last executing test programs: 13.770324436s ago: executing program 2 (id=1831): bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000900)={'bridge0\x00'}) 13.393943272s ago: executing program 2 (id=1835): r0 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/ip_tables_matches\x00') preadv(r1, &(0x7f00000002c0)=[{&(0x7f0000000300)=""/242, 0xf2}], 0x1, 0x4, 0x0) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="12010100000000105801000100000000000109022400010000002009040000010300000009210000000122dc01"], 0x0) ioctl$UDMABUF_CREATE_LIST(r1, 0x40087543, &(0x7f0000000700)=ANY=[@ANYBLOB="0100000006000000", @ANYRES32=r1, @ANYBLOB="0000000000400000000000000000000000000100", @ANYRES32=r1, @ANYBLOB="0000000000000000000001000000010000000000", @ANYRES32=r1, @ANYBLOB="0000000000f0ffffffffffff0010000000000000", @ANYRES32=r1, @ANYBLOB="00000000000000000000010000f0ffff00000000", @ANYRES32=r0, @ANYBLOB="00000000004000000000000000f0ffff00000000", @ANYRES32=r0, @ANYBLOB="00000000000000ded74486d2eefffffdffffe0000100eaff"]) r3 = syz_io_uring_setup(0x9cb, &(0x7f0000000400)={0x0, 0x3c1, 0x800, 0x0, 0x303, 0x0, r1}, &(0x7f0000000480), &(0x7f00000004c0)) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000005c0)={'erspan0\x00', &(0x7f0000000340)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x11, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @multicast1, {[@ra={0x94, 0x4}, @cipso={0x86, 0x25, 0x0, [{0x0, 0x8, "533dbeccbc1f"}, {0x0, 0xf, "e39335900f115624170e15dad0"}, {0x0, 0x2}, {0x0, 0x6, "34a6caf5"}]}, @noop, @ra={0x94, 0x4, 0x1}]}}}}}) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000058000000030a09080000000000000000010000000900030073797a32000000002c0004800800024017bef2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c00028008000240000000030800034000000001080001400000000f08000240000000030800014000000009000000400000000f080001400000000214000000110001"], 0x128}}, 0x0) r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNDCTL_DSP_GETIPTR(r5, 0x800c5011, &(0x7f0000000040)) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r5, 0x0) syz_clone(0x1100, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000000600)={0x101, 0xff, 0x9, 0x6, 0x2000200, 0x1000}) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, 0xffffffffffffffff, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="0000000000000000000051229dc9", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r7 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r7, &(0x7f0000000140)='T', 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) shutdown(r7, 0x1) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000040)={0x0, 0x0, 0x10, 0x4}, &(0x7f0000000080)=0x18) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000007c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="05000000000000000000010000000c00020000000000000000001400078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="c09be778167c56fb9ad51c056d021fd9577606c82f5b17994888e4e9a2d0d3b4b397c98bc64c0dd57b092d58b25e63a335ed496a8e1f9ff571df43812fef76f58bf76f9df8bac1bf9f8ffa52cd5518714a8b872aa59450aa64b1643b7359cdbdeea254edbad2a51028152951dcc32f08e6e09499d7d5fb75d4b489acadf0b45e9894928e283f710420dcde5f56822a965f76a065"], 0x34}}, 0x0) syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="12017002000000b72312073f40000102c70b00002d00010138c0200904000601030105064921018000012224060905810340008306070905020310007f0001"], &(0x7f00000003c0)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x201, 0x0, 0xd1, 0x2, 0x40, 0x7e}, 0x40, &(0x7f0000000280)={0x5, 0xf, 0x40, 0x5, [@wireless={0xb, 0x10, 0x1, 0xc, 0x89, 0x4, 0x3f, 0x401, 0x36}, @ss_container_id={0x14, 0x10, 0x4, 0x7f, "89042ec390675ef9409c659b9aa56173"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x6, 0x0, 0x3, 0x907e}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0x8, 0x3}, @wireless={0xb, 0x10, 0x1, 0x8, 0x2, 0xc0, 0x7, 0x895}]}, 0x2, [{0x20, &(0x7f00000002c0)=@string={0x20, 0x3, "2f8b629134e41ba55736933fde75a4add741356fbe07419ff709aa0fd0a6"}}, {0x4, &(0x7f0000000300)=@lang_id={0x4}}]}) syz_usb_connect$printer(0x6, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12011003000012002505a8a4f0"], 0x0) syz_usb_control_io(r2, &(0x7f00000000c0)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0) io_uring_setup(0x5e65, &(0x7f0000000500)={0x0, 0x4a7, 0x4, 0x0, 0xde, 0x0, r3}) 9.18025957s ago: executing program 2 (id=1842): r0 = socket$netlink(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305-generic\x00'}, 0x58) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000140)="ad76b6c5", 0x4) r4 = accept4(r3, 0x0, 0x0, 0x0) sendmmsg$alg(r4, &(0x7f0000004c00)=[{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000000)="a9861869a75f66ef7d128ae4230965648a021cdf93508c9706dc1e4d9e1d4c436faf1d2786e53d4c8b827fc9174b67dab67acb28c76f6310145b3bfb0804675b44f3372615", 0x45}, {&(0x7f0000000240)="eeb9ff4efd6ce05a6ccd7c232e4442ec0660f89aeac6d45aea60e560bd9dd945dfc8e65ad2cf2e4d55fb59ee276f5e40e07f7b37b86e88c65190565d726b079d4043e88acbc549f5d3291ba8e35c906d22091ac5b87485aab22c1c9723fe9e1fdc8dd53b5e20ff5f2aa43f29cb053bba51958b69b6a5196c75f6c4c10e213afd12e617eceab1020c9c814d456046a1", 0x8f}, {&(0x7f0000001380)="5e4f1b8edaca0fbbb2d381bca66efabb97e5ec4f21ea39add4576b3f6cee354e296c63411644984be95ec4dfde61530d76d658d94819363012", 0x39}], 0x3}], 0x1, 0x0) recvmsg(r4, &(0x7f0000001e80)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000004dc0)=""/108, 0x6c}, {&(0x7f0000000080)=""/138, 0x8a}], 0x2}, 0x0) accept4(r2, 0x0, 