usb 2-1: New USB device found, idVendor=13d3, idProduct=3341, bcdDevice=8f.75 [ 194.089878][ T5273] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.092163][ T7428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 194.108696][ T5273] usb 2-1: Product: syz [ 194.108722][ T5273] usb 2-1: Manufacturer: 졬详눦嵰椸㾺榘꾌਱䲔ࠊᯥみ₾熍㫷矌▧㨾롤恵굟⥎ྖ대﨩騚ゴ挧ऽ暄葰鉚꒎ʝꢸ┏䅪ࢼ₤泓鏄ཱ캩꘩癁庈쭊⩚條䛲뛔ϒﷰ瀌痏匔㝭毖ᰞﭒ땮⚩캿뫾촔碛탹ꬄ౦Вꥒ舦鹭ഌ⿾읎睾⦲蓡⭻픗ಥ嗸竸⟽띖徛芬붋烴딑鸷䌺蕴芐⚭뵣瑝뛞喙蜦뎂㆔〿 [ 194.108753][ T5273] usb 2-1: SerialNumber: syz [ 194.122439][ T7632] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 194.147748][ T25] usb 3-1: Using ep0 maxpacket: 32 [ 194.169672][ T7428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.180176][ T7632] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 194.188915][ T25] usb 3-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 194.205395][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.217000][ T7428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 194.229827][ T25] usb 3-1: config 0 descriptor?? [ 194.238845][ T25] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 194.245459][ T7428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.255646][ T7428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 194.274793][ T7664] FAULT_INJECTION: forcing a failure. [ 194.274793][ T7664] name failslab, interval 1, probability 0, space 0, times 0 [ 194.288159][ T7664] CPU: 1 UID: 0 PID: 7664 Comm: syz.0.397 Not tainted 6.11.0-rc2-syzkaller-00239-g34ac1e82e5a7 #0 [ 194.298958][ T7664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 194.309015][ T7664] Call Trace: [ 194.312304][ T7664] [ 194.315228][ T7664] dump_stack_lvl+0x241/0x360 [ 194.319932][ T7664] ? __pfx_dump_stack_lvl+0x10/0x10 [ 194.325136][ T7664] ? __pfx__printk+0x10/0x10 [ 194.329728][ T7664] ? kmem_cache_alloc_noprof+0x44/0x2a0 [ 194.335267][ T7664] ? __pfx___might_resched+0x10/0x10 [ 194.340561][ T7664] should_fail_ex+0x3b0/0x4e0 [ 194.345243][ T7664] ? getname_flags+0xb7/0x540 [ 194.349914][ T7664] should_failslab+0xac/0x100 [ 194.354589][ T7664] ? getname_flags+0xb7/0x540 [ 194.359348][ T7664] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 194.364724][ T7664] getname_flags+0xb7/0x540 [ 194.369237][ T7664] do_sys_openat2+0xd2/0x1d0 [ 194.374015][ T7664] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 194.380002][ T7664] ? __pfx_do_sys_openat2+0x10/0x10 [ 194.385197][ T7664] ? __fget_files+0x3f6/0x470 [ 194.389891][ T7664] __ia32_compat_sys_openat+0x23f/0x290 [ 194.395434][ T7664] ? __pfx___ia32_compat_sys_openat+0x10/0x10 [ 194.401503][ T7664] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 194.408176][ T7664] ? lockdep_hardirqs_on+0x99/0x150 [ 194.413373][ T7664] __do_fast_syscall_32+0xb4/0x110 [ 194.418488][ T7664] ? exc_page_fault+0x590/0x8c0 [ 194.423345][ T7664] do_fast_syscall_32+0x34/0x80 [ 194.428193][ T7664] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 194.434514][ T7664] RIP: 0023:0xf7fb3579 [ 194.438580][ T7664] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 194.458188][ T7664] RSP: 002b:00000000f576656c EFLAGS: 00000206 ORIG_RAX: 0000000000000127 [ 194.466602][ T7664] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000200003c0 [ 194.474573][ T7664] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 194.482546][ T7664] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 194.490511][ T7664] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 194.498483][ T7664] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 194.506457][ T7664] [ 194.511441][ T7428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.522249][ T7428] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 194.555903][ T7428] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 194.564601][ T5226] Bluetooth: hci5: command tx timeout [ 194.595090][ T7428] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 194.615094][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.631201][ T7428] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.652514][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.670158][ T5273] r8712u: register rtl8712_netdev_ops to netdev_ops [ 194.685562][ T5273] usb 2-1: r8712u: USB_SPEED_HIGH with 6 endpoints [ 194.694345][ T7428] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.696811][ T5273] usb 2-1: r8712u: Boot from EFUSE: Autoload Failed [ 194.735880][ T7428] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.737984][ T5273] usb 2-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 194.744727][ T7428] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.764452][ T25] gspca_sunplus: reg_w_riv err -71 [ 194.770693][ T25] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 194.772894][ T5273] usb 2-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 194.817560][ T25] usb 3-1: USB disconnect, device number 25 [ 194.871203][ T5273] r8712u: register rtl8712_netdev_ops to netdev_ops [ 194.883281][ T5273] usb 2-1: r8712u: USB_SPEED_HIGH with 1 endpoints [ 194.892942][ T5273] usb 2-1: r8712u: Boot from EFUSE: Autoload Failed [ 194.906904][ T5273] usb 2-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 194.914591][ T5273] usb 2-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 194.999197][ T5273] usb 2-1: USB disconnect, device number 22 [ 195.164582][ T63] hsr_slave_0: left promiscuous mode [ 195.207595][ T63] hsr_slave_1: left promiscuous mode [ 195.223171][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 195.243248][ T63] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 195.260096][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 195.271158][ T63] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 195.352667][ T63] veth1_macvtap: left promiscuous mode [ 195.367376][ T63] veth0_macvtap: left promiscuous mode [ 195.389042][ T63] veth1_vlan: left promiscuous mode [ 195.395402][ T63] veth0_vlan: left promiscuous mode [ 195.570522][ T25] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 195.788594][ T25] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 195.810980][ T25] usb 1-1: config 7 has 1 interface, different from the descriptor's value: 2 [ 195.837621][ T25] usb 1-1: New USB device found, idVendor=19d2, idProduct=1275, bcdDevice= 0.84 [ 195.854747][ T25] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 195.869080][ T25] usb 1-1: Product: syz [ 195.873300][ T25] usb 1-1: SerialNumber: syz [ 195.900755][ T25] rndis_host 1-1:7.0: skipping garbage [ 195.909348][ T25] usb 1-1: bad CDC descriptors [ 195.925060][ T25] option 1-1:7.0: GSM modem (1-port) converter detected [ 196.050382][ T63] team0 (unregistering): Port device team_slave_1 removed [ 196.087172][ T63] team0 (unregistering): Port device team_slave_0 removed [ 196.202246][ T25] usb 1-1: USB disconnect, device number 25 [ 196.214231][ T25] option 1-1:7.0: device disconnected [ 196.535082][ T7673] netlink: 24 bytes leftover after parsing attributes in process `syz.2.399'. [ 196.606009][ T5226] Bluetooth: hci5: command tx timeout [ 196.694881][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.703025][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.894047][ T2934] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 196.920727][ T7705] netlink: 20 bytes leftover after parsing attributes in process `syz.0.404'. [ 196.931754][ T2934] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 196.952272][ T7705] netlink: 12 bytes leftover after parsing attributes in process `syz.0.404'. [ 196.964859][ T7622] chnl_net:caif_netlink_parms(): no params data found [ 196.969999][ T7705] netlink: 16 bytes leftover after parsing attributes in process `syz.0.404'. [ 197.394593][ T7622] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.417274][ T7622] bridge0: port 1(bridge_slave_0) entered disabled state [ 197.443802][ T7622] bridge_slave_0: entered allmulticast mode [ 197.464029][ T7622] bridge_slave_0: entered promiscuous mode [ 197.524113][ T7622] bridge0: port 2(bridge_slave_1) entered blocking state [ 197.557844][ T7622] bridge0: port 2(bridge_slave_1) entered disabled state [ 197.565298][ T7622] bridge_slave_1: entered allmulticast mode [ 197.604501][ T7622] bridge_slave_1: entered promiscuous mode [ 197.683113][ T7737] FAULT_INJECTION: forcing a failure. [ 197.683113][ T7737] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 197.714517][ T7737] CPU: 0 UID: 0 PID: 7737 Comm: syz.4.409 Not tainted 6.11.0-rc2-syzkaller-00239-g34ac1e82e5a7 #0 [ 197.714548][ T7737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 197.714560][ T7737] Call Trace: [ 197.714568][ T7737] [ 197.714577][ T7737] dump_stack_lvl+0x241/0x360 [ 197.714611][ T7737] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.714638][ T7737] ? __pfx__printk+0x10/0x10 [ 197.714668][ T7737] ? snprintf+0xda/0x120 [ 197.714691][ T7737] should_fail_ex+0x3b0/0x4e0 [ 197.714717][ T7737] _copy_to_user+0x2f/0xb0 [ 197.714741][ T7737] simple_read_from_buffer+0xca/0x150 [ 197.714770][ T7737] proc_fail_nth_read+0x1e9/0x250 [ 197.714794][ T7737] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 197.714814][ T7737] ? rw_verify_area+0x520/0x6b0 [ 197.714835][ T7737] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 197.714859][ T7737] vfs_read+0x204/0xbc0 [ 197.714880][ T7737] ? __pfx_lock_release+0x10/0x10 [ 197.714911][ T7737] ? __pfx_vfs_read+0x10/0x10 [ 197.714934][ T7737] ? __fget_files+0x29/0x470 [ 197.714960][ T7737] ? __fget_files+0x3f6/0x470 [ 197.714997][ T7737] ksys_read+0x1a0/0x2c0 [ 197.715025][ T7737] ? __pfx_ksys_read+0x10/0x10 [ 197.715051][ T7737] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 197.715074][ T7737] ? lockdep_hardirqs_on+0x99/0x150 [ 197.715097][ T7737] __do_fast_syscall_32+0xb4/0x110 [ 197.715117][ T7737] ? exc_page_fault+0x590/0x8c0 [ 197.715142][ T7737] do_fast_syscall_32+0x34/0x80 [ 197.715167][ T7737] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 197.715187][ T7737] RIP: 0023:0xf7fd6579 [ 197.715205][ T7737] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 197.715220][ T7737] RSP: 002b:00000000f57865a0 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 197.715241][ T7737] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5786620 [ 197.715254][ T7737] RDX: 000000000000000f RSI: 00000000f745cff4 RDI: 0000000000000000 [ 197.715266][ T7737] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 197.715277][ T7737] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 197.715289][ T7737] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 197.715316][ T7737] [ 197.781785][ T7622] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 197.785048][ T7622] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 197.926188][ T9] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 198.169837][ T7622] team0: Port device team_slave_0 added [ 198.187716][ T7622] team0: Port device team_slave_1 added [ 198.227954][ T7744] netlink: 24 bytes leftover after parsing attributes in process `syz.4.411'. [ 198.240547][ T7622] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 198.252441][ T7622] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.280653][ T7622] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 198.295725][ T7622] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 198.302857][ T5234] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 198.311507][ T7622] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.315942][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 198.337488][ C1] vkms_vblank_simulate: vblank timer overrun [ 198.347078][ T7622] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 198.383229][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 198.399363][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 198.427132][ T9] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 198.442270][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.472644][ T9] usb 1-1: config 0 descriptor?? [ 198.500849][ T9] hub 1-1:0.0: USB hub found [ 198.518071][ T5234] usb 2-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 198.536498][ T5234] usb 2-1: config 7 has 1 interface, different from the descriptor's value: 2 [ 198.555738][ T5234] usb 2-1: New USB device found, idVendor=19d2, idProduct=1275, bcdDevice= 0.84 [ 198.565547][ T5234] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 198.581692][ T7622] hsr_slave_0: entered promiscuous mode [ 198.608720][ T5234] usb 2-1: Product: syz [ 198.612616][ T7622] hsr_slave_1: entered promiscuous mode [ 198.618494][ T5234] usb 2-1: SerialNumber: syz [ 198.632354][ T5234] rndis_host 2-1:7.0: skipping garbage [ 198.647538][ T5234] usb 2-1: bad CDC descriptors [ 198.655500][ T7622] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 198.658910][ T5234] option 2-1:7.0: GSM modem (1-port) converter detected [ 198.678467][ T7622] Cannot create hsr debugfs directory [ 198.686225][ T5226] Bluetooth: hci5: command tx timeout [ 198.716627][ T9] hub 1-1:0.0: 1 port detected [ 198.945899][ T25] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 199.024951][ T5234] usb 2-1: USB disconnect, device number 23 [ 199.038406][ T5234] option 2-1:7.0: device disconnected [ 199.171505][ T25] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 199.202353][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.212958][ T25] usb 5-1: Product: syz [ 199.217835][ T25] usb 5-1: Manufacturer: syz [ 199.222458][ T25] usb 5-1: SerialNumber: syz [ 199.239031][ T25] usb 5-1: config 0 descriptor?? [ 199.256059][ T25] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 015 [ 199.389603][ T941] hub 1-1:0.0: activate --> -90 [ 199.656929][ T25] (null): failure reading functionality [ 199.668397][ T46] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 199.692978][ T25] i2c i2c-1: connected i2c-tiny-usb device [ 199.767389][ T7622] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 199.791985][ T7622] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 199.811472][ T941] usb 1-1-port1: config error [ 199.829606][ T941] usb 1-1-port1: cannot disable (err = -71) [ 199.836904][ T25] usb 1-1: USB disconnect, device number 26 [ 199.851920][ T7622] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 199.896352][ T46] usb 3-1: Using ep0 maxpacket: 8 [ 199.918754][ T46] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 199.921419][ T7622] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 199.975003][ T46] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 200.015428][ T46] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.038355][ T46] usb 3-1: config 0 descriptor?? [ 200.080125][ T5234] usb 5-1: USB disconnect, device