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@RTM_NEWMDB={0x38, 0x54, 0x800, 0x0, 0x80009, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x1, 0x0, 0x0, {@ip4=@multicast1, 0x86dd}}}]}, 0x38}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x7a05, 0x1700) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'wg0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x40, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x40}}, 0x0) syz_emit_ethernet(0x7e, &(0x7f0000000280)={@broadcast, @empty, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "dd690b", 0x48, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x8100, 0x0, 0x0, [0x0, 0x0]}}}}}}}, 0x0) 8.624423185s ago: executing program 1 (id=1846): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x0, @dev, 0x0, 0x0, 'dh\x00', 0x0, 0x4, 0x40000000}, 0x2c) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x20000000, 0x3a, 0x2, @thr={0x0, 0x0}}) ioctl$FS_IOC_GETVERSION(r1, 0xc0105b08, &(0x7f0000000040)) 8.454972384s ago: executing program 2 (id=1848): r0 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/ip_tables_matches\x00') preadv(r1, &(0x7f00000002c0)=[{&(0x7f0000000300)=""/242, 0xf2}], 0x1, 0x4, 0x0) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="120101000000001058010001000000000001090224000100000020090400000103000000"], 0x0) ioctl$UDMABUF_CREATE_LIST(r1, 0x40087543, &(0x7f0000000700)=ANY=[@ANYBLOB="0100000006000000", @ANYRES32=r1, @ANYBLOB="0000000000400000000000000000000000000100", @ANYRES32=r1, @ANYBLOB="0000000000000000000001000000010000000000", @ANYRES32=r1, @ANYBLOB="0000000000f0ffffffffffff0010000000000000", @ANYRES32=r1, @ANYBLOB="00000000000000000000010000f0ffff00000000", @ANYRES32=r0, @ANYBLOB="00000000004000000000000000f0ffff00000000", @ANYRES32=r0, @ANYBLOB="00000000000000ded74486d2eefffffdffffe0000100eaff"]) r3 = syz_io_uring_setup(0x9cb, &(0x7f0000000400)={0x0, 0x3c1, 0x800, 0x0, 0x303, 0x0, r1}, &(0x7f0000000480), &(0x7f00000004c0)) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000005c0)={'erspan0\x00', &(0x7f0000000340)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x11, 0x4, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @multicast1, {[@ra={0x94, 0x4}, @cipso={0x86, 0x25, 0x0, [{0x0, 0x8, "533dbeccbc1f"}, {0x0, 0xf, "e39335900f115624170e15dad0"}, {0x0, 0x2}, {0x0, 0x6, "34a6caf5"}]}, @noop, @ra={0x94, 0x4, 0x1}]}}}}}) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000058000000030a09080000000000000000010000000900030073797a32000000002c0004800800024017bef2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c0004804800018008000100666962003c00028008000240000000030800034000000001080001400000000f08000240000000030800014000000009000000400000000f080001400000000214000000110001"], 0x128}}, 0x0) r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNDCTL_DSP_GETIPTR(r5, 0x800c5011, &(0x7f0000000040)) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r5, 0x0) syz_clone(0x1100, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000000600)={0x101, 0xff, 0x9, 0x6, 0x2000200, 0x1000}) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, 0xffffffffffffffff, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000100)="0000000000000000000051229dc9", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r7 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r7, &(0x7f0000000140)='T', 0x1, 0x0, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) shutdown(r7, 0x1) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000040)={0x0, 0x0, 0x10, 0x4}, &(0x7f0000000080)=0x18) r8 = syz_genetlink_get_family_id$nbd(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000007c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="05000000000000000000010000000c00020000000000000000001400078008000100", @ANYRES32, @ANYBLOB="08000100", @ANYRES32, @ANYBLOB="c09be778167c56fb9ad51c056d021fd9577606c82f5b17994888e4e9a2d0d3b4b397c98bc64c0dd57b092d58b25e63a335ed496a8e1f9ff571df43812fef76f58bf76f9df8bac1bf9f8ffa52cd5518714a8b872aa59450aa64b1643b7359cdbdeea254edbad2a51028152951dcc32f08e6e09499d7d5fb75d4b489acadf0b45e9894928e283f710420dcde5f56822a965f76a065"], 0x34}}, 0x0) syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="12017002000000b72312073f40000102c70b00002d00010138c0200904000601030105064921018000012224060905810340008306070905020310007f0001"], &(0x7f00000003c0)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x201, 0x0, 0xd1, 0x2, 0x40, 0x7e}, 0x40, &(0x7f0000000280)={0x5, 0xf, 0x40, 0x5, [@wireless={0xb, 0x10, 0x1, 0xc, 0x89, 0x4, 0x3f, 0x401, 0x36}, @ss_container_id={0x14, 0x10, 0x4, 0x7f, "89042ec390675ef9409c659b9aa56173"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x6, 0x0, 0x3, 0x907e}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0x8, 0x3}, @wireless={0xb, 0x10, 0x1, 0x8, 0x2, 0xc0, 0x7, 0x895}]}, 0x2, [{0x20, &(0x7f00000002c0)=@string={0x20, 0x3, "2f8b629134e41ba55736933fde75a4add741356fbe07419ff709aa0fd0a6"}}, {0x4, &(0x7f0000000300)=@lang_id={0x4}}]}) syz_usb_connect$printer(0x6, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12011003000012002505a8a4f0"], 0x0) syz_usb_control_io(r2, &(0x7f00000000c0)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0) io_uring_setup(0x5e65, &(0x7f0000000500)={0x0, 0x4a7, 0x4, 0x0, 0xde, 0x0, r3}) 8.288359026s ago: executing program 3 (id=1849): ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000100)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000280)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x5) ptrace$getregset(0x4204, 0x0, 0x6, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180), 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r2, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) 8.237923296s ago: executing program 0 (id=1850): bpf$PROG_LOAD(0x5, 0x0, 0x0) inotify_init() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x9) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000180)={r0}) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000880)={0x0, 0x0}, &(0x7f0000000040)=0x1) quotactl_fd$Q_SETQUOTA(r1, 0x0, r3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x7, 0x200000, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000000000000000000008", @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = socket$inet6(0xa, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) tee(0xffffffffffffffff, r5, 0x8, 0x8) write(0xffffffffffffffff, 0x0, 0x0) ioctl$TUNSETOFFLOAD(r5, 0x400454d0, 0xb) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r7 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r7, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200040010000800014004000000", 0x58}], 0x1) 7.373991424s ago: executing program 3 (id=1852): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={r0, 0xe0, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, &(0x7f0000000300)=[0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0], 0x0, 0x97, &(0x7f0000000380)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f00000003c0), &(0x7f0000000400), 0x8, 0x24, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x3, 0x15, &(0x7f0000000540)=ANY=[@ANYBLOB="180000000600000000000000ea000000182e0000", @ANYRES32, @ANYBLOB="00000000ffffff7f18580000060000000000000000000000da08f0fff0ffffff18110000", @ANYRES32, @ANYBLOB="0000000000000000b702000000000000850000008600000018110000", @ANYRES32, @ANYBLOB="0000ac0000000000b7080000b48d00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000200000085000000820000009500e10000000000c091d27da53905804d1305a6c95957d4d996d047a59ee094fcf21855d38d24f593e448c1618c870be6ef4cc11ecfb6457c5cc22353fb0e24b33c2cfbf95b75c9"], &(0x7f0000000000)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, r0}, 0x90) socketpair(0x5, 0x800, 0x8, &(0x7f0000000240)) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000900)={'bridge0\x00'}) 7.182391305s ago: executing program 0 (id=1853): connect$inet(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x1e, 0x0, 0x0) recvmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'dummy0\x00'}) socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = socket$inet6(0xa, 0x3, 0x0) connect$inet6(r4, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$igmp(0x2, 0x3, 0x2) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup(r5) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="6d706f6c3d62696e642c6d6f64653d30303030303030303030303030303030303030303333362c687567653d6164766973652c6e725f626c6f636b733d652c6d706f6c3d7072656665723d72656c61746976653a34313a39323a310e2c6d6f64653d30313737373737373737373737373737373737373737372c7569643d", @ANYRESHEX, @ANYBLOB=',fowner>', @ANYRESDEC=0x0, @ANYBLOB="2c6673757569643d30376465623239352d3800cc352d303934662d323466652d636161783366f8150385cd45dbb8a60233b6a0c7986b65622c7365636c6162656c2c7065726d69745f646972656374696f2c00"]) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000e00)={0x0, 0x0}, &(0x7f0000000e40)=0xc) mount$tmpfs(0x0, &(0x7f0000000d80)='./file0\x00', &(0x7f0000000dc0), 0x0, &(0x7f00000002c0)={[{@mode={'mode', 0x3d, 0x7}}, {@mpol={'mpol', 0x3d, {'interleave', '', @val={0x3a, [0x39, 0x3a, 0x2f]}}}}, {@uid={'uid', 0x3d, r7}}, {@huge_advise}], [{@func={'func', 0x3d, 'FILE_CHECK'}}]}) syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b00011100000009", @ANYRES32], 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000000c0)) socket$packet(0x11, 0x2, 0x300) 7.180634851s ago: executing program 3 (id=1855): syz_open_dev$dri(&(0x7f0000000000), 0x2d1, 0x0) syz_io_uring_setup(0x73fd, &(0x7f0000000200), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)={0x34, 0x0, 0x2, 0x0, 0x0, 0x0, {}, [@CTA_EXPECT_MASK={0x4}, @CTA_EXPECT_TUPLE={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6}]}, @CTA_EXPECT_MASTER={0x4}]}, 0x34}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000002a00090008000000090000000400002c08001700"], 0x1c}, 0x1, 0x3000000}, 0x0) 6.565811429s ago: executing program 1 (id=1856): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x8208204) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r1) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)={0x20, r2, 0x309, 0x0, 0x0, {0x4}, [@ETHTOOL_A_PRIVFLAGS_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0x20}}, 0x0) 6.072351034s ago: executing program 3 (id=1857): bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000900)={'bridge0\x00'}) 5.806504675s ago: executing program 3 (id=1858): setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x5) ioctl$TCFLSH(r1, 0x8924, 0x0) r2 = creat(&(0x7f0000000180)='./file0\x00', 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x40086602, &(0x7f0000000000)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0x2, [@const={0x0, 0x0, 0x0, 0x9, 0x4}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x8}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2}}, @restrict={0x0, 0x0, 0x0, 0xb, 0x3}]}}, 0x0, 0x5a}, 0x20) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz0\x00', 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f00000000c0), 