number 15 [ 200.267792][ T46] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 200.362784][ T7622] 8021q: adding VLAN 0 to HW filter on device bond0 [ 200.432585][ T7622] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.488376][ T7794] FAULT_INJECTION: forcing a failure. [ 200.488376][ T7794] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 200.509533][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 200.516788][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 200.531748][ T7794] CPU: 0 UID: 0 PID: 7794 Comm: syz.0.421 Not tainted 6.11.0-rc2-syzkaller-00239-g34ac1e82e5a7 #0 [ 200.542560][ T7794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 200.552643][ T7794] Call Trace: [ 200.555945][ T7794] [ 200.558893][ T7794] dump_stack_lvl+0x241/0x360 [ 200.563597][ T7794] ? __pfx_dump_stack_lvl+0x10/0x10 [ 200.568822][ T7794] ? __pfx__printk+0x10/0x10 [ 200.573529][ T7794] ? __pfx_lock_release+0x10/0x10 [ 200.578676][ T7794] should_fail_ex+0x3b0/0x4e0 [ 200.583464][ T7794] _copy_from_user+0x2f/0xe0 [ 200.588073][ T7794] get_compat_msghdr+0xae/0x730 [ 200.592927][ T7794] ? __fget_files+0x29/0x470 [ 200.597538][ T7794] ? __pfx_get_compat_msghdr+0x10/0x10 [ 200.603006][ T7794] ? __fget_files+0x3f6/0x470 [ 200.607704][ T7794] __sys_sendmmsg+0x46e/0x740 [ 200.612393][ T7794] ? __pfx___sys_sendmmsg+0x10/0x10 [ 200.617593][ T7794] ? __pfx_lock_acquire+0x10/0x10 [ 200.622713][ T7794] ? get_pid_task+0x23/0x1f0 [ 200.627325][ T7794] ? __pfx_lock_release+0x10/0x10 [ 200.632456][ T7794] ? kstrtouint_from_user+0x128/0x190 [ 200.637856][ T7794] ? __pfx_lock_release+0x10/0x10 [ 200.642892][ T7794] ? __mutex_unlock_slowpath+0x21d/0x750 [ 200.648530][ T7794] ? __fget_files+0x3f6/0x470 [ 200.653208][ T7794] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 200.659189][ T7794] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 200.665516][ T7794] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 200.671144][ T7794] __do_fast_syscall_32+0xb4/0x110 [ 200.676258][ T7794] ? exc_page_fault+0x590/0x8c0 [ 200.681107][ T7794] do_fast_syscall_32+0x34/0x80 [ 200.685961][ T7794] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 200.692298][ T7794] RIP: 0023:0xf7fb3579 [ 200.696365][ T7794] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 200.716052][ T7794] RSP: 002b:00000000f576656c EFLAGS: 00000206 ORIG_RAX: 0000000000000159 [ 200.724478][ T7794] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000020004600 [ 200.732447][ T7794] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000 [ 200.740417][ T7794] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 200.748387][ T7794] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 200.756352][ T7794] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 200.764357][ T7794] [ 200.797281][ T5226] Bluetooth: hci5: command tx timeout [ 200.818888][ T1114] bridge0: port 2(bridge_slave_1) entered blocking state [ 200.826100][ T1114] bridge0: port 2(bridge_slave_1) entered forwarding state [ 201.035307][ T7797] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 201.083094][ T7797] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 201.172493][ T7622] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 201.400124][ T7622] veth0_vlan: entered promiscuous mode [ 201.434562][ T7622] veth1_vlan: entered promiscuous mode [ 201.561783][ T7622] veth0_macvtap: entered promiscuous mode [ 201.621904][ T7622] veth1_macvtap: entered promiscuous mode [ 201.694825][ T7622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 201.727703][ T7622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.762905][ T7622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 201.783875][ T7622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.805695][ T7622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 201.842931][ T7622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.876031][ T7622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 201.917989][ T7622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 201.950044][ T7622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 201.985829][ T7622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.018996][ T7622] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 202.071063][ T7622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 202.099402][ T7622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.140812][ T7622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 202.186113][ T7622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.238280][ T7622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 202.278895][ T7622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.319045][ T7622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 202.355180][ T7622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.388613][ T7622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 202.419356][ T7622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 202.455632][ T7622] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 202.529038][ T7622] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.560171][ T7622] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.592742][ T7622] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.623122][ T7622] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 202.854498][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.890412][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.954571][ T29] audit: type=1326 audit(1723342075.773:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7832 comm="syz.1.427" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf73ad579 code=0x0 [ 202.997054][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 203.007664][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 203.242359][ T7837] netlink: 16 bytes leftover after parsing attributes in process `syz.3.385'. [ 203.526033][ T5272] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 203.686700][ T5234] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 203.728901][ T5272] usb 5-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 203.769795][ T5272] usb 5-1: config 7 has 1 interface, different from the descriptor's value: 2 [ 203.800610][ T5272] usb 5-1: New USB device found, idVendor=19d2, idProduct=1275, bcdDevice= 0.84 [ 203.824894][ T5272] usb 5-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 203.843507][ T5272] usb 5-1: Product: syz [ 203.851336][ T5272] usb 5-1: SerialNumber: syz [ 203.877426][ T5272] rndis_host 5-1:7.0: skipping garbage [ 203.896846][ T5272] usb 5-1: bad CDC descriptors [ 203.898799][ T5234] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 203.920015][ T5234] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 203.920950][ T5272] option 5-1:7.0: GSM modem (1-port) converter detected [ 203.941433][ T5234] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 203.971264][ T5234] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 204.039231][ T5234] usb 4-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41 [ 204.054496][ T5234] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.075949][ T5234] usb 4-1: Product: syz [ 204.080254][ T5234] usb 4-1: Manufacturer: syz [ 204.095946][ T46] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 204.107092][ T5234] usb 4-1: SerialNumber: syz [ 204.126548][ T5234] usb 4-1: config 0 descriptor?? [ 204.134000][ T5234] usb 4-1: ucan: probing device on interface #0 [ 204.152057][ T5234] usb 4-1: ucan: invalid endpoint configuration [ 204.159149][ T5234] usb 4-1: ucan: probe failed; try to update the device firmware [ 204.272232][ T7864] netlink: 24 bytes leftover after parsing attributes in process `syz.0.433'. [ 204.312859][ T5281] usb 5-1: USB disconnect, device number 16 [ 204.326767][ T5281] option 5-1:7.0: device disconnected [ 204.332856][ T46] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 204.363869][ T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 45, changing to 9 [ 204.386753][ T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24942, setting to 1024 [ 204.386840][ T5273] usb 4-1: USB disconnect, device number 29 [ 204.400714][ T46] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 204.437454][ T46] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 204.457442][ T46] usb 2-1: Manufacturer: syz [ 204.475147][ T46] usb 2-1: config 0 descriptor?? [ 204.489315][ T46] igorplugusb 2-1:0.0: endpoint incorrect [ 204.863049][ T46] usb 3-1: USB disconnect, device number 26 [ 204.898716][ T46] iowarrior 3-1:0.0: I/O-Warror #0 now disconnected [ 205.178561][ T7880] netlink: 4 bytes leftover after parsing attributes in process `syz.4.437'. [ 205.237504][ T2934] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.398544][ T2934] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.488525][ T2934] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.562536][ T5281] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 205.619365][ T2934] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.782676][ T5281] usb 4-1: Using ep0 maxpacket: 32 [ 205.809922][ T5281] usb 4-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 205.833680][ T5281] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.860083][ T5281] usb 4-1: Product: syz [ 205.863497][ T2934] bridge_slave_1: left allmulticast mode [ 205.865595][ T5281] usb 4-1: Manufacturer: syz [ 205.879671][ T5281] usb 4-1: SerialNumber: syz [ 205.894053][ T2934] bridge_slave_1: left promiscuous mode [ 205.906236][ T2934] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.908627][ T5281] usb 4-1: config 0 descriptor?? [ 205.931882][ T2934] bridge_slave_0: left allmulticast mode [ 205.942392][ T2934] bridge_slave_0: left promiscuous mode [ 205.952965][ T2934] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.122447][ T7882] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 206.155672][ T7882] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 206.571222][ T5281] rtl8150 4-1:0.0: couldn't reset the device [ 206.593807][ T5281] rtl8150 4-1:0.0: probe with driver rtl8150 failed with error -5 [ 206.640892][ T5281] usb 4-1: USB disconnect, device number 30 [ 206.787907][ T5272] usb 2-1: USB disconnect, device number 24 [ 206.892620][ T7907] FAULT_INJECTION: forcing a failure. [ 206.892620][ T7907] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 206.920150][ T54] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 206.934419][ T54] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 206.943801][ T54] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 206.961121][ T54] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 206.970316][ T54] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 206.972336][ T7907] CPU: 0 UID: 0 PID: 7907 Comm: syz.0.446 Not tainted 6.11.0-rc2-syzkaller-00239-g34ac1e82e5a7 #0 [ 206.987879][ T7907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 206.990659][ T54] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 206.997930][ T7907] Call Trace: [ 206.997946][ T7907] [ 206.997955][ T7907] dump_stack_lvl+0x241/0x360 [ 206.997988][ T7907] ? __pfx_dump_stack_lvl+0x10/0x10 [ 206.998011][ T7907] ? __pfx__printk+0x10/0x10 [ 207.025632][ T7907] ? __pfx_lock_release+0x10/0x10 [ 207.030692][ T7907] should_fail_ex+0x3b0/0x4e0 [ 207.035407][ T7907] _copy_from_iter+0x1f6/0x1960 [ 207.040301][ T7907] ? __virt_addr_valid+0x183/0x530 [ 207.045453][ T7907] ? __pfx_lock_release+0x10/0x10 [ 207.050516][ T7907] ? __alloc_skb+0x28f/0x440 [ 207.055134][ T7907] ? __pfx__copy_from_iter+0x10/0x10 [ 207.060444][ T7907] ? __virt_addr_valid+0x183/0x530 [ 207.065568][ T7907] ? __virt_addr_valid+0x183/0x530 [ 207.070704][ T7907] ? __virt_addr_valid+0x45f/0x530 [ 207.075843][ T7907] ? __check_object_size+0x49c/0x900 [ 207.081158][ T7907] netlink_sendmsg+0x73d/0xcb0 [ 207.085952][ T7907] ? __pfx_netlink_sendmsg+0x10/0x10 [ 207.091244][ T7907] ? aa_sock_msg_perm+0x91/0x160 [ 207.096175][ T7907] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 207.101453][ T7907] ? security_socket_sendmsg+0x87/0xb0 [ 207.106901][ T7907] ? __pfx_netlink_sendmsg+0x10/0x10 [ 207.112169][ T7907] __sock_sendmsg+0x221/0x270 [ 207.116842][ T7907] ____sys_sendmsg+0x525/0x7d0 [ 207.121616][ T7907] ? __pfx_____sys_sendmsg+0x10/0x10 [ 207.126891][ T7907] __sys_sendmsg+0x2b0/0x3a0 [ 207.131646][ T7907] ? __pfx___sys_sendmsg+0x10/0x10 [ 207.136735][ T7907] ? vfs_write+0x7c4/0xc90 [ 207.141156][ T7907] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 207.147736][ T7907] ? lockdep_hardirqs_on+0x99/0x150 [ 207.152944][ T7907] __do_fast_syscall_32+0xb4/0x110 [ 207.158064][ T7907] ? exc_page_fault+0x590/0x8c0 [ 207.162918][ T7907] do_fast_syscall_32+0x34/0x80 [ 207.167767][ T7907] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 207.174093][ T7907] RIP: 0023:0xf7fb3579 [ 207.178150][ T7907] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 207.197744][ T7907] RSP: 002b:00000000f572456c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 207.206142][ T7907] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000020000780 [ 207.214096][ T7907] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 207.222053][ T7907] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 207.230017][ T7907] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 207.237971][ T7907] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 207.246020][ T7907] [ 207.390001][ T2934] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 207.404467][ T2934] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 207.444177][ T2934] bond0 (unregistering): Released all slaves [ 207.475679][ T7900] netlink: 24 bytes leftover after parsing attributes in process `syz.4.445'. [ 207.588461][ T5272] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 207.848493][ T5272] usb 2-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 207.888419][ T5272] usb 2-1: config 7 has 1 interface, different from the descriptor's value: 2 [ 207.908830][ T5272] usb 2-1: New USB device found, idVendor=19d2, idProduct=1275, bcdDevice= 0.84 [ 207.921478][ T5272] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 207.930359][ T5272] usb 2-1: Product: syz [ 207.934640][ T5272] usb 2-1: SerialNumber: syz [ 207.953232][ T5272] rndis_host 2-1:7.0: skipping garbage [ 207.959010][ T5272] usb 2-1: bad CDC descriptors [ 207.966207][ T5272] option 2-1:7.0: GSM modem (1-port) converter detected [ 208.044531][ T25] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 208.266832][ T25] usb 5-1: Using ep0 maxpacket: 32 [ 208.284149][ T2934] hsr_slave_0: left promiscuous mode [ 208.325686][ T25] usb 5-1: config 0 has an invalid interface number: 111 but max is 1 [ 208.340602][ T2934] hsr_slave_1: left promiscuous mode [ 208.359539][ T2934] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 208.364579][ T25] usb 5-1: config 0 has no interface number 1 [ 208.392435][ T2934] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 208.433465][ T25] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=4a.83 [ 208.452222][ T2934] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 208.459059][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.473198][ T5272] usb 2-1: USB disconnect, device number 25 [ 208.491259][ T5272] option 2-1:7.0: device disconnected [ 208.497786][ T25] usb 5-1: Product: syz [ 208.497812][ T25] usb 5-1: Manufacturer: syz [ 208.497828][ T25] usb 5-1: SerialNumber: syz [ 208.512551][ T2934] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 208.545326][ T25] usb 5-1: config 0 descriptor?? [ 208.608993][ T2934] veth1_macvtap: left promiscuous mode [ 208.617098][ T2934] veth0_macvtap: left promiscuous mode [ 208.623237][ T2934] veth1_vlan: left promiscuous mode [ 208.629422][ T2934] veth0_vlan: left promiscuous mode [ 208.798772][ T25] snd-usb-6fire 5-1:0.111: unable to receive device firmware state. [ 208.820453][ T25] snd-usb-6fire 5-1:0.111: probe with driver snd-usb-6fire failed with error -71 [ 208.837170][ T25] usb 5-1: USB disconnect, device number 17 [ 209.008354][ T5226] Bluetooth: hci4: command tx timeout [ 209.473790][ T2934] team0 (unregistering): Port device team_slave_1 removed [ 209.587633][ T2934] team0 (unregistering): Port device team_slave_0 removed [ 209.947970][ T5281] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 210.141291][ T5281] usb 5-1: Using ep0 maxpacket: 32 [ 210.154827][ T5281] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 210.173652][ T5281] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 210.193315][ T5281] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 210.211737][ T5281] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 210.227071][ T5281] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.256009][ T5281] usb 5-1: config 0 descriptor?? [ 210.261852][ T7968] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 210.281834][ T5281] hub 5-1:0.0: USB hub found [ 210.363255][ T7940] netlink: 24 bytes leftover after parsing attributes in process `syz.0.452'. [ 210.465712][ T7909] chnl_net:caif_netlink_parms(): no params data found [ 210.602984][ T5281] hub 5-1:0.0: 2 ports detected [ 210.850991][ T7909] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.880379][ T7909] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.913828][ T7909] bridge_slave_0: entered allmulticast mode [ 210.922859][ T7909] bridge_slave_0: entered promiscuous mode [ 210.940241][ T7909] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.948873][ T7909] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.956660][ T7909] bridge_slave_1: entered allmulticast mode [ 210.965675][ T7909] bridge_slave_1: entered promiscuous mode [ 211.006025][ T25] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 211.046638][ T7909] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 211.069991][ T7909] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 211.086012][ T5226] Bluetooth: hci4: command tx timeout [ 211.186432][ T25] usb 2-1: Using ep0 maxpacket: 8 [ 211.211399][ T25] usb 2-1: config 4 has an invalid interface number: 109 but max is 3 [ 211.226176][ T7909] team0: Port device team_slave_0 added [ 211.234992][ T25] usb 2-1: config 4 has an invalid interface number: 231 but max is 3 [ 211.249368][ T7909] team0: Port device team_slave_1 added [ 211.255416][ T25] usb 2-1: config 4 has an invalid interface descriptor of length 6, skipping [ 211.290045][ T25] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 211.300643][ T25] usb 2-1: config 4 has 2 interfaces, different from the descriptor's value: 4 [ 211.310046][ T25] usb 2-1: config 4 has no interface number 0 [ 211.316525][ T25] usb 2-1: config 4 has no interface number 1 [ 211.322692][ T25] usb 2-1: config 4 interface 109 altsetting 7 endpoint 0xE has invalid maxpacket 959, setting to 64 [ 211.345352][ T7909] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 211.353213][ T25] usb 2-1: config 4 interface 109 altsetting 7 endpoint 0x9 has invalid maxpacket 1023, setting to 64 [ 211.374776][ T7909] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.420177][ T25] usb 2-1: config 4 interface 109 altsetting 7 endpoint 0x1 has invalid maxpacket 1024, setting to 64 [ 211.432131][ T25] usb 2-1: config 4 interface 109 altsetting 7 has a duplicate endpoint with address 0xE, skipping [ 211.444154][ T7909] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 211.474246][ T25] usb 2-1: config 4 interface 109 altsetting 7 endpoint 0x7 has invalid maxpacket 1967, setting to 64 [ 211.499915][ T7909] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 211.507465][ T25] usb 2-1: config 4 interface 109 altsetting 7 has a duplicate endpoint with address 0x1, skipping [ 211.518411][ T7909] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 211.544973][ T25] usb 2-1: config 4 interface 109 altsetting 7 has a duplicate endpoint with address 0x8E, skipping [ 211.562245][ T25] usb 2-1: config 4 interface 109 altsetting 7 has a duplicate endpoint with address 0x1, skipping [ 211.583408][ T7909] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 211.602779][ T25] usb 2-1: config 4 interface 109 altsetting 7 endpoint 0x6 has invalid maxpacket 1415, setting to 1024 [ 211.622459][ T25] usb 2-1: config 4 interface 109 altsetting 7 bulk endpoint 0x6 has invalid maxpacket 1024 [ 211.645401][ T25] usb 2-1: config 4 interface 109 altsetting 7 has an endpoint descriptor with address 0x94, changing to 0x84 [ 211.697044][ T25] usb 2-1: config 4 interface 109 altsetting 7 has a duplicate endpoint with address 0x9, skipping [ 211.715878][ T25] usb 2-1: config 4 interface 231 altsetting 14 endpoint 0x5 has an invalid bInterval 36, changing to 9 [ 211.766657][ T25] usb 2-1: config 4 interface 231 altsetting 14 endpoint 0x5 has invalid maxpacket 1543, setting to 1024 [ 211.795978][ T25] usb 2-1: config 4 interface 231 altsetting 14 has 1 endpoint descriptor, different from the interface descriptor's value: 7 [ 211.819528][ T7909] hsr_slave_0: entered promiscuous mode [ 211.826295][ T25] usb 2-1: config 4 interface 109 has no altsetting 0 [ 211.835991][ T7909] hsr_slave_1: entered promiscuous mode [ 211.842356][ T25] usb 2-1: config 4 interface 231 has no altsetting 0 [ 211.856138][ T7909] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 211.863562][ T25] usb 2-1: New USB device found, idVendor=13d3, idProduct=3341, bcdDevice=8f.75 [ 211.863721][ T7909] Cannot create hsr debugfs directory [ 211.885837][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.907190][ T25] usb 2-1: Product: syz [ 211.911520][ T25] usb 2-1: Manufacturer: 졬详눦嵰椸㾺榘꾌਱䲔ࠊᯥみ₾熍㫷矌▧㨾롤恵굟⥎ྖ대﨩騚ゴ挧ऽ暄葰鉚꒎ʝꢸ┏䅪ࢼ₤泓鏄ཱ캩꘩癁庈쭊⩚條䛲뛔ϒﷰ瀌痏匔㝭毖ᰞﭒ땮⚩캿뫾촔碛탹ꬄ౦Вꥒ舦鹭ഌ⿾읎睾⦲蓡⭻픗ಥ嗸竸⟽띖徛芬붋烴딑鸷䌺蕴芐⚭뵣瑝뛞喙蜦뎂㆔〿 [ 211.946954][ T5281] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 212.014474][ C1] vxcan0: j1939_tp_rxtimer: 0xffff888024d73400: rx timeout, send abort [ 212.023539][ C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff888024d73400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 212.042167][ T25] usb 2-1: SerialNumber: syz [ 212.071507][ T7986] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 212.079417][ T7986] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 212.152731][ T5281] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 212.162228][ T5281] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.191141][ T7968] trusted_key: syz.4.457 sent an empty control message without MSG_MORE. [ 212.218045][ T5281] usb 4-1: config 0 descriptor?? [ 212.358016][ T58] usb 5-1: USB disconnect, device number 18 [ 212.408478][ T25] r8712u: register rtl8712_netdev_ops to netdev_ops [ 212.450768][ T25] usb 2-1: r8712u: USB_SPEED_HIGH with 6 endpoints [ 212.482386][ T25] usb 2-1: r8712u: Boot from EFUSE: Autoload Failed [ 212.498441][ T25] usb 2-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 212.524986][ T25] usb 2-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 212.589004][ T25] r8712u: register rtl8712_netdev_ops to netdev_ops [ 212.616901][ T25] usb 2-1: r8712u: USB_SPEED_HIGH with 1 endpoints [ 212.633674][ T25] usb 2-1: r8712u: Boot from EFUSE: Autoload Failed [ 212.641207][ T25] usb 2-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 212.659325][ T25] usb 2-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 212.706311][ T25] usb 2-1: USB disconnect, device number 26 [ 212.714685][ T5281] usb 4-1: Cannot set MAC address [ 212.728571][ T5281] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 212.809379][ T5281] usb 4-1: USB disconnect, device number 31 [ 213.127480][ T8033] FAULT_INJECTION: forcing a failure. [ 213.127480][ T8033] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 213.164588][ T8033] CPU: 0 UID: 0 PID: 8033 Comm: syz.4.469 Not tainted 6.11.0-rc2-syzkaller-00239-g34ac1e82e5a7 #0 [ 213.173002][ T7909] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 213.175203][ T8033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 213.175218][ T8033] Call Trace: [ 213.175227][ T8033] [ 213.175236][ T8033] dump_stack_lvl+0x241/0x360 [ 213.202846][ T8033] ? __pfx_dump_stack_lvl+0x10/0x10 [ 213.208083][ T8033] ? __pfx__printk+0x10/0x10 [ 213.212709][ T8033] ? snprintf+0xda/0x120 [ 213.216980][ T8033] should_fail_ex+0x3b0/0x4e0 [ 213.221688][ T8033] _copy_to_user+0x2f/0xb0 [ 213.226134][ T8033] simple_read_from_buffer+0xca/0x150 [ 213.231545][ T8033] proc_fail_nth_read+0x1e9/0x250 [ 213.236612][ T8033] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 213.242196][ T8033] ? rw_verify_area+0x520/0x6b0 [ 213.247077][ T8033] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 213.252642][ T8033] vfs_read+0x204/0xbc0 [ 213.256838][ T8033] ? __pfx_vfs_read+0x10/0x10 [ 213.261556][ T8033] ? __ia32_compat_sys_newfstat+0x16a/0x1c0 [ 213.267486][ T8033] ? __pfx___ia32_compat_sys_newfstat+0x10/0x10 [ 213.273773][ T8033] ksys_read+0x1a0/0x2c0 [ 213.278050][ T8033] ? __pfx_ksys_read+0x10/0x10 [ 213.282845][ T8033] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 213.289470][ T8033] ? lockdep_hardirqs_on+0x99/0x150 [ 213.294706][ T8033] __do_fast_syscall_32+0xb4/0x110 [ 213.299850][ T8033] ? exc_page_fault+0x590/0x8c0 [ 213.304734][ T8033] do_fast_syscall_32+0x34/0x80 [ 213.309628][ T8033] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 213.315981][ T8033] RIP: 0023:0xf7fd6579 [ 213.320072][ T8033] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 213.339706][ T8033] RSP: 002b:00000000f57865a0 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 213.348322][ T8033] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5786620 [ 213.356409][ T8033] RDX: 000000000000000f RSI: 00000000f745cff4 RDI: 0000000000000000 [ 213.364403][ T8033] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 213.372402][ T8033] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 213.380399][ T8033] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 213.388500][ T8033] [ 213.401400][ T7909] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 213.416478][ T5226] Bluetooth: hci4: command tx timeout [ 213.500721][ T7909] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 213.539935][ T8038] netlink: 60 bytes leftover after parsing attributes in process `syz.1.471'. [ 213.569072][ T7909] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 213.694805][ T8046] netlink: 20 bytes leftover after parsing attributes in process `syz.3.473'. [ 213.871630][ T8047] netlink: 24 bytes leftover after parsing attributes in process `syz.0.472'. [ 213.902656][ T8050] FAULT_INJECTION: forcing a failure. [ 213.902656][ T8050] name failslab, interval 1, probability 0, space 0, times 0 [ 213.920413][ T8048] hub 9-0:1.0: USB hub found [ 213.927113][ T8048] hub 9-0:1.0: 8 ports detected [ 213.927153][ T8050] CPU: 0 UID: 0 PID: 8050 Comm: syz.4.475 Not tainted 6.11.0-rc2-syzkaller-00239-g34ac1e82e5a7 #0 [ 213.932013][ T8050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 213.932049][ T8050] Call Trace: [ 213.932058][ T8050] [ 213.932066][ T8050] dump_stack_lvl+0x241/0x360 [ 213.932101][ T8050] ? __pfx_dump_stack_lvl+0x10/0x10 [ 213.932125][ T8050] ? __pfx__printk+0x10/0x10 [ 213.932152][ T8050] ? fs_reclaim_acquire+0x93/0x140 [ 213.932177][ T8050] ? __pfx___might_resched+0x10/0x10 [ 213.932205][ T8050] should_fail_ex+0x3b0/0x4e0 [ 213.932229][ T8050] ? tomoyo_encode+0x26f/0x540 [ 213.932251][ T8050] should_failslab+0xac/0x100 [ 213.932278][ T8050] ? tomoyo_encode+0x26f/0x540 [ 213.932298][ T8050] __kmalloc_noprof+0xd8/0x400 [ 213.932323][ T8050] tomoyo_encode+0x26f/0x540 [ 213.932352][ T8050] tomoyo_realpath_from_path+0x59e/0x5e0 [ 213.932388][ T8050] tomoyo_path_perm+0x2b7/0x740 [ 213.932410][ T8050] ? aa_get_newest_label+0xff/0x6f0 [ 213.932432][ T8050] ? tomoyo_path_perm+0x287/0x740 [ 213.932450][ T8050] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 213.932478][ T8050] ? from_kgid+0x1a7/0x730 [ 213.932519][ T8050] ? apparmor_capable+0x138/0x1b0 [ 213.932545][ T8050] ? security_capable+0x90/0xb0 [ 213.932571][ T8050] security_path_chroot+0x65/0x90 [ 213.932599][ T8050] __se_sys_chroot+0x1c5/0x2b0 [ 213.932627][ T8050] ? __pfx___se_sys_chroot+0x10/0x10 [ 213.932656][ T8050] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 213.932681][ T8050] ? lockdep_hardirqs_on+0x99/0x150 [ 213.932709][ T8050] __do_fast_syscall_32+0xb4/0x110 [ 213.932736][ T8050] ? exc_page_fault+0x590/0x8c0 [ 213.932778][ T8050] do_fast_syscall_32+0x34/0x80 [ 213.932802][ T8050] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 213.932824][ T8050] RIP: 0023:0xf7fd6579 [ 213.932842][ T8050] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 213.932858][ T8050] RSP: 002b:00000000f578656c EFLAGS: 00000206 ORIG_RAX: 000000000000003d [ 213.932880][ T8050] RAX: ffffffffffffffda RBX: 00000000200000c0 RCX: 0000000000000000 [ 213.932894][ T8050] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 213.932907][ T8050] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 213.932919][ T8050] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 213.932929][ T8050] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 213.932953][ T8050] [ 213.944160][ T8050] ERROR: Out of memory at tomoyo_realpath_from_path. [ 