0x12) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000001c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000100)={0x0, 0x800}, &(0x7f0000000200)=0x8) openat$cgroup_int(r5, 0x0, 0x2, 0x0) mbind(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x2, &(0x7f0000000000)=0x6, 0x1f, 0x0) unshare(0x400) unshare(0x30000f00) r6 = syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0) r7 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) clock_adjtime(0x0, &(0x7f0000000000)={0x1ff, 0x8bcc0c0000000000, 0x0, 0x0, 0x0, 0x3}) syz_usb_control_io$hid(r7, 0x0, &(0x7f0000000100)={0x2c, &(0x7f0000000140)=ANY=[@ANYBLOB="00000100000004"], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r7, 0x0, &(0x7f00000011c0)={0x84, &(0x7f0000000180)=ANY=[@ANYBLOB="00000d0000006a10a066b224df247f0030f3b3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$LOOP_CHANGE_FD(r6, 0x301, 0xffffffffffffffff) socket$kcm(0x2, 0x0, 0x106) 5.232435526s ago: executing program 4 (id=1860): pipe(&(0x7f0000000080)) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)) socket$tipc(0x1e, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$key(0xf, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) ioctl$SNDCTL_TMR_TIMEBASE(0xffffffffffffffff, 0xc0045401, &(0x7f0000000040)) 5.035596418s ago: executing program 4 (id=1861): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, 0x0, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x24048000, &(0x7f00000001c0)={0xa, 0x0, 0x0, @remote, 0x307f}, 0x48) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000380)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000006604000008000300", @ANYRES32=r6, @ANYBLOB="0800b70004000000080026009409"], 0x4c}}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000440)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r8, @ANYBLOB="4200330000000000080300000001080211000000f80cdf28352000000000000000002d1a00000000000000000000000000000000004300000000000000000000040093000800cd"], 0x6c}}, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.controllers\x00', 0x275a, 0x0) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r10, &(0x7f0000000200), 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r9, 0x0) r11 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18050000000000000000000000000000851000000600000018100000", @ANYRES32=r11, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000a60a000000000000180000002020782500000000002020207b0af8ff00000000bd51000000000000070100000097f3410f4248bea80000371c03040000000000850000001900000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000003e40)=""/222}, 0x90) listen(r3, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000980)=ANY=[@ANYBLOB="058cb9abf70000", @ANYRES16=0x0, @ANYRES16=r3, @ANYBLOB="e70033005024e500080211000001ffffffffffff50505050505047000200000000000000080018000105826c180c36040600c03108bf07060205007107ffff0100000741dda1f2ddcffb69f79ad29beb592d407825849b6b89ede3d4f208b43673df836ba3ef05ec87ebb4485a9eba1bff5bf5589806e73d9e7f6065fdfe0f785c5c74"], 0x104}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000009000000070000000000000700000000002e305f2e00305f00"], &(0x7f0000000500)=""/172, 0x2d, 0xac, 0x0, 0xfffff8d5}, 0x20) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) r13 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r13, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNGETVNETHDRSZ(r13, 0x400454cb, &(0x7f0000000040)) ioctl$TUNSETPERSIST(r13, 0x400454cb, 0x0) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="98030000", @ANYRES16=r1, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r12, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) socket(0x0, 0x0, 0x0) 4.993432945s ago: executing program 1 (id=1862): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = openat$smackfs_logging(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) readv(r1, &(0x7f0000000640)=[{0x0}, {0x0}], 0x2) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_ABS_SETUP(r2, 0x401c5504, &(0x7f0000000340)) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r3}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x0, @dev}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', 0x0}) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r4, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000001c0000002000018008000100", @ANYRES32=r6, @ANYBLOB="c2e2ffffefff00"], 0x34}}, 0x0) 4.535730994s ago: executing program 0 (id=1863): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x24048000, &(0x7f00000001c0)={0xa, 0x0, 0x0, @remote, 0x307f}, 0x48) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000380)={'wlan0\x00'}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000440)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="4200330000000000080300000001080211000000f80cdf28352000000000000000002d1a00000000000000000000000000000000004300000000000000000000040093000800cd"], 0x6c}}, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.controllers\x00', 0x275a, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r9, &(0x7f0000000200), 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r8, 0x0) r10 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18050000000000000000000000000000851000000600000018100000", @ANYRES32=r10, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000a60a000000000000180000002020782500000000002020207b0af8ff00000000bd51000000000000070100000097f3410f4248bea80000371c03040000000000850000001900000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000003e40)=""/222}, 0x90) listen(r3, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000009000000070000000000000700000000002e305f2e00305f00"], &(0x7f0000000500)=""/172, 0x2d, 0xac, 0x0, 0xfffff8d5}, 0x20) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) r12 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r12, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNGETVNETHDRSZ(r12, 0x400454cb, &(0x7f0000000040)) ioctl$TUNSETPERSIST(r12, 0x400454cb, 0x0) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="98030000", @ANYRES16=r1, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r11, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) socket(0x0, 0x0, 0x0) 4.300268218s ago: executing program 4 (id=1864): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x1, &(0x7f00000003c0)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x1, './file1\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r6, 0x5522, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='contention_begin\x00'}, 0x10) ioctl$USBDEVFS_DISCONNECT_CLAIM(r5, 0x8108551b, &(0x7f00000006c0)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"}) ioctl$USBDEVFS_ALLOW_SUSPEND(r5, 0x5522) ioctl$USBDEVFS_SETINTERFACE(r5, 0x80045510, &(0x7f0000000000)) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1}, 0x90) socket$inet(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000040)=@raw={'raw\x00', 0x4001, 0x3, 0x2b8, 0x180, 0x0, 0x148, 0x180, 0x148, 0x220, 0x240, 0x240, 0x220, 0x240, 0x7fffffe, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'ip6gretap0\x00', 'veth1_to_batadv\x00', {}, {}, 0x11}, 0x0, 0x118, 0x180, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'vlan0\x00', {0x0, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}, @common=@inet=@multiport={{0x50}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0x70, 0xa0}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x318) poll(&(0x7f0000000380)=[{r0, 0x62a8}, {r0, 0x3401}, {r4, 0x42a2}, {r6, 0x1200}, {r4, 0x20}], 0x5, 0xca) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000001c0)=0x1b) r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r7, 0x40485404, &(0x7f0000000040)={{0x1, 0x0, 0x0, 0x0, 0x800}}) 4.020068134s ago: executing program 1 (id=1865): fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x0, 0x0, 0xfffffffffffeffff}) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000140)) syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="041817aaaaaaaaaa1004616cd69e8f8523cc489063e43cf5c28621c6033bc462f8c3bedc3a79008b291cc006b66efe"], 0x1a) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) unshare(0x22020400) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f00000000c0)={0x28, 0x8, 0x0, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r2 = socket$vsock_stream(0x28, 0x1, 0x0) r3 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000100)={0x0, 0x9, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f90d, 0x86, '\x00', @ptr}}) connect$vsock_stream(r2, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) r4 = socket$kcm(0x21, 0x2, 0x2) sendmsg$inet(r4, 0x0, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r5, 0x107, 0xd, &(0x7f0000000440)=@req={0x1, 0x85, 0x7, 0xffffffff}, 0x10) sendmmsg$sock(r5, &(0x7f0000000500)=[{{&(0x7f0000000080)=@phonet={0x23, 0x0, 0x0, 0x6}, 0x80, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x30, 0x4, 0x0, 0x0, 0xc0, 0x0, 0x0, 0x0, 0x2f, 0x0, @broadcast, @remote, {[@timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x0, [{@private=0xa010105}, {@multicast1}, {@remote}, {@dev, 0x659}, {@broadcast}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev}, {@remote}, {@local}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @ra={0x94, 0x4, 0x1}, @lsrr={0x83, 0xf, 0xdc, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}}) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r8, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r8, 0x0) r9 = dup(r7) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) 3.873086364s ago: executing program 0 (id=1866): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket(0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) io_submit(0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) unshare(0x6a040000) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19) 2.944329642s ago: executing program 4 (id=1867): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) syz_open_dev$vim2m(&(0x7f0000000140), 0x10001, 0x2) mkdir(&(0x7f0000000440)='./file0\x00', 0x0) openat$vim2m(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) 2.877659944s ago: executing program 2 (id=1868): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket(0x0, 0x0, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0) io_submit(0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) unshare(0x6a040000) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3) madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19) 1.978570464s ago: executing program 4 (id=1869): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r0 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r1 = socket(0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000540)=@HCI_EVENT_PKT={0x4, @hci_ev_link_key_req={{}, {@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}}}, 0x11) syz_emit_vhci(0x0, 0x0) r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000580)={{{@in=@multicast2, @in=@initdev}}, {{@in6=@remote}, 0x0, @in=@remote}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)={0x168, r2, 