213.946126][ T5272] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 214.243801][ T7909] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.331580][ T7909] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.378209][ T5272] usb 2-1: Using ep0 maxpacket: 8 [ 214.388275][ T5272] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 214.398418][ T5272] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 214.413715][ T2531] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.421007][ T2531] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.436374][ T5272] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 214.465825][ T2531] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.473045][ T2531] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.479472][ T5272] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 214.517202][ T5272] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 214.554833][ T5272] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.737930][ T7909] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 214.776102][ T5275] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 214.808375][ T5272] usb 2-1: GET_CAPABILITIES returned 0 [ 214.826269][ T5272] usbtmc 2-1:16.0: can't read capabilities [ 214.870113][ T7909] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 214.988100][ T5275] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 215.012288][ T7909] veth0_vlan: entered promiscuous mode [ 215.030066][ T5275] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 215.052857][ T7909] veth1_vlan: entered promiscuous mode [ 215.097885][ T5275] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 215.129607][ T5275] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 215.138136][ T25] usb 2-1: USB disconnect, device number 27 [ 215.168599][ T5275] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 215.207340][ T7909] veth0_macvtap: entered promiscuous mode [ 215.213268][ T5275] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.229450][ T5275] usb 1-1: config 0 descriptor?? [ 215.235107][ T7909] veth1_macvtap: entered promiscuous mode [ 215.244793][ T8059] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 215.305970][ T5281] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 215.322697][ T7909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 215.343727][ T7909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.354540][ T7909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 215.371711][ T7909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.382721][ T7909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 215.394163][ T7909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.410811][ T7909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 215.427108][ T7909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.439524][ T7909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 215.450353][ T7909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.481996][ T7909] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 215.490833][ T5226] Bluetooth: hci4: command tx timeout [ 215.511275][ T5281] usb 4-1: config 0 has an invalid interface number: 242 but max is 0 [ 215.535900][ T5281] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 215.538175][ T7909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 215.565589][ T7909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.567563][ T5281] usb 4-1: config 0 has no interface number 0 [ 215.594658][ T7909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 215.602316][ T5281] usb 4-1: config 0 interface 242 altsetting 1 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 215.605514][ T7909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.619650][ T5281] usb 4-1: config 0 interface 242 altsetting 1 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 215.637796][ T5281] usb 4-1: config 0 interface 242 altsetting 1 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 215.650474][ T7909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 215.661688][ T5281] usb 4-1: config 0 interface 242 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 215.674383][ T7909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.680476][ T5275] plantronics 0003:047F:FFFF.0013: No inputs registered, leaving [ 215.687498][ T5281] usb 4-1: config 0 interface 242 altsetting 1 has an endpoint descriptor with address 0x93, changing to 0x83 [ 215.717172][ T7909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 215.721263][ T5275] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 215.757045][ T7909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.776385][ T5281] usb 4-1: config 0 interface 242 altsetting 1 bulk endpoint 0x83 has invalid maxpacket 16 [ 215.795854][ T7909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 215.808228][ T5281] usb 4-1: config 0 interface 242 altsetting 1 has 6 endpoint descriptors, different from the interface descriptor's value: 15 [ 215.843116][ T7909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.857783][ T5281] usb 4-1: config 0 interface 242 has no altsetting 0 [ 215.880971][ T5281] usb 4-1: New USB device found, idVendor=8b63, idProduct=6fac, bcdDevice=80.95 [ 215.893117][ T7909] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 215.905303][ T5281] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.932793][ T7909] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.942108][ T5281] usb 4-1: Product: syz [ 215.948144][ T5281] usb 4-1: Manufacturer: syz [ 215.952935][ T7909] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.977720][ T5281] usb 4-1: SerialNumber: syz [ 215.982662][ T7909] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.007235][ T5281] usb 4-1: config 0 descriptor?? [ 216.012311][ T7909] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 216.022842][ T8066] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 216.072029][ T8059] netlink: 36 bytes leftover after parsing attributes in process `syz.0.478'. [ 216.095458][ T8088] netlink: 'syz.1.483': attribute type 3 has an invalid length. [ 216.110905][ T8088] netlink: 130984 bytes leftover after parsing attributes in process `syz.1.483'. [ 216.111093][ T5275] usb 1-1: USB disconnect, device number 27 [ 216.341710][ T2531] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 216.375921][ T2531] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 216.464643][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 216.498537][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 216.622271][ T8094] netlink: 4 bytes leftover after parsing attributes in process `syz.1.484'. [ 216.688104][ T5281] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 216.918158][ T5281] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 216.976298][ T5281] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 217.031737][ T5281] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 217.106638][ T5281] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.188376][ T8097] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 217.222807][ T5281] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 217.344379][ T8130] netlink: 4 bytes leftover after parsing attributes in process `syz.2.488'. [ 217.383837][ T8130] netlink: 48 bytes leftover after parsing attributes in process `syz.2.488'. [ 217.750614][ T5281] usb 5-1: USB disconnect, device number 19 [ 217.880853][ T25] usb 4-1: USB disconnect, device number 32 [ 218.075967][ T58] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 218.275952][ T58] usb 2-1: Using ep0 maxpacket: 16 [ 218.345082][ T58] usb 2-1: unable to get BOS descriptor or descriptor too short [ 218.363167][ T58] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 218.384247][ T58] usb 2-1: can't read configurations, error -71 [ 218.395909][ T5281] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 218.567299][ T5281] usb 3-1: device descriptor read/64, error -71 [ 218.756106][ T5275] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 218.868219][ T5281] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 218.958480][ T5275] usb 5-1: Using ep0 maxpacket: 8 [ 218.969221][ T5275] usb 5-1: config 4 has an invalid interface number: 109 but max is 3 [ 218.995977][ T5275] usb 5-1: config 4 has an invalid interface number: 231 but max is 3 [ 219.022345][ T5275] usb 5-1: config 4 has an invalid interface descriptor of length 6, skipping [ 219.045439][ T5275] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 219.055943][ T5281] usb 3-1: device descriptor read/64, error -71 [ 219.076807][ T5275] usb 5-1: config 4 has 2 interfaces, different from the descriptor's value: 4 [ 219.094657][ T5275] usb 5-1: config 4 has no interface number 0 [ 219.101194][ T5275] usb 5-1: config 4 has no interface number 1 [ 219.107932][ T5275] usb 5-1: config 4 interface 109 altsetting 7 endpoint 0xE has invalid maxpacket 959, setting to 64 [ 219.120788][ T5275] usb 5-1: config 4 interface 109 altsetting 7 endpoint 0x9 has invalid maxpacket 1023, setting to 64 [ 219.132280][ T5275] usb 5-1: config 4 interface 109 altsetting 7 endpoint 0x1 has invalid maxpacket 1024, setting to 64 [ 219.141204][ T8191] netlink: 'syz.3.502': attribute type 12 has an invalid length. [ 219.144620][ T5275] usb 5-1: config 4 interface 109 altsetting 7 has a duplicate endpoint with address 0xE, skipping [ 219.159629][ T8191] netlink: 132 bytes leftover after parsing attributes in process `syz.3.502'. [ 219.164387][ T5275] usb 5-1: config 4 interface 109 altsetting 7 endpoint 0x7 has invalid maxpacket 1967, setting to 64 [ 219.187026][ T5275] usb 5-1: config 4 interface 109 altsetting 7 has a duplicate endpoint with address 0x1, skipping [ 219.188906][ T5281] usb usb3-port1: attempt power cycle [ 219.198279][ T5275] usb 5-1: config 4 interface 109 altsetting 7 has a duplicate endpoint with address 0x8E, skipping [ 219.214837][ T5275] usb 5-1: config 4 interface 109 altsetting 7 has a duplicate endpoint with address 0x1, skipping [ 219.226140][ T5275] usb 5-1: config 4 interface 109 altsetting 7 endpoint 0x6 has invalid maxpacket 1415, setting to 1024 [ 219.238037][ T5275] usb 5-1: config 4 interface 109 altsetting 7 bulk endpoint 0x6 has invalid maxpacket 1024 [ 219.271781][ T5275] usb 5-1: config 4 interface 109 altsetting 7 has an endpoint descriptor with address 0x94, changing to 0x84 [ 219.300801][ T5275] usb 5-1: config 4 interface 109 altsetting 7 has a duplicate endpoint with address 0x9, skipping [ 219.324458][ T5275] usb 5-1: config 4 interface 231 altsetting 14 endpoint 0x5 has an invalid bInterval 36, changing to 9 [ 219.348369][ T5275] usb 5-1: config 4 interface 231 altsetting 14 endpoint 0x5 has invalid maxpacket 1543, setting to 1024 [ 219.369953][ T5275] usb 5-1: config 4 interface 231 altsetting 14 has 1 endpoint descriptor, different from the interface descriptor's value: 7 [ 219.392486][ T5275] usb 5-1: config 4 interface 109 has no altsetting 0 [ 219.402513][ T5275] usb 5-1: config 4 interface 231 has no altsetting 0 [ 219.431652][ T5275] usb 5-1: New USB device found, idVendor=13d3, idProduct=3341, bcdDevice=8f.75 [ 219.441853][ T5275] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.450399][ T5275] usb 5-1: Product: syz [ 219.454715][ T5275] usb 5-1: Manufacturer: 졬详눦嵰椸㾺榘꾌਱䲔ࠊᯥみ₾熍㫷矌▧㨾롤恵굟⥎ྖ대﨩騚ゴ挧ऽ暄葰鉚꒎ʝꢸ┏䅪ࢼ₤泓鏄ཱ캩꘩癁庈쭊⩚條䛲뛔ϒﷰ瀌痏匔㝭毖ᰞﭒ땮⚩캿뫾촔碛탹ꬄ౦Вꥒ舦鹭ഌ⿾읎睾⦲蓡⭻픗ಥ嗸竸⟽띖徛芬붋烴딑鸷䌺蕴芐⚭뵣瑝뛞喙蜦뎂㆔〿 [ 219.454744][ T5275] usb 5-1: SerialNumber: syz [ 219.469601][ T8173] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 219.500447][ C0] vkms_vblank_simulate: vblank timer overrun [ 219.510076][ T8173] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 219.536989][ T58] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 219.609497][ T25] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 219.656007][ T5281] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 219.697559][ T5281] usb 3-1: device descriptor read/8, error -71 [ 219.728852][ T58] usb 2-1: New USB device found, idVendor=0c45, idProduct=60aa, bcdDevice=43.d9 [ 219.738272][ T58] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.747605][ T5275] r8712u: register rtl8712_netdev_ops to netdev_ops [ 219.754989][ T5275] usb 5-1: r8712u: USB_SPEED_HIGH with 6 endpoints [ 219.769481][ T58] usb 2-1: config 0 descriptor?? [ 219.777200][ T5275] usb 5-1: r8712u: Boot from EFUSE: Autoload Failed [ 219.778824][ T58] gspca_main: sonixb-2.14.0 probing 0c45:60aa [ 219.783812][ T5275] usb 5-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 219.803641][ T5275] usb 5-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 219.805901][ T25] usb 4-1: Using ep0 maxpacket: 32 [ 219.830033][ T25] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 219.833688][ T5275] r8712u: register rtl8712_netdev_ops to netdev_ops [ 219.845189][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 219.860564][ T5275] usb 5-1: r8712u: USB_SPEED_HIGH with 1 endpoints [ 219.870913][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 219.873699][ T5275] usb 5-1: r8712u: Boot from EFUSE: Autoload Failed [ 219.891764][ T5275] usb 5-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 219.899498][ T5275] usb 5-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 219.909804][ T25] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 219.926034][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.945425][ T25] usb 4-1: config 0 descriptor?? [ 219.955182][ T8193] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 219.974431][ T5275] usb 5-1: USB disconnect, device number 20 [ 219.987127][ T5281] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 220.006811][ T25] hub 4-1:0.0: USB hub found [ 220.055398][ T8188] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 220.066769][ T5281] usb 3-1: device descriptor read/8, error -71 [ 220.068801][ T8188] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 220.101283][ T8188] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 220.220610][ T5281] usb usb3-port1: unable to enumerate USB device [ 220.229421][ T58] sonixb 2-1:0.0: Error reading register 00: -71 [ 220.242623][ T25] hub 4-1:0.0: 2 ports detected [ 220.258799][ T58] usb 2-1: USB disconnect, device number 29 [ 220.843945][ C1] vxcan0: j1939_tp_rxtimer: 0xffff888047e37800: rx timeout, send abort [ 220.854902][ C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff888047e37800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 221.770014][ T8246] netlink: 24 bytes leftover after parsing attributes in process `syz.1.513'. [ 222.127422][ T5273] usb 4-1: USB disconnect, device number 33 [ 222.129235][ T58] usb 4-1: Failed to suspend device, error -71 [ 222.226561][ T5275] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 222.252919][ T5226] Bluetooth: hci3: unexpected event 0x09 length: 17 > 3 [ 222.338875][ T63] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.430136][ T5275] usb 3-1: Using ep0 maxpacket: 32 [ 222.445157][ T5275] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 222.467951][ T5275] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 222.490339][ T5275] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 222.512100][ T5275] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.532972][ T63] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.555213][ T5275] usb 3-1: config 0 descriptor?? [ 222.617405][ T5275] hub 3-1:0.0: USB hub found [ 222.675660][ T8262] FAULT_INJECTION: forcing a failure. [ 222.675660][ T8262] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 222.716005][ T8262] CPU: 0 UID: 0 PID: 8262 Comm: syz.1.520 Not tainted 6.11.0-rc2-syzkaller-00239-g34ac1e82e5a7 #0 [ 222.722568][ T63] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.726631][ T8262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 222.726648][ T8262] Call Trace: [ 222.726658][ T8262] [ 222.726667][ T8262] dump_stack_lvl+0x241/0x360 [ 222.726701][ T8262] ? __pfx_dump_stack_lvl+0x10/0x10 [ 222.726725][ T8262] ? __pfx__printk+0x10/0x10 [ 222.726752][ T8262] ? snprintf+0xda/0x120 [ 222.726773][ T8262] should_fail_ex+0x3b0/0x4e0 [ 222.726799][ T8262] _copy_to_user+0x2f/0xb0 [ 222.726823][ T8262] simple_read_from_buffer+0xca/0x150 [ 222.726852][ T8262] proc_fail_nth_read+0x1e9/0x250 [ 222.726877][ T8262] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 222.726908][ T8262] ? rw_verify_area+0x520/0x6b0 [ 222.726930][ T8262] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 222.726953][ T8262] vfs_read+0x204/0xbc0 [ 222.726975][ T8262] ? __pfx_lock_release+0x10/0x10 [ 222.727006][ T8262] ? __pfx_vfs_read+0x10/0x10 [ 222.727029][ T8262] ? __fget_files+0x29/0x470 [ 222.727054][ T8262] ? __fget_files+0x3f6/0x470 [ 222.830630][ T8262] ksys_read+0x1a0/0x2c0 [ 222.834892][ T8262] ? __pfx_ksys_read+0x10/0x10 [ 222.839663][ T8262] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 222.846258][ T8262] ? lockdep_hardirqs_on+0x99/0x150 [ 222.851556][ T8262] __do_fast_syscall_32+0xb4/0x110 [ 222.856665][ T8262] ? exc_page_fault+0x590/0x8c0 [ 222.861510][ T8262] do_fast_syscall_32+0x34/0x80 [ 222.866354][ T8262] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 222.872672][ T8262] RIP: 0023:0xf73ad579 [ 222.876735][ T8262] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 222.896368][ T8262] RSP: 002b:00000000f56c65a0 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 222.904777][ T8262] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f56c6620 [ 222.912831][ T8262] RDX: 000000000000000f RSI: 00000000f739cff4 RDI: 0000000000000000 [ 222.920791][ T8262] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 222.928762][ T8262] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 222.936728][ T8262] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 222.944706][ T8262] [ 222.947754][ C0] vkms_vblank_simulate: vblank timer overrun [ 223.031569][ T5275] hub 3-1:0.0: 1 port detected [ 223.099766][ T8266] netlink: 12 bytes leftover after parsing attributes in process `syz.3.522'. [ 223.174112][ T63] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.237490][ T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 223.251560][ T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 223.264470][ T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 223.273046][ T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 223.288235][ T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 223.295629][ T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 223.805071][ T8272] netlink: 24 bytes leftover after parsing attributes in process `syz.1.523'. [ 224.036840][ T63] bridge_slave_1: left allmulticast mode [ 224.042544][ T63] bridge_slave_1: left promiscuous mode [ 224.076286][ T63] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.120765][ T63] bridge_slave_0: left allmulticast mode [ 224.136779][ T63] bridge_slave_0: left promiscuous mode [ 224.142609][ T63] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.208282][ T5275] hub 3-1:0.0: activate --> -90 [ 224.286996][ T54] Bluetooth: hci3: command tx timeout [ 224.311222][ T8292] ======================================================= [ 224.311222][ T8292] WARNING: The mand mount option has been deprecated and [ 224.311222][ T8292] and is ignored by this kernel. Remove the mand [ 224.311222][ T8292] option from the mount to silence this warning. [ 224.311222][ T8292] ======================================================= [ 224.647382][ T25] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 224.725873][ T5281] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 224.846059][ T25] usb 4-1: Using ep0 maxpacket: 8 [ 224.877240][ T25] usb 4-1: config 4 has an invalid interface number: 109 but max is 3 [ 224.903191][ T25] usb 4-1: config 4 has an invalid interface number: 231 but max is 3 [ 224.930447][ T25] usb 4-1: config 4 has an invalid interface descriptor of length 6, skipping [ 224.949229][ T5281] usb 2-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 224.975947][ T25] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 224.993978][ T5281] usb 2-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 225.023504][ T25] usb 4-1: config 4 has 2 interfaces, different from the descriptor's value: 4 [ 225.032898][ T5281] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 225.045835][ T25] usb 4-1: config 4 has no interface number 0 [ 225.058051][ T5281] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.068169][ T25] usb 4-1: config 4 has no interface number 1 [ 225.074343][ T25] usb 4-1: config 4 interface 109 altsetting 7 endpoint 0xE has invalid maxpacket 959, setting to 64 [ 225.113099][ T25] usb 4-1: config 4 interface 109 altsetting 7 endpoint 0x9 has invalid maxpacket 1023, setting to 64 [ 225.143969][ T25] usb 4-1: config 4 interface 109 altsetting 7 endpoint 0x1 has invalid maxpacket 1024, setting to 64 [ 225.182720][ T25] usb 4-1: config 4 interface 109 altsetting 7 has a duplicate endpoint with address 0xE, skipping [ 225.212300][ T25] usb 4-1: config 4 interface 109 altsetting 7 endpoint 0x7 has invalid maxpacket 1967, setting to 64 [ 225.241723][ T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 225.251706][ T25] usb 4-1: config 4 interface 109 altsetting 7 has a duplicate endpoint with address 0x1, skipping [ 225.262817][ T25] usb 4-1: config 4 interface 109 altsetting 7 has a duplicate endpoint with address 0x8E, skipping [ 225.283358][ T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 225.292401][ T25] usb 4-1: config 4 interface 109 altsetting 7 has a duplicate endpoint with address 0x1, skipping [ 225.315053][ T63] bond0 (unregistering): Released all slaves [ 225.328213][ T25] usb 4-1: config 4 interface 109 altsetting 7 endpoint 0x6 has invalid maxpacket 1415, setting to 1024 [ 225.328846][ T941] hub 3-1:0.0: hub_ext_port_status failed (err = -32) [ 225.347256][ T54] Bluetooth: hci1: command tx timeout [ 225.361945][ T8271] chnl_net:caif_netlink_parms(): no params data found [ 225.374495][ T25] usb 4-1: config 4 interface 109 altsetting 7 bulk endpoint 0x6 has invalid maxpacket 1024 [ 225.393369][ T25] usb 4-1: config 4 interface 109 altsetting 7 has an endpoint descriptor with address 0x94, changing to 0x84 [ 225.435412][ T25] usb 4-1: config 4 interface 109 altsetting 7 has a duplicate endpoint with address 0x9, skipping [ 225.452508][ T5272] usb 3-1: USB disconnect, device number 31 [ 225.481167][ T25] usb 4-1: config 4 interface 231 altsetting 14 endpoint 0x5 has an invalid bInterval 36, changing to 9 [ 225.496426][ T25] usb 4-1: config 4 interface 231 altsetting 14 endpoint 0x5 has invalid maxpacket 1543, setting to 1024 [ 225.509506][ T25] usb 4-1: config 4 interface 231 altsetting 14 has 1 endpoint descriptor, different from the interface descriptor's value: 7 [ 225.547005][ T25] usb 4-1: config 4 interface 109 has no altsetting 0 [ 225.599481][ T25] usb 4-1: config 4 interface 231 has no altsetting 0 [ 225.638666][ T25] usb 4-1: New USB device found, idVendor=13d3, idProduct=3341, bcdDevice=8f.75 [ 225.661379][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 225.669645][ T25] usb 4-1: Product: syz [ 225.673869][ T25] usb 4-1: Manufacturer: 졬详눦嵰椸㾺榘꾌਱䲔ࠊᯥみ₾熍㫷矌▧㨾롤恵굟⥎ྖ대﨩騚ゴ挧ऽ暄葰鉚꒎ʝꢸ┏䅪ࢼ₤泓鏄ཱ캩꘩癁庈쭊⩚條䛲뛔ϒﷰ瀌痏匔㝭毖ᰞﭒ땮⚩캿뫾촔碛탹ꬄ౦Вꥒ舦鹭ഌ⿾읎睾⦲蓡⭻픗ಥ嗸竸⟽띖徛芬붋烴딑鸷䌺蕴芐⚭뵣瑝뛞喙蜦뎂㆔〿 [ 225.709204][ T25] usb 4-1: SerialNumber: syz [ 225.756311][ T8297] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 225.764004][ T8297] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 225.827192][ T8271] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.845309][ T8271] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.853490][ T8271] bridge_slave_0: entered allmulticast mode [ 225.872779][ T8271] bridge_slave_0: entered promiscuous mode [ 225.919174][ T8271] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.938281][ T8271] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.956847][ T8271] bridge_slave_1: entered allmulticast mode [ 225.961822][ T5281] usb 2-1: string descriptor 0 read error: -71 [ 225.964468][ T8271] bridge_slave_1: entered promiscuous mode [ 225.994572][ T5281] usb 2-1: USB disconnect, device number 30 [ 226.022524][ T25] r8712u: register rtl8712_netdev_ops to netdev_ops [ 226.039806][ T25] usb 4-1: r8712u: USB_SPEED_HIGH with 6 endpoints [ 226.062475][ T25] usb 4-1: r8712u: Boot from EFUSE: Autoload Failed [ 226.069436][ T25] usb 4-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 226.077035][ T25] usb 4-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 226.117955][ T25] r8712u: register rtl8712_netdev_ops to netdev_ops [ 226.124591][ T25] usb 4-1: r8712u: USB_SPEED_HIGH with 1 endpoints [ 226.150885][ T8271] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 226.163424][ T25] usb 4-1: r8712u: Boot from EFUSE: Autoload Failed [ 226.171672][ T25] usb 4-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 226.182653][ T8271] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 226.199930][ T25] usb 4-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 226.232389][ T25] usb 4-1: USB disconnect, device number 34 [ 226.309231][ T63] hsr_slave_0: left promiscuous mode [ 226.319920][ T63] hsr_slave_1: left promiscuous mode [ 226.330165][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 226.344642][ T63] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 226.373058][ T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 226.373085][ T63] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 226.411563][ T63] veth1_macvtap: left promiscuous mode [ 226.437115][ T63] veth0_macvtap: left promiscuous mode [ 226.465577][ T63] veth1_vlan: left promiscuous mode [ 226.472213][ T63] veth0_vlan: left promiscuous mode [ 226.834887][ T8332] ALSA: seq fatal error: cannot create timer (-22) [ 226.926105][ T58] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 227.146051][ T58] usb 2-1: Using ep0 maxpacket: 32 [ 227.154399][ T58] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 227.174463][ T58] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 227.186226][ T58] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 227.205559][ T58] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 227.215739][ T58] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 227.235379][ T58] usb 2-1: config 0 descriptor?? [ 227.245180][ T8330] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 227.265050][ T58] hub 2-1:0.0: USB hub found [ 227.415879][ T54] Bluetooth: hci1: command tx timeout [ 227.527422][ T58] hub 2-1:0.0: 2 ports detected [ 227.720465][ T63] team0 (unregistering): Port device team_slave_1 removed [ 227.790571][ T63] team0 (unregistering): Port device team_slave_0 removed [ 228.425886][ T5274] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 228.603875][ T8271] team0: Port device team_slave_0 added [ 228.658436][ T8271] team0: Port device team_slave_1 added [ 228.666390][ T5274] usb 3-1: Using ep0 maxpacket: 32 [ 228.688929][ T5274] usb 3-1: config 0 has an invalid interface number: 111 but max is 1 [ 228.726498][ T5274] usb 3-1: config 0 has no interface number 1 [ 228.767315][ T5274] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=4a.83 [ 228.779641][ T5274] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.788665][ T5274] usb 3-1: Product: syz [ 228.792918][ T5274] usb 3-1: Manufacturer: syz [ 228.798367][ T5274] usb 3-1: SerialNumber: syz [ 228.808017][ T5274] usb 3-1: config 0 descriptor?? [ 228.963521][ T8271] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 228.982283][ T8271] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 229.111155][ T5274] snd-usb-6fire 3-1:0.111: unable to receive device firmware state. [ 229.139118][ T8271] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 229.146114][ T5274] snd-usb-6fire 3-1:0.111: probe with driver snd-usb-6fire failed with error -71 [ 229.217109][ T5274] usb 3-1: USB disconnect, device number 32 [ 229.265134][ T8271] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 229.284755][ T8271] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 229.311011][ C0] vkms_vblank_simulate: vblank timer overrun [ 229.416931][ T8271] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 229.451076][ T8361] tipc: Started in network mode [ 229.458859][ T5272] usb 2-1: USB disconnect, device number 31 [ 229.464890][ T8361] tipc: Node identity 1, cluster identity 4711 [ 229.472620][ T8361] tipc: Node number set to 1 [ 229.480172][ T58] usb 2-1: Failed to suspend device, error -71 [ 229.485919][ T54] Bluetooth: hci1: command tx timeout [ 229.687741][ T8271] hsr_slave_0: entered promiscuous mode [ 229.715490][ T8271] hsr_slave_1: entered promiscuous mode [ 229.735738][ T8271] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 229.743922][ T8271] Cannot create hsr debugfs directory [ 229.966176][ T58] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 230.079674][ T8385] netlink: 12 bytes leftover after parsing attributes in process `syz.2.540'. [ 230.137200][ T8389] fuse: Bad value for 'group_id' [ 230.166935][ T58] usb 5-1: Using ep0 maxpacket: 16 [ 230.174844][ T29] audit: type=1326 audit(1723342102.993:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8386 comm="syz.3.542" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d579 code=0x7ffc0000 [ 230.187677][ T8389] fuse: Bad value for 'group_id' [ 230.230675][ T58] usb 5-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=59.31 [ 230.231960][ T29] audit: type=1326 audit(1723342102.993:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8386 comm="syz.3.542" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d579 code=0x7ffc0000 [ 230.271728][ T29] audit: type=1326 audit(1723342102.993:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8386 comm="syz.3.542" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf747d579 code=0x7ffc0000 [ 230.279471][ T58] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.349518][ T29] audit: type=1326 audit(1723342102.993:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8386 comm="syz.3.542" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d579 code=0x7ffc0000 [ 230.371412][ C0] vkms_vblank_simulate: vblank timer overrun [ 230.390202][ T29] audit: type=1326 audit(1723342102.993:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8386 comm="syz.3.542" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf747d579 code=0x7ffc0000 [ 230.430027][ T58] usb 5-1: Product: syz [ 230.460985][ T58] usb 5-1: Manufacturer: syz [ 230.506019][ T58] usb 5-1: SerialNumber: syz [ 230.536997][ T58] usb 5-1: config 0 descriptor?? [ 230.568193][ T58] usb 5-1: no audio or video endpoints found [ 230.584493][ T58] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 231.000464][ T8403] netlink: 4 bytes leftover after parsing attributes in process `syz.3.544'. [ 231.026763][ T8409] netlink: 24 bytes leftover after parsing attributes in process `syz.1.545'. [ 231.174210][ T8271] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 231.219576][ T8271] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 231.253084][ T8271] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 231.285041][ T8271] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 231.409817][ T941] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 231.568880][ T54] Bluetooth: hci1: command tx timeout [ 231.637806][ T941] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 231.652084][ T941] usb 3-1: config 7 has 1 interface, different from the descriptor's value: 2 [ 231.686764][ T941] usb 3-1: New USB device found, idVendor=19d2, idProduct=1275, bcdDevice= 0.84 [ 231.698009][ T8271] 8021q: adding VLAN 0 to HW filter on device bond0 [ 231.718444][ T941] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 231.741174][ T941] usb 3-1: Product: syz [ 231.754515][ T941] usb 3-1: SerialNumber: syz [ 231.773921][ T941] rndis_host 3-1:7.0: skipping garbage [ 231.796698][ T8271] 8021q: adding VLAN 0 to HW filter on device team0 [ 231.814143][ T941] usb 3-1: bad CDC descriptors [ 231.826938][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.834119][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 231.856608][ T941] option 3-1:7.0: GSM modem (1-port) converter detected [ 231.863668][ T5275] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 231.918382][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.925618][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 231.987282][ T8445] tipc: Started in network mode [ 232.010662][ T8445] tipc: Node identity 1, cluster identity 4711 [ 232.017811][ T8445] tipc: Node number set to 1 [ 232.061783][ T5275] usb 4-1: Using ep0 maxpacket: 32 [ 232.090403][ T5275] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 232.135886][ T5275] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 232.208534][ T5275] usb 4-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2 [ 232.245878][ T5275] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.253924][ T5275] usb 4-1: Product: syz [ 232.278649][ T5281] usb 3-1: USB disconnect, device number 33 [ 232.298988][ T5275] usb 4-1: Manufacturer: syz [ 232.299094][ T5281] option 3-1:7.0: device disconnected [ 232.303613][ T5275] usb 4-1: SerialNumber: syz [ 232.324573][ T8271] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 232.333378][ T5275] usb 4-1: config 0 descriptor?? [ 232.538126][ T8271] veth0_vlan: entered promiscuous mode [ 232.610245][ T8271] veth1_vlan: entered promiscuous mode [ 232.625951][ T8440] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 232.645506][ T8440] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 232.799868][ T941] usb 4-1: USB disconnect, device number 35 [ 232.875010][ T8271] veth0_macvtap: entered promiscuous mode [ 232.938059][ T8271] veth1_macvtap: entered promiscuous mode [ 233.105555][ T8271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.162155][ T8271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.210319][ T8271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.227978][ T8271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.259900][ T8271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.275820][ T8271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.299991][ T8271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.335820][ T8271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.356000][ T8271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 233.375968][ T8271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.411768][ T8271] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 233.436256][ T5275] usb 3-1: new full-speed USB device number 34 using dummy_hcd [ 233.441604][ T8271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.506734][ T8271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.545942][ T8271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.552209][ T5272] usb 5-1: USB disconnect, device number 21 [ 233.602616][ T8271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.640695][ T8271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.653720][ T8271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.664490][ T8271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.675947][ T8271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.695490][ T8271] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 233.706984][ T8271] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 233.749011][ T8271] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 233.787934][ T8499] netlink: 28 bytes leftover after parsing attributes in process `syz.2.552'. [ 233.824254][ T8271] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.863489][ T8271] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.875974][ T941] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 233.904896][ T8271] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 233.920561][ T8271] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 234.086058][ T941] usb 4-1: Using ep0 maxpacket: 16 [ 234.100029][ T941] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 234.129962][ T941] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 234.151271][ T941] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 234.170864][ T941] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 234.196790][ T941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.207458][ T941] usb 4-1: Product: syz [ 234.211691][ T941] usb 4-1: Manufacturer: syz [ 234.216790][ T941] usb 4-1: SerialNumber: syz [ 234.270535][ T5275] usb 3-1: unable to get BOS descriptor or descriptor too short [ 234.287528][ T5275] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 234.306945][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.325197][ T5275] usb 3-1: can't read configurations, error -71 [ 234.352883][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.457068][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 234.491546][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 234.597010][ T8531] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 234.619983][ T8531] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 234.652754][ T8531] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.553'. [ 234.662483][ T8531] openvswitch: netlink: Unknown VXLAN extension attribute 0 [ 234.827113][ T941] usb 4-1: 2:1 : format type 0 is detected, processed as PCM [ 234.852713][ T941] usb 4-1: 2:1 : sample bitwidth 254 in over sample bytes 0 [ 234.882764][ T941] usb 4-1: 2:1 : unsupported sample bitwidth 254 in 0 bytes [ 235.075909][ T941] usb 4-1: USB disconnect, device number 36 [ 235.381475][ T8550] tipc: Started in network mode [ 235.394564][ T8550] tipc: Node identity 1, cluster identity 4711 [ 235.405234][ T5335] udevd[5335]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 235.455024][ T8550] tipc: Node number set to 1 [ 235.661184][ T8555] netlink: 12 bytes leftover after parsing attributes in process `syz.4.556'. [ 235.676236][ T8555] netlink: 'syz.4.556': attribute type 30 has an invalid length. [ 235.835929][ T5274] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 235.887435][ T5275] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 236.035964][ T5274] usb 3-1: Using ep0 maxpacket: 32 [ 236.044575][ T5274] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 236.062408][ T5274] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 236.099314][ T5274] usb 3-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2 [ 236.113113][ T5275] usb 4-1: config 9 has an invalid interface number: 123 but max is 0 [ 236.116219][ T5274] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.135977][ T5275] usb 4-1: config 9 has an invalid interface number: 60 but max is 0 [ 236.145955][ T5274] usb 3-1: Product: syz [ 236.151901][ T5274] usb 3-1: Manufacturer: syz [ 236.161477][ T5274] usb 3-1: SerialNumber: syz [ 236.173254][ T5275] usb 4-1: config 9 has 2 interfaces, different from the descriptor's value: 1 [ 236.182545][ T941] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 236.189117][ T5274] usb 3-1: config 0 descriptor?? [ 236.195652][ T5275] usb 4-1: config 9 has no interface number 0 [ 236.212108][ T5275] usb 4-1: config 9 has no interface number 1 [ 236.236005][ T5275] usb 4-1: config 9 interface 123 altsetting 4 has an endpoint descriptor with address 0x13, changing to 0x3 [ 236.258878][ T5275] usb 4-1: config 9 interface 123 altsetting 4 bulk endpoint 0x3 has invalid maxpacket 1024 [ 236.292668][ T5275] usb 4-1: config 9 interface 123 altsetting 4 endpoint 0xC has invalid maxpacket 1040, setting to 64 [ 236.342725][ T5275] usb 4-1: config 9 interface 123 altsetting 4 has a duplicate endpoint with address 0xE, skipping [ 236.366184][ T941] usb 5-1: Using ep0 maxpacket: 16 [ 236.377377][ T941] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 236.388661][ T5275] usb 4-1: config 9 interface 123 altsetting 4 has 4 endpoint descriptors, different from the interface descriptor's value: 13 [ 236.412222][ T941] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 236.429852][ T8558] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 236.432526][ T5275] usb 4-1: too many endpoints for config 9 interface 60 altsetting 162: 35, using maximum allowed: 30 [ 236.457540][ T941] usb 5-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00 [ 236.466493][ T8558] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 236.481877][ T8558] FAULT_INJECTION: forcing a failure. [ 236.481877][ T8558] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 236.496868][ T941] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.527193][ T5275] usb 4-1: config 9 interface 60 altsetting 162 endpoint 0x1 has invalid wMaxPacketSize 0 [ 236.537559][ T8558] CPU: 1 UID: 0 PID: 8558 Comm: syz.2.561 Not tainted 6.11.0-rc2-syzkaller-00239-g34ac1e82e5a7 #0 [ 236.548180][ T8558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 236.555875][ T5275] usb 4-1: config 9 interface 60 altsetting 162 bulk endpoint 0xD has invalid maxpacket 64 [ 236.558237][ T8558] Call Trace: [ 236.558277][ T8558] [ 236.558286][ T8558] dump_stack_lvl+0x241/0x360 [ 236.558321][ T8558] ? __pfx_dump_stack_lvl+0x10/0x10 [ 236.558345][ T8558] ? __pfx__printk+0x10/0x10 [ 236.558370][ T8558] ? __pfx_lock_release+0x10/0x10 [ 236.558403][ T8558] should_fail_ex+0x3b0/0x4e0 [ 236.558428][ T8558] _copy_from_user+0x2f/0xe0 [ 236.558452][ T8558] pppoe_ioctl+0x375/0x5e0 [ 236.558478][ T8558] pppox_ioctl+0x1bb/0x300 [ 236.558503][ T8558] compat_sock_ioctl+0x18b/0xf20 [ 236.558534][ T8558] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 236.558563][ T8558] ? __fget_files+0x29/0x470 [ 236.558590][ T8558] ? __fget_files+0x3f6/0x470 [ 236.558619][ T8558] ? bpf_lsm_file_ioctl_compat+0x9/0x10 [ 236.558645][ T8558] ? security_file_ioctl_compat+0x87/0xb0 [ 236.558669][ T8558] __se_compat_sys_ioctl+0x51c/0xca0 [ 236.558695][ T8558] ? __pfx___se_compat_sys_ioctl+0x10/0x10 [ 236.558729][ T8558] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 236.558755][ T8558] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 236.558787][ T8558] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 236.558812][ T8558] ? lockdep_hardirqs_on+0x99/0x150 [ 236.558838][ T8558] __do_fast_syscall_32+0xb4/0x110 [ 236.558865][ T8558] ? exc_page_fault+0x590/0x8c0 [ 236.558892][ T8558] do_fast_syscall_32+0x34/0x80 [ 236.558918][ T8558] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 236.558941][ T8558] RIP: 0023:0xf7f57579 [ 236.558959][ T8558] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 236.558976][ T8558] RSP: 002b:00000000f570656c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 236.558998][ T8558] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 000000004008b100 [ 236.559014][ T8558] RDX: 0000000020000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 236.559027][ T8558] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 236.559039][ T8558] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 236.559051][ T8558] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 236.559080][ T8558] [ 236.621339][ T5274] usb 3-1: USB disconnect, device number 36 [ 236.626855][ T941] usb 5-1: config 0 descriptor?? [ 236.685907][ T5281] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 236.702693][ T5275] usb 4-1: config 9 interface 60 altsetting 162 has a duplicate endpoint with address 0xE, skipping [ 236.832174][ T5275] usb 4-1: config 9 interface 60 altsetting 162 has a duplicate endpoint with address 0x1, skipping [ 236.843860][ T5275] usb 4-1: config 9 interface 60 altsetting 162 has a duplicate endpoint with address 0x2, skipping [ 236.857033][ T5275] usb 4-1: config 9 interface 60 altsetting 162 has an invalid descriptor for endpoint zero, skipping [ 