0x300, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_REKEY_DATA={0xac, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x1}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="7f9e8bc0f539cb4669bdb1f6d2d8811bf8d9f8abff4f167e"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0xff}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="6e327c461b8f48049c24e06a2cf126bf"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="490296d5d6918a0fc9c0d5931e6915ebc899faf41370298d"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="948b3e98c888c88a33cacd7b68dbe0a6"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="17a56e0c992d53414d26e00c043c09c7"}, @NL80211_REKEY_DATA_KEK={0x24, 0x1, @kek_ext="6ff889af5cf1ebe0d35a6817e13c3371fecdeb6d210a66b4bab53b8402d93f72"}]}, @NL80211_ATTR_REKEY_DATA={0x90, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_AKM={0x8}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x3}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="7c49c676f60a45115fabc997ef1ad52829c60eabf6c90676"}, @NL80211_REKEY_DATA_AKM={0x8}, @NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "2cc770c29543af7b"}, @NL80211_REKEY_DATA_KCK={0x1c, 0x2, @kck_ext="0bda7b3cbb263a028fefa1001c8df3a7726cbb5a28af73c8"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="f5686564ccc264316a137a5ecccb5793"}, @NL80211_REKEY_DATA_KCK={0x14, 0x2, @kck="b56ec4f57a02394dcb38ab7dc3e52ed5"}, @NL80211_REKEY_DATA_AKM={0x8, 0x4, 0x5}]}, @NL80211_ATTR_REKEY_DATA={0x10, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "c385517e4fe5e826"}]}]}, 0x168}, 0x1, 0x0, 0x0, 0x28044040}, 0x80) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xfffffffffffffe4e}}, 0x4040001) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000300)=@ccm_128={{0x303}, "20f97783e0562618", "b86276618c28b4d8281dcb50d10935a8", "0600", "4c9561cf64252858"}, 0x28) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) keyctl$restrict_keyring(0x3, 0xfffffffffffffffb, 0x0, 0x0) 1.898528381s ago: executing program 1 (id=1870): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000210100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000208500000072000000850000000700000095000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='wlan0\x00', 0x10) sendmmsg$inet6(r0, &(0x7f0000005f40)=[{{&(0x7f00000002c0)={0xa, 0x4e23, 0x1, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x5}, 0x1c, &(0x7f0000000840)=[{&(0x7f0000000300)="95a76b850b264df6c97cf77f901545e2a42392a265176d39506870f307978cb886648042c5dfb20058933bea26ee3176c9179154f5fc6c9f4b3d54cb08d5074b54", 0x41}, {&(0x7f0000000580)="6d925bde8a5699a65c5eefe108ec272f10a37cae2954fe5bd5a65260bee44588e8c7d2700007cb60940b2cbeaa21470ee0d00048e763b12f08a62a77de3a42f78ccfaaf6187111350c2afc54932f1d0f4f19bf9cad66883d5f8e49d40b2c320fe000b79d9d7c788419ff8b448ba8c956da4bc882cbaa7663059a5bd7b73a81c8f45036aa7258993acb599ca5d9bd6b902684d240390fc5639bf9d0246e9d9aa741a47f535737fdc22ac40a5272ce66a0fcea3b5c5eb12402588c81606142262ec3086bab54a13881b6aabbe3eccd7536b3d1143683ec8a23d1ab355720fa44a4e4845843ad", 0xe5}, {&(0x7f0000000440)="871045d7c9d3164a15e0c9be843dc4f5eb0fdf75f12336ca3b5ff8444aa3080c5e9ef624b3ee6f3c398396def972c5495563396865a18f9caa6b2ee37c593f6afb663409efd36c424641856913156414689745d3bc53f115b3b6551bd4120ee6c33c0274426d", 0x66}, {&(0x7f0000000680)="e2430604d593b0c925281a3562f673c390fc66a6e59f0c386b212a25e0a941019d3b47383142a3f3870b051ea61fa65e679c5c53bbf35ae44ecda67f938f5c50d0c5c67104bd219a8df7dced4e18322e5bd28ef530c92634f0261d54410ae36c3ab6cf0746f22e3170acd6fcc309dcaac9cb78ee95e0e8ad1ab709e622323d887437b5ee2cae29c8bef8c80afa3bcb97e6cf3232cd4a5ad97e52a53672808585a313b281f8ea3416746cc36fd154158503866d1693be7e21c5f274b0ad0b39aa1dff5a3c1e9f485039e08bcb1f747a62877a5f5bf1f1555e9a46de8cf743f4b317a57f4ced4d4701881ebb6d70153121f842defd4f008b02990e", 0xfa}, {&(0x7f00000007c0)="a8e7111f56a15928dd16bbcb8856fb4b5302cb55c0ce5d9e7cef0fb80730065c9107173f3e26bba54074b38bccdf0f6b699208d30d3b4f0391d7af2045b52665b4ff775faf83bf04ebfb000fc5", 0x4d}], 0x5, &(0x7f0000000380)}}, {{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f00000008c0)="378239ca4b97e18b0c0a5d684beef780f47e6d29b57dc531498651eae424d8544c7fcb0b2ebdb5377ec61ae427734b972365f8e58309f16e4468ea268dbe1faa0d876779826463d286768a615069260941f830e554aaa3c042d11ac22905f76ae97fba15f921c7df91d57151ffc060e41e3b95170ba32653b7d6dbcf4216c953fc759f56f30c1dcc584155284c77bdfd4be614c30194f167d9d09c28780b5a52443453d4574760e78e84ba2b12ebb7c61cc145eb9ae20eff322118e3460a64a14461343cb5b1ef3c456b878d866234b94022e7d15349216dd295f83b7246", 0xde}, {&(0x7f00000009c0)="fa0f3cdae794bbb37badafd38d3d2150b417f96ef4f30209187a67b6cc7b8395cdeaae380283071976fa85fe6f01cbb4ca3303f074b117ed027e21f847559e65938ba694d6a8eb12f2c852881f6c10858e22be9239c2d3de9e6d784bc3cf9f5316bfdd3451b07102d3c43af6538590aecba801067a4150209ea8b9bd23f71c39", 0x80}, {&(0x7f0000000a40)="d67ac7f7024db486fde0d4feb1dbadec86a5f7c4a29bb21c1acb394e79ff234331c2ac0c76e91364447acbb780aa9e6814ebd427c7930ced0f1ba9f0ca9640ee42543928da595522cb8cbddc4b2f696949c30bcfb8e399402e9858cd59da3f66b18d56beac", 0x65}, {&(0x7f0000000ac0)}, {&(0x7f0000000b00)="a0c0e4aa8575963cba5bbae5ea1400c190ab3178466c9928ae64168aac5317c56fa8cd4111c4f9a3012cc8adcfa7156b3a70513f1a937d02de4fb1ff8b870d6ed5ac73e4a579c0587f526d79c6dbbe3d5f6930ba42bbf8a5b8737f0a9660376e1044a508", 0x64}, {&(0x7f0000000b80)="b6b8567b84d026965abc131665d1ded8efe938939ee4d8fb468ea33e12bfedf9fd92328deff035bd32bd13e895f498e8054d5b7e06f3a7b5a3ec9ba734d5e39bac117e533899abd535207e7ce7dbaa3bdd758abc80da8f66635cb472e5a74d23", 0x60}, {&(0x7f0000000c00)="610fa1236324d93ee72421cd77be5a9d52f55c563624ebe9fb7c9498e5157cf9f41c7f27c3f7a75b0644638a10a39ca52a3499008f7c7708eff24b0ad7e10d94880d9dd9ca9a6016603a9d91926395fcb1e23261d2fd0d76bff57adb5d00017e013e03b7ae6a0aa4fba2995925e13185e7f4bfba", 0x74}, {&(0x7f0000000c80)="fbb63cdafca27c350068954695ecaeb237e1af9a5668fd9eeadafb00280f787d8251010d8cdd65774e6cbb7cdc84f2ee0a53e2e326c61c6933032b585e63b8ab702a10d4c6d2daf801b3fa54b1547fdc5c8dec4ac2710116082d12ed603788e68846eb85684afff350d99fff3afc540980264ec8ac8b86bf0346a6c0b818e5baafa13a7a146c0e", 0x87}], 0x8, &(0x7f0000000dc0)=[@flowinfo={{0x14, 0x29, 0xb, 0x81}}, @dontfrag={{0x14, 0x29, 0x3e, 0x5}}, @rthdr={{0x38, 0x29, 0x39, {0x11, 0x4, 0x1, 0x4, 0x0, [@rand_addr=' \x01\x00', @loopback]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x4}}], 0x80}}, {{0x0, 0x0, &(0x7f0000000f00)=[{&(0x7f0000000e40)="0f60dd17c9ae7b1960fbc1a88309f3ca0882d5453857474e6539def6772c33240db7e357f7a8ec5117a5811a0bb4c84f8966b92a29089ff24d0bc3c8a3b6ae37ce1586da5bd4230a90758ab5390e65eb5d64", 0x52}, {&(0x7f0000000ec0)="1f272357132c36623b1ded67536128735c2b968c", 0x14}], 0x2, &(0x7f0000002040)=[@dstopts_2292={{0xc8, 0x29, 0x4, {0x87, 0x15, '\x00', [@pad1, @generic={0xf0, 0x98, "6da6b48bca8ed9180e94a2f39abb4c65a7dcc9c74832e0d3d26dca9d29fcb045a451c9b12aa9013f82621f292b504032660b1bf0548482f4edab9e96f2174289a77e0d0372725a6f0036a80c98ae88647f296243dc3a8817cc5612d5f9d1157319530356474eb1dc0ec7e4eda8f585333d12f58fc7c0b42ad1c3276507bb39db8113a15c235cff38b368233aee062bdd43edbb715b6b0147"}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00'}]}}}, @pktinfo={{0x24, 0x29, 0x32, {@mcast1}}}, @dstopts={{0x60, 0x29, 0x37, {0x2, 0x8, '\x00', [@hao={0xc9, 0x10, @empty}, @generic={0xf9, 0x2f, "d595c747c0567d1f65f52872f6acc31f4b471ce3917fce77544acd871de6bc7d71f0fc00019ac548b928b2d48b3425"}]}}}, @rthdrdstopts={{0xd8, 0x29, 0x37, {0x87, 0x17, '\x00', [@pad1, @generic={0x7, 0xa3, "cfd27ff8b79428200a3b0226e2fef715e3a57573cba7b50acbccdcd0bcfeac98965de5beccbefa4d3026a08e314a5299df398b4146cefeb2923e48d46e11d2600cffdb89cf08b9da2e7f821dfd231c1844194f1585e38551df2dd74c84289717eb916b8a4645cb77e065e075300fbe4523e2ea39ec2dfc57fa49068d6246c14935e2d0f5af130c98f5d3a28a084c0eed4da7bf43cb1295acfdfbff73b0bc2cbb1454f4"}, @padn={0x1, 0x2, [0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x5}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x4}, @enc_lim={0x4, 0x1, 0x3}]}}}, @dstopts={{0x1068, 0x29, 0x37, {0x87, 0x209, '\x00', [@padn, @generic={0x6, 0x1000, "726d91540c3fb8a90f22a7ea5a71a48f26b99b89d2e5447bd1edb523725aa7f9fb5b2e4991b4468f30a0efb0487972d14539f10c971e6190ca0361597994dea8a0589e9ed211a9e34166579721085e70bf5228a92d5031a6c69acc91dc4388518210dfefd66c4547b4e5a6fc494223c1580f6d5849f7a15d80b5d5fc26f294a7f7710ebed5d4cffb80694273240c1df36111aaf38f83079d47cc13dc87f6c911ae132bf83c6bee78c35363513848530d8efd58b3384e40ce38baf669863c029e58a55939cb69ad8c72118a6848db109f68901be9c04e299e3e2530d74f3d51ce8508076cfc351cbd54db4379d41dec1351b5fdb9df191214cd22e1547838fd605af0bd33464bb42363748e39f789c10ea33222bb26d0661eb0cb5b826c6d1300b382b9d43d3b097f69d718926760151855675d7670804a63cf540bd44d4d5f6a3048f123e34ce7f723335f35dac1d28700595ee8ad874d28a343962d2ce9501ec73c718e9f55c2275289ba18d8f8261ad15187333aa4f4622d716317ec4542255b1d582680fccb2d92a50a5c23eb3bf59ea8f208c336fb2a9e4f3cc16bdba146136c4cad1a7281feb32a718850529e7e1b7ae007c8f96a9a115ab1491004064e5bbf24f8426998926717f381aacd0a0050ebe4a10e3a7a80ec7f1166f218e4c979960f9e07be7246b7823e80ecd421d6206436dfb8805eb3d5406cae041a62b88b311bde2f0f28d05af105cb8d6566f9b85539c4c1a992756c98565e2ea69ccda79906c5462e1c750bfe721bc5387fa8adb07eb847eef8353a7e2c0c1c37d4908df7791f76b0559a2fb0b3f1ce58610076888075f21807660029edd500599e45f492ae6b2766315d4a4a2ef09fd07876d863c64374e4d1941508ad2c737ff22175009a19e8813324031c21ab915f16885e4d29f045e28c9630f3ff84f00193dc4d3d46c41a6d193c91f6e65ecac94c60983c167afd4b1847997fbb4dcbd8a4208efb69b7740d401f80b756fa8c34c55e5ec8176df0e4c718473d131a743f7501715fa9ba75de35faea2ff235720f0b46db248a9f210e5bb912ca5fc577b5e6cfea4b5c724aa7f922063892a5f65828f0b6e3e5532d6fdd608b515a8b078f03be9f118f052d6f350487f7019f3a3f46045ec383c61470cd5b9a3cd5c259160605b0b41d7aed63ab4d107df80029094a25458bb1593889c422bd10052c29cbb8bcf034bcc7c0a63c6adb8e62e55ec2674278174ed43b8e84e128a6cc9a5db2d12cf99137037f7d633b6b2d9a158c89984789d3760b9a32e403790ef16ff9f0ca47d150700d3c2cdaafca9028d946c3889436ac26f44c6895bd7f272413471ae8139d09cbb6cfc0736bd153989446f2f37572162ea45b69706d90e3cf433fcf59217cb7ef976abc1159be52993605b03513aa63676cf07009d44926f05e1114551fb328d1a411a30d0ee38452af1815330249ca53256bb5410a7cb882a2a9fda684afdadb27bdc60245777fd20559129053a984b29d3fa7ef2284985df3b71e09c09b6e618a8486b684ded9bcc1977aed2769e693d6fb4c16808e7d2cfc1b8cc1d557606ae169615a1f14c2dc92928fc571122af87e70531ca80231ed918cfb8f0fdb7edd9503580490df9bc192d2dd5b7edc78497ef277b39db99739b74c6119253f02f2ecbbefcd14b32dffbfc75bf140cf51c562264392dad9b8662932e4087d27e4184e5a7dc5df07ad18c3e3c091c076644d3f9aa05488737e800b13391469750d3016258f8d738ab18f60a35657b76ea6a7347af652424dbed68a38998d8350f12881d90aad9acb3084ba275e74ed5bc9a2cff029eba68e9fd11d88bc36c2fdb381c832abd4c2c2d3b20ed76f5b054dc748cc0b85df49828b994745ce1402b2523e287c75a2da5177ced002c365e4e5260d8399e040c84e3d9f33777d4ad873c659de7df56e1db920222354437c77b93db4975046c1e5706e4ee422954e6482a12f26eea658a3a004d127d1d200eed25e44f105d0b39fccb55d1ba9d9e20c33faf337e29dc5c31bb29863c197875fb1f15b2b7680118a24b859298b8018e2758c19860962ad6d693b9dc5ec9a26809575b853