236.871416][ T5275] usb 4-1: config 9 interface 60 altsetting 162 endpoint 0x8 has invalid maxpacket 1503, setting to 64 [ 236.882840][ T5275] usb 4-1: config 9 interface 60 altsetting 162 has 9 endpoint descriptors, different from the interface descriptor's value: 35 [ 236.901313][ T5275] usb 4-1: config 9 interface 123 has no altsetting 0 [ 236.901367][ T5275] usb 4-1: config 9 interface 60 has no altsetting 0 [ 236.904437][ T5275] usb 4-1: New USB device found, idVendor=04b4, idProduct=2102, bcdDevice=88.4e [ 236.904470][ T5275] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.904515][ T5275] usb 4-1: Product: syz [ 236.904532][ T5275] usb 4-1: Manufacturer: 䨹륢㧧Ϛ䍅郶礻䕎ꦪ왊霖଎㲜Ƃ폈굪뢚∗深ҥꊑ隬厍䃮뺬誁ܔ薾ၔ踘搊㋩뗿 [ 236.904553][ T5275] usb 4-1: SerialNumber: syz [ 236.917512][ T8560] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 236.966859][ T5281] usb 1-1: Using ep0 maxpacket: 32 [ 236.989185][ T5281] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 236.989226][ T5281] usb 1-1: can't read configurations, error -61 [ 237.135975][ T5281] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 237.144306][ T8560] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 237.204804][ T8560] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 237.278878][ T5275] dvb-usb: found a 'DVBWorld DVB-S 2102 USB2.0' in cold state, will try to load a firmware [ 237.308904][ T5275] usb 4-1: Direct firmware load for dvb-usb-dw2102.fw failed with error -2 [ 237.331302][ T5275] usb 4-1: Falling back to sysfs fallback for: dvb-usb-dw2102.fw [ 237.376535][ T5281] usb 1-1: Using ep0 maxpacket: 32 [ 237.390456][ T5281] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 237.404009][ T5281] usb 1-1: can't read configurations, error -61 [ 237.404422][ T8617] netlink: 20 bytes leftover after parsing attributes in process `syz.2.573'. [ 237.411366][ T5281] usb usb1-port1: attempt power cycle [ 237.437378][ T941] hid-led 0003:1294:1320.0014: hidraw0: USB HID v0.00 Device [HID 1294:1320] on usb-dummy_hcd.4-1/input0 [ 237.454119][ T941] hid-led 0003:1294:1320.0014: Riso Kagaku Webmail Notifier initialized [ 237.709513][ T5274] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 237.860211][ T5281] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 237.899255][ T5281] usb 1-1: Using ep0 maxpacket: 32 [ 237.914118][ T5281] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 237.925906][ T5274] usb 3-1: Using ep0 maxpacket: 32 [ 237.943791][ T5281] usb 1-1: can't read configurations, error -61 [ 237.963964][ T5274] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 237.993132][ T5274] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 238.020454][ T5274] usb 3-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2 [ 238.036072][ T5274] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.044721][ T5274] usb 3-1: Product: syz [ 238.066844][ T5274] usb 3-1: Manufacturer: syz [ 238.071730][ T5274] usb 3-1: SerialNumber: syz [ 238.083585][ T5274] usb 3-1: config 0 descriptor?? [ 238.126737][ T5281] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 238.165406][ T5281] usb 1-1: Using ep0 maxpacket: 32 [ 238.190927][ T5281] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 238.207872][ T5281] usb 1-1: can't read configurations, error -61 [ 238.220348][ T5281] usb usb1-port1: unable to enumerate USB device [ 238.330329][ T8617] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 238.350174][ T8617] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 238.370000][ T8617] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 238.383547][ T8617] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 238.430204][ T9] usb 3-1: USB disconnect, device number 37 [ 238.588503][ T8638] netlink: 24 bytes leftover after parsing attributes in process `syz.3.580'. [ 238.759253][ T9] usb 5-1: USB disconnect, device number 22 [ 238.796129][ T944] leds riso_kagaku0:blue: Setting an LED's brightness failed (-38) [ 238.822236][ T944] leds riso_kagaku0:green: Setting an LED's brightness failed (-38) [ 238.853179][ T944] leds riso_kagaku0:red: Setting an LED's brightness failed (-38) [ 239.310181][ T8664] input: syz0 as /devices/virtual/input/input24 [ 239.345965][ T9] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 239.546357][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 239.549412][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 239.549449][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 239.549471][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 239.549513][ T9] usb 5-1: New USB device found, idVendor=056a, idProduct=0022, bcdDevice= 0.00 [ 239.549538][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.555025][ T9] usb 5-1: config 0 descriptor?? [ 239.926130][ T944] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 239.990056][ T8686] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 239.996541][ T9] wacom 0003:056A:0022.0015: item 0 2 0 11 parsing failed [ 240.004438][ T8686] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 240.017007][ T9] wacom 0003:056A:0022.0015: parse failed [ 240.022936][ T9] wacom 0003:056A:0022.0015: probe with driver wacom failed with error -22 [ 240.085662][ T8688] ALSA: seq fatal error: cannot create timer (-22) [ 240.115865][ T944] usb 1-1: Using ep0 maxpacket: 32 [ 240.128291][ T944] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 64 [ 240.155947][ T944] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 959 [ 240.188354][ T944] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 240.210136][ T5281] usb 5-1: USB disconnect, device number 23 [ 240.210166][ T944] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.225535][ T944] usb 1-1: Product: syz [ 240.230159][ T944] usb 1-1: Manufacturer: syz [ 240.234787][ T944] usb 1-1: SerialNumber: syz [ 240.319644][ T8693] FAULT_INJECTION: forcing a failure. [ 240.319644][ T8693] name failslab, interval 1, probability 0, space 0, times 0 [ 240.374597][ T8693] CPU: 1 UID: 0 PID: 8693 Comm: syz.2.599 Not tainted 6.11.0-rc2-syzkaller-00239-g34ac1e82e5a7 #0 [ 240.385248][ T8693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 240.395334][ T8693] Call Trace: [ 240.398634][ T8693] [ 240.401580][ T8693] dump_stack_lvl+0x241/0x360 [ 240.406315][ T8693] ? __pfx_dump_stack_lvl+0x10/0x10 [ 240.411545][ T8693] ? __pfx__printk+0x10/0x10 [ 240.416169][ T8693] ? __kmalloc_noprof+0xb0/0x400 [ 240.421132][ T8693] ? __pfx___might_resched+0x10/0x10 [ 240.426446][ T8693] should_fail_ex+0x3b0/0x4e0 [ 240.431148][ T8693] ? io_alloc_page_table+0x3b/0x120 [ 240.436370][ T8693] should_failslab+0xac/0x100 [ 240.441083][ T8693] ? io_alloc_page_table+0x3b/0x120 [ 240.446313][ T8693] __kmalloc_noprof+0xd8/0x400 [ 240.451107][ T8693] io_alloc_page_table+0x3b/0x120 [ 240.456168][ T8693] io_rsrc_data_alloc+0x9a/0x270 [ 240.461146][ T8693] io_sqe_buffers_register+0x1ca/0x700 [ 240.461218][ T944] cdc_ncm 1-1:1.0: bind() failure [ 240.466704][ T8693] ? __mutex_unlock_slowpath+0x21d/0x750 [ 240.466770][ T8693] ? __se_sys_io_uring_register+0x1b8/0x15d0 [ 240.466794][ T8693] ? __pfx_vfs_write+0x10/0x10 [ 240.466821][ T8693] ? __pfx_io_sqe_buffers_register+0x10/0x10 [ 240.466846][ T8693] ? __fget_files+0x29/0x470 [ 240.466875][ T8693] __se_sys_io_uring_register+0xb22/0x15d0 [ 240.466907][ T8693] ? __pfx___se_sys_io_uring_register+0x10/0x10 [ 240.466933][ T8693] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 240.511343][ T944] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 240.517447][ T8693] ? lockdep_hardirqs_on+0x99/0x150 [ 240.517485][ T8693] __do_fast_syscall_32+0xb4/0x110 [ 240.517513][ T8693] ? exc_page_fault+0x590/0x8c0 [ 240.517539][ T8693] do_fast_syscall_32+0x34/0x80 [ 240.517561][ T8693] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 240.517583][ T8693] RIP: 0023:0xf7f57579 [ 240.517599][ T8693] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 240.517615][ T8693] RSP: 002b:00000000f56e556c EFLAGS: 00000206 ORIG_RAX: 00000000000001ab [ 240.517636][ T8693] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000 [ 240.517650][ T8693] RDX: 00000000200002c0 RSI: 000000000000011a RDI: 0000000000000000 [ 240.517664][ T8693] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 240.517676][ T8693] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 240.517687][ T8693] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 240.517712][ T8693] [ 240.672962][ T944] cdc_ncm 1-1:1.1: bind() failure [ 240.752711][ T944] usb 1-1: USB disconnect, device number 32 [ 240.802820][ T8694] netlink: 12 bytes leftover after parsing attributes in process `syz.1.598'. [ 240.813701][ T8694] netlink: 'syz.1.598': attribute type 30 has an invalid length. [ 241.038230][ T8698] netlink: 201400 bytes leftover after parsing attributes in process `syz.4.601'. [ 241.054794][ T8698] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 241.076572][ T8698] openvswitch: netlink: Message has 8446 unknown bytes. [ 241.120245][ T29] audit: type=1326 audit(1723342113.943:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8697 comm="syz.4.601" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 241.141981][ C0] vkms_vblank_simulate: vblank timer overrun [ 241.164771][ T29] audit: type=1326 audit(1723342113.943:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8697 comm="syz.4.601" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 241.194280][ T29] audit: type=1326 audit(1723342113.973:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8697 comm="syz.4.601" exe="/root/syz-executor" sig=0 arch=40000003 syscall=245 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 241.220797][ T29] audit: type=1326 audit(1723342113.973:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8697 comm="syz.4.601" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 241.253651][ T29] audit: type=1326 audit(1723342113.973:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8697 comm="syz.4.601" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 241.294886][ T29] audit: type=1326 audit(1723342113.983:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8697 comm="syz.4.601" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 241.317149][ T29] audit: type=1326 audit(1723342113.983:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8697 comm="syz.4.601" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 241.325974][ T25] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 241.338975][ C0] vkms_vblank_simulate: vblank timer overrun [ 241.340705][ T29] audit: type=1326 audit(1723342113.983:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8697 comm="syz.4.601" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 241.375274][ C0] vkms_vblank_simulate: vblank timer overrun [ 241.401821][ T29] audit: type=1326 audit(1723342113.983:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8697 comm="syz.4.601" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 241.505906][ T29] audit: type=1326 audit(1723342113.983:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8697 comm="syz.4.601" exe="/root/syz-executor" sig=0 arch=40000003 syscall=248 compat=1 ip=0xf7fd6579 code=0x7ffc0000 [ 241.536085][ T25] usb 2-1: Using ep0 maxpacket: 16 [ 241.543851][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 241.572141][ T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 241.606106][ T25] usb 2-1: New USB device found, idVendor=1294, idProduct=1320, bcdDevice= 0.00 [ 241.615194][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.636393][ T25] usb 2-1: config 0 descriptor?? [ 242.105084][ T25] hid-led 0003:1294:1320.0016: hidraw0: USB HID v0.00 Device [HID 1294:1320] on usb-dummy_hcd.1-1/input0 [ 242.138734][ T25] hid-led 0003:1294:1320.0016: Riso Kagaku Webmail Notifier initialized [ 242.215287][ T8723] syz.0.609 uses obsolete (PF_INET,SOCK_PACKET) [ 242.674935][ T8733] netlink: 4 bytes leftover after parsing attributes in process `syz.0.613'. [ 242.777431][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.890651][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 243.019006][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 243.143560][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 243.235178][ T8742] veth0_vlan: entered allmulticast mode [ 243.289491][ T5226] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 243.299983][ T5226] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 243.309928][ T5226] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 243.322599][ T5226] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 243.331336][ T5226] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 243.340968][ T5226] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 243.514949][ T12] bridge_slave_1: left allmulticast mode [ 243.531311][ T12] bridge_slave_1: left promiscuous mode [ 243.538630][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 243.555642][ T12] bridge_slave_0: left allmulticast mode [ 243.563444][ T12] bridge_slave_0: left promiscuous mode [ 243.573535][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 243.647016][ T941] usb 2-1: USB disconnect, device number 32 [ 243.679090][ T944] leds riso_kagaku0:blue: Setting an LED's brightness failed (-38) [ 243.700134][ T944] leds riso_kagaku0:green: Setting an LED's brightness failed (-38) [ 243.721188][ T944] leds riso_kagaku0:red: Setting an LED's brightness failed (-38) [ 243.885508][ T8759] FAULT_INJECTION: forcing a failure. [ 243.885508][ T8759] name failslab, interval 1, probability 0, space 0, times 0 [ 243.948921][ T8759] CPU: 1 UID: 0 PID: 8759 Comm: syz.4.620 Not tainted 6.11.0-rc2-syzkaller-00239-g34ac1e82e5a7 #0 [ 243.957196][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88802a235800: rx timeout, send abort [ 243.959548][ T8759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 243.959564][ T8759] Call Trace: [ 243.959573][ T8759] [ 243.959581][ T8759] dump_stack_lvl+0x241/0x360 [ 243.971910][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff88802a235800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 243.977864][ T8759] ? __pfx_dump_stack_lvl+0x10/0x10 [ 243.977903][ T8759] ? __pfx__printk+0x10/0x10 [ 243.977927][ T8759] ? __kmalloc_node_noprof+0xb7/0x440 [ 243.977947][ T8759] ? __pfx___might_resched+0x10/0x10 [ 243.977974][ T8759] should_fail_ex+0x3b0/0x4e0 [ 243.977996][ T8759] should_failslab+0xac/0x100 [ 244.032965][ T8759] __kmalloc_node_noprof+0xdf/0x440 [ 244.038176][ T8759] ? __kvmalloc_node_noprof+0x72/0x190 [ 244.043636][ T8759] __kvmalloc_node_noprof+0x72/0x190 [ 244.048913][ T8759] xt_alloc_table_info+0x3d/0xa0 [ 244.053843][ T8759] do_ip6t_set_ctl+0x9ab/0x1270 [ 244.058685][ T8759] ? __pfx___might_resched+0x10/0x10 [ 244.063957][ T8759] ? __pfx_do_ip6t_set_ctl+0x10/0x10 [ 244.069230][ T8759] ? __pfx_lock_release+0x10/0x10 [ 244.074277][ T8759] ? rcu_is_watching+0x15/0xb0 [ 244.079029][ T8759] ? trace_contention_end+0x3c/0x120 [ 244.084295][ T8759] ? __mutex_lock+0x2ef/0xd70 [ 244.088980][ T8759] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 244.094970][ T8759] ? __pfx_aa_sk_perm+0x10/0x10 [ 244.099817][ T8759] nf_setsockopt+0x295/0x2c0 [ 244.104432][ T8759] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 244.110317][ T8759] do_sock_setsockopt+0x3af/0x720 [ 244.115348][ T8759] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 244.120889][ T8759] ? __fget_files+0x3f6/0x470 [ 244.125574][ T8759] __sys_setsockopt+0x1ae/0x250 [ 244.130654][ T8759] __ia32_sys_setsockopt+0xb5/0xd0 [ 244.135766][ T8759] __do_fast_syscall_32+0xb4/0x110 [ 244.140893][ T8759] ? exc_page_fault+0x590/0x8c0 [ 244.145736][ T8759] do_fast_syscall_32+0x34/0x80 [ 244.150588][ T8759] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 244.156905][ T8759] RIP: 0023:0xf7fd6579 [ 244.160960][ T8759] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 244.180640][ T8759] RSP: 002b:00000000f578656c EFLAGS: 00000206 ORIG_RAX: 000000000000016e [ 244.189041][ T8759] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000029 [ 244.197000][ T8759] RDX: 0000000000000040 RSI: 0000000020000000 RDI: 0000000000000300 [ 244.204956][ T8759] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 244.212912][ T8759] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 244.220894][ T8759] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 244.228948][ T8759] [ 244.586336][ T944] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 244.765935][ T944] usb 2-1: device descriptor read/64, error -71 [ 244.963695][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 244.976037][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 244.991357][ T12] bond0 (unregistering): Released all slaves [ 245.015969][ T941] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 245.096231][ T944] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 245.217851][ T941] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 245.242086][ T941] usb 1-1: config 7 has 1 interface, different from the descriptor's value: 2 [ 245.261204][ T941] usb 1-1: New USB device found, idVendor=19d2, idProduct=1275, bcdDevice= 0.84 [ 245.276436][ T944] usb 2-1: device descriptor read/64, error -71 [ 245.291505][ T941] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 245.304504][ T941] usb 1-1: Product: syz [ 245.317528][ T941] usb 1-1: SerialNumber: syz [ 245.367520][ T941] rndis_host 1-1:7.0: skipping garbage [ 245.392379][ T941] usb 1-1: bad CDC descriptors [ 245.398104][ T944] usb usb2-port1: attempt power cycle [ 245.406168][ T54] Bluetooth: hci4: command tx timeout [ 245.429756][ T941] option 1-1:7.0: GSM modem (1-port) converter detected [ 245.637133][ T8746] chnl_net:caif_netlink_parms(): no params data found [ 245.792972][ T8803] netlink: 24 bytes leftover after parsing attributes in process `syz.4.626'. [ 245.812593][ T5274] usb 1-1: USB disconnect, device number 33 [ 245.818459][ T944] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 245.828976][ T5274] option 1-1:7.0: device disconnected [ 245.896489][ T944] usb 2-1: device descriptor read/8, error -71 [ 245.946199][ T12] hsr_slave_0: left promiscuous mode [ 245.975486][ T12] hsr_slave_1: left promiscuous mode [ 246.005197][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 246.012931][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 246.021206][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 246.029321][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 246.063828][ T12] veth1_macvtap: left promiscuous mode [ 246.076336][ T12] veth0_macvtap: left promiscuous mode [ 246.085184][ T12] veth1_vlan: left promiscuous mode [ 246.095050][ T12] veth0_vlan: left promiscuous mode [ 246.168867][ T944] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 246.216605][ T944] usb 2-1: device descriptor read/8, error -71 [ 246.346645][ T944] usb usb2-port1: unable to enumerate USB device [ 246.743093][ T12] team0 (unregistering): Port device team_slave_1 removed [ 246.791030][ T12] team0 (unregistering): Port device team_slave_0 removed [ 247.192125][ T8825] netlink: 4 bytes leftover after parsing attributes in process `syz.1.631'. [ 247.486235][ T54] Bluetooth: hci4: command tx timeout [ 247.826335][ T8746] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.833546][ T8746] bridge0: port 1(bridge_slave_0) entered disabled state [ 247.858907][ T8746] bridge_slave_0: entered allmulticast mode [ 247.878107][ T8746] bridge_slave_0: entered promiscuous mode [ 247.914782][ T8746] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.946166][ T8746] bridge0: port 2(bridge_slave_1) entered disabled state [ 247.953478][ T8746] bridge_slave_1: entered allmulticast mode [ 247.972286][ T8746] bridge_slave_1: entered promiscuous mode [ 248.240201][ T8746] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 248.281487][ T8746] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 248.393110][ T8865] netlink: 'syz.0.641': attribute type 33 has an invalid length. [ 248.402053][ T8865] netlink: 152 bytes leftover after parsing attributes in process `syz.0.641'. [ 248.429453][ T8746] team0: Port device team_slave_0 added [ 248.451321][ T8746] team0: Port device team_slave_1 added [ 248.456980][ C1] vxcan0: j1939_tp_rxtimer: 0xffff888072d0f000: rx timeout, send abort [ 248.465735][ C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff888072d0f000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 248.571905][ T8746] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 248.600857][ T8746] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 248.638449][ T8746] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 248.672926][ T8746] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 248.713960][ T8746] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 248.747690][ T8746] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 249.043843][ T8746] hsr_slave_0: entered promiscuous mode [ 249.062473][ T8746] hsr_slave_1: entered promiscuous mode [ 249.072305][ T8746] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 249.088275][ T8746] Cannot create hsr debugfs directory [ 249.565898][ T54] Bluetooth: hci4: command tx timeout [ 249.566917][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.912951][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.205392][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.481660][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.654906][ T5226] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 250.665364][ T5226] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 250.674655][ T5226] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 250.684654][ T5226] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 250.702086][ T5226] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 250.711687][ T5226] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 251.651739][ T54] Bluetooth: hci4: command tx timeout [ 251.697406][ T11] bridge_slave_1: left allmulticast mode [ 251.704969][ T11] bridge_slave_1: left promiscuous mode [ 251.722132][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.781847][ T11] bridge_slave_0: left allmulticast mode [ 251.794588][ T11] bridge_slave_0: left promiscuous mode [ 251.805567][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.771113][ T54] Bluetooth: hci5: command tx timeout [ 252.929840][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 252.954865][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 253.008192][ T11] bond0 (unregistering): Released all slaves [ 253.081033][ T8952] binder: 8951:8952 unknown command 0 [ 253.093474][ T8952] binder: 8951:8952 ioctl c0306201 20000080 returned -22 [ 253.192016][ T11] tipc: Left network mode [ 253.424615][ T8746] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 253.466820][ T8746] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 253.511048][ T8952] ------------[ cut here ]------------ [ 253.517099][ T8952] kernel BUG at drivers/android/binder.c:1173! [ 253.523315][ T8952] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI [ 253.530274][ T8952] CPU: 1 UID: 0 PID: 8952 Comm: syz.4.664 Not tainted 6.11.0-rc2-syzkaller-00239-g34ac1e82e5a7 #0 [ 253.540884][ T8952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 253.550954][ T8952] RIP: 0010:binder_inc_ref_for_node+0xdf7/0xe00 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 253.557231][ T8952] Code: c8 f8 e9 4e fd ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 59 fd ff ff 48 89 df e8 f4 c6 c8 f8 e9 4c fd ff ff e8 aa 80 61 f8 90 <0f> 0b 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 253.576856][ T8952] RSP: 0018:ffffc90009077448 EFLAGS: 00010283 [ 253.582951][ T8952] RAX: ffffffff8931f736 RBX: 0000000000000000 RCX: 0000000000040000 [ 253.590942][ T8952] RDX: ffffc90009899000 RSI: 000000000000093d RDI: 000000000000093e [ 253.598928][ T8952] RBP: ffff88807f90d020 R08: ffffffff8931f26b R09: 0000000000000000 [ 253.606931][ T8952] R10: ffff8880724dc130 R11: ffffed100e49b828 R12: 0000000000000000 [ 253.614921][ T8952] R13: dffffc0000000000 R14: ffff88801f781b28 R15: ffff88801f781b10 [ 253.622915][ T8952] FS: 0000000000000000(0000) GS:ffff8880b9300000(0063) knlGS:00000000f5786b40 [ 253.631878][ T8952] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 253.638482][ T8952] CR2: 0000000000000007 CR3: 000000006ccf0000 CR4: 00000000003506f0 [ 253.646480][ T8952] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 253.654474][ T8952] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 253.662469][ T8952] Call Trace: [ 253.665764][ T8952] [ 253.668708][ T8952] ? __die_body+0x88/0xe0 [ 253.673039][ T8952] ? die+0xcf/0x110 [ 253.676846][ T8952] ? do_trap+0x15a/0x3a0 [ 253.681079][ T8952] ? binder_inc_ref_for_node+0xdf7/0xe00 [ 253.686794][ T8952] ? do_error_trap+0x1dc/0x2c0 [ 253.691547][ T8952] ? binder_inc_ref_for_node+0xdf7/0xe00 [ 253.697179][ T8952] ? __pfx_do_error_trap+0x10/0x10 [ 253.702287][ T8952] ? handle_invalid_op+0x34/0x40 [ 253.707316][ T8952] ? binder_inc_ref_for_node+0xdf7/0xe00 [ 253.712943][ T8952] ? exc_invalid_op+0x38/0x50 [ 253.717781][ T8952] ? asm_exc_invalid_op+0x1a/0x20 [ 253.722797][ T8952] ? binder_inc_ref_for_node+0x92b/0xe00 [ 253.728424][ T8952] ? binder_inc_ref_for_node+0xdf6/0xe00 [ 253.734062][ T8952] ? binder_inc_ref_for_node+0xdf7/0xe00 [ 253.739778][ T8952] ? binder_inc_ref_for_node+0xdf6/0xe00 [ 253.745449][ T8952] binder_ioctl_write_read+0xc7b/0x8d00 [ 253.751006][ T8952] ? __pfx_stack_trace_save+0x10/0x10 [ 253.756460][ T8952] ? __pfx_binder_ioctl_write_read+0x10/0x10 [ 253.762526][ T8952] ? __lock_acquire+0x137a/0x2040 [ 253.767554][ T8952] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 253.774059][ T8952] ? binder_get_thread+0x16e/0x6c0 [ 253.779164][ T8952] ? __pfx_lock_release+0x10/0x10 [ 253.784183][ T8952] ? do_raw_spin_unlock+0x13c/0x8b0 [ 253.789374][ T8952] ? _raw_spin_unlock+0x28/0x50 [ 253.794303][ T8952] ? binder_get_thread+0x178/0x6c0 [ 253.799411][ T8952] binder_ioctl+0x43d/0x1c70 [ 253.803996][ T8952] ? tomoyo_path_number_perm+0x71a/0x880 [ 253.809619][ T8952] ? __lock_acquire+0x137a/0x2040 [ 253.814639][ T8952] ? tomoyo_path_number_perm+0x208/0x880 [ 253.820261][ T8952] ? __pfx_binder_ioctl+0x10/0x10 [ 253.825296][ T8952] ? __fget_files+0x29/0x470 [ 253.829973][ T8952] ? __fget_files+0x3f6/0x470 [ 253.834643][ T8952] ? bpf_lsm_file_ioctl_compat+0x9/0x10 [ 253.840188][ T8952] ? security_file_ioctl_compat+0x87/0xb0 [ 253.845898][ T8952] __se_compat_sys_ioctl+0x51c/0xca0 [ 253.851180][ T8952] ? __pfx___se_compat_sys_ioctl+0x10/0x10 [ 253.856982][ T8952] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 253.862958][ T8952] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 253.869294][ T8952] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 253.875880][ T8952] ? lockdep_hardirqs_on+0x99/0x150 [ 253.881156][ T8952] __do_fast_syscall_32+0xb4/0x110 [ 253.886276][ T8952] ? exc_page_fault+0x590/0x8c0 [ 253.891117][ T8952] do_fast_syscall_32+0x34/0x80 [ 253.895962][ T8952] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 253.902279][ T8952] RIP: 0023:0xf7fd6579 [ 253.906337][ T8952] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 253.925933][ T8952] RSP: 002b:00000000f578656c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 253.934338][ T8952] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201 [ 253.942297][ T8952] RDX: 00000000200003c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 253.950253][ T8952] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 253.958243][ T8952] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 253.966234][ T8952] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 253.974241][ T8952] [ 253.977255][ T8952] Modules linked in: [ 253.982989][ T8952] ---[ end trace 0000000000000000 ]--- [ 253.990895][ T8952] RIP: 0010:binder_inc_ref_for_node+0xdf7/0xe00 [ 253.997234][ T8952] Code: c8 f8 e9 4e fd ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 59 fd ff ff 48 89 df e8 f4 c6 c8 f8 e9 4c fd ff ff e8 aa 80 61 f8 90 <0f> 0b 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 254.017042][ T8952] RSP: 0018:ffffc90009077448 EFLAGS: 00010283 [ 254.023247][ T8952] RAX: ffffffff8931f736 RBX: 0000000000000000 RCX: 0000000000040000 [ 254.031798][ T8952] RDX: ffffc90009899000 RSI: 000000000000093d RDI: 000000000000093e [ 254.040226][ T8952] RBP: ffff88807f90d020 R08: ffffffff8931f26b R09: 0000000000000000 [ 254.048409][ T8952] R10: ffff8880724dc130 R11: ffffed100e49b828 R12: 0000000000000000 [ 254.056621][ T8952] R13: dffffc0000000000 R14: ffff88801f781b28 R15: ffff88801f781b10 [ 254.064625][ T8952] FS: 0000000000000000(0000) GS:ffff8880b9300000(0063) knlGS:00000000f5786b40 [ 254.074114][ T8952] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 254.081181][ T8952] CR2: 0000000000000007 CR3: 000000006ccf0000 CR4: 00000000003506f0 [ 254.089254][ T8952] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 254.097298][ T8952] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 254.105361][ T8952] Kernel panic - not syncing: Fatal exception [ 254.111685][ T8952] Kernel Offset: disabled [ 254.116002][ T8952] Rebooting in 86400 seconds..