dcdf5eed85d4487576b4ec8a52ad68cdbdfddcbfb60e940d94ab819d3cec18ca490a9206827c2089516d9d2807deb3e46054a61dd276971c4dc12dc32f76e574e96ec82dc2ef43ccd5107112f7277f728f6494bcfa263318107b32a8d92b57dd31a31964a69117f2dd3090d8bc3c5fb2881ddf9e9b1cc29ef77ae2be661abf2f99854aec0041d5e0e458e2180db6cb1e26a6ee244ca1ecb749ab7f94a2c6ebc594bfffebd53bc3cc20fbc82c529564725e538c39644374a7f7b3e9f8e8353f6fceddc8dc3bfdf78946da939c5c34e9c978bb5591788976f49696004cf3c7d0ee83f91e534147aeb3ef826ddebf1bd2c48dd09f264d014becb950f12a0d6e0a8ad9250bb09f56cd2ac07baa02fe720bbcace16f3e8847661b53d133c9029c2c5a44709b9557efc6e06eaed1c09f2fd9d4b9161e4634813be8e543ad6d7acd41d927f32e7fd539a0ca01563e55a848c440f2af4ecfdadab2278c66d0e87645661a13e3ec083b7a32475124e4a8b509427c6cbf17a41635f2ba4835e8ff7e6371d9a9da5f2c5c72a6fa3885fd33af8e9b9839461f151c85fcfd3e59453ee2b086bc48114d7cc41ebf7574806d7c47248f1e706881c1bf884a9a3b7c0115f49a6170f73d9c0fc5fd8ab9760bb59b4b265ebbe470b81a530acefa4cabbf78c369b782aab884a4cf18bded71e06e74134ca54ee3f216d874646b03f76cfa261b74b3230b4fb50f959be66e8107b474cb3c94f83032c9abb4717d9efdc16a7c604363108c5f803cf3e5620ff436de66c3f5d30ef80a34b648ef528778f50d82b2fb5b4f54cba143ff8eabc668fd2623fa94544b3bd56198bb73fe8c6427d7d4ca609ca120509cd3a4235028dc78f12295de122418efa2a316cf88c7f3d2c12194ced38c86fec6992037bf4427e65ef0dd3147d12d4ff732a3f48ff4bc66482daa950385070173e2046052d10daf6b3d6561221520ddce47a3f736cff0a62947a89e01c1c28acd2752d67a27cbcc54bd52534de98dd6db382c879c823358c91bb60a55f7402e5cb95c29eab3522fc3cc2f8e88de2998ddd145bccf0698f074113bfe11390ee3ddec1437308cffbf994dbb80e6117698891a520943dd216a009da90aab62d6f90e04a9acfac379905ec6b14a0ddccce2f1f9c56adaf8a6f582d12d94e45708165d76fef7a3420ae5d4cd9d85c0e81ff3f1ee444a7a64165a273391041e2e71468600ee889dbf080e29d646d51d48838f8f251b0b3ea3fa0f42f3bec2385694b385fa92dcb0f676c49361506da28da2a444fa1b5b20a487d553d9bd1f0a6fc55ccfcd6b44be904bfabbf0756ed6f53455d14ebcb687de38de97e182cc7c35f80de509c2d63f88f3d54edf50eb1b6d81d92ee35d4591c35cb3cbd221c32cf6c4ed0338abd382d407318b79aa51a38f3e6043793f5826280c986ea57cb54ad0f07615a1f005314387066dbb35ca1d82a28fa49c755ed26c0800d58de81df0dd4f13a84e18ddc3b9e8d7064bc308c590d38f13620f77a6476f3808213069cdb7945186c11182574bd91569951ed3e2c8491eefd1da6afa9aae050cf04151a8cc37d503868a2ab9fb6ccbcff27025fd4f603af13b716c279b80728b8a1aaae6aaa803cc830b7e1a32d9d87505e992d13060c96acde9e56429ec8346455dabbcf75843e74388c72288a1aef84d6d126a464526f48a4069d023b723cf86511110f646d12976720cdf635729012dbf94f094249bb0fbd94a9e325bb5f6e2ad2477a16c47734f1b1c89b9a9bba3a90469955a46bc1fa62c3ac83e3b505e350fadd7aa91b24248d9912a34d877d5d4079eca6aadbebeb99927d421e9b04d155a378cdf0d6fb7f773f0869d385dbe27e035067eb32b4cd4d5b55ff611b2f2bc5519ff05bf30486f8cf92af977320438b0b947f6507122cc7de089f03c4d27a494300df0ab260b03090af6fa5a4752c87027631f65c0ef568fcd08db656c6878fd1c88d4496f3f9be76c30a02bdf393dd52786b28c99fc92ede577c1285caaa399cee9d947be3f69c48c276e0fc151e4ca1d93dceb49322c8e022b39e3c9e289528c40db8ccb27e313dd28d932e1f9155c6f599386d5f74481b0b0da72991cbff0f8eb8548aa9542d88a4114f6ee16465050b11946b1428fab3bc1118efd9460c90ed95ab715898beaeaca1339f641d3a4e6a20cff6301feff606f62126f5957a084d4c37893c8808fd8afc8f7388f9e0075a40db93c53153c05b3e3500430dfeb0d2cca6bb663f7a7588a67289c2c9d0ef9a93e6603a987c8b2213791e5d880edfa8a386d651312d1ae2410f6a9095d6fb1b3af8050c38062dc76fffa2fd43ae56105b3320d0e07335286f0b26bb72c81c2ac5c635dd14e128eb39fd8340069a6a2df1b03135a0d15453150d791f1c8767c9633f8369019d3bf27d5731bb1923673eacbb1eed0bc5748fe9704b2bc52af50dba1167e07994f3b78a94bbe6c13c042190197535902c39ce38ab2e89f0652c1284b4eb3777f283cb32e983d3473f20c470a5d2ef4cb56cdc463bf874b017333551f81ac9fc9f4bb0e8236087c93e5b4dde9dd28d9730bdfc3c78b139d18eb9118f95e288ea1cb2e0a0a7ded1a3dc3771711542c8b6e32c5be5d9ef3ae3449806872868b5d90316f96c5b786d13b4ae5a33bf1a84b8218f2e6faae67bae01fb86538f62b1fac39a6d00ec144be6394fb91c01f38483770e97aaf5cb856b570ecdfb8de7ee1e4bc924997a3a5280d4580c86c8cabcd5d473d882bd2dd6cb023ee992f8d26dfd8ee9e356d9eff3686f8846c425a033a9a23cab9811dc6e421ba99934f8ba0455f895f2363046c2bb96f37252510551aef057fdba48885fb413b47f5a59b94e546e83a5e0be65d8b38d43c9a6f0a8d1c3c0c50aac2efe922ff9186e933538f5a83cd8106a82ca1119d8db30fe2eba890b3a71d954064301ed8023f4864bfd56d5b24bbb93661a8d38d10d61661a3f46b662b0c4201f994346a8d74915dc297bb36aaf3d64d5a3254774323db20881016487bfc83cfbbf85a7521edf2a39ff3a64ae28854f96a07be5b64f47bddcbbfacaf84e96ec74650e3bfd838084afc734d843c24cccbb48c9841c39cb74b6f4276893c46f97134cf423606efbf2e6f3533951069741a11aa5e5aabad260795a039b18713af2c17a85ca637ab34ed921d849d769ac9b3b0f100ca82bf4cc55c9aa878b20f50d5cfbb98ac7c1c948882e2a32d7eb91fb4d989efa2e41b62f9b9f6a2fa8b1a8b359dd82502b56b6f92a69aa6f0fb33261edea07b59727b519a22234cb1cbcb190a5ae8f4c0ee69542560f242dfee20c7e1fed044de1b1b40e0b718d830f708456c1f00ae254e392265141b7493a2df3ada3f2d082677d57fee8bb66212036e5696d4a534c8ab98425ccc28d90b03897fbad8388b3f2affd7d0cc7966b129a64fdf0c0720aaec7dedda05596177dd8ff3ecb5608da636ef4a5d7787e27f4afa816abf63c0e2c22c0f3dd6ccd3a8f9d30bb1f8050b8d1caa2ab0d7bab74b87f7642381cb8b7d1210e51d33b54c725757217071d50bf0a1c86c5325da54f586f14a256c07a771b662782b443e7f640bfca7f37bf8c9de2d458820344f40eb6a06e4f191463a12907e4bf02098ce9099c1872a35d45e1e8721adc996e134cabab4b443e4c2c236"}, @padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x2}, @calipso={0x7, 0x38, {0x1, 0xc, 0x2, 0x5, [0xfffffffffffffff9, 0xd611, 0x3, 0x8, 0x0, 0xffffffffffffffca]}}, @pad1, @enc_lim={0x4, 0x1, 0xfe}]}}}, @hopopts={{0xa0, 0x29, 0x36, {0xf0, 0x11, '\x00', [@ra={0x5, 0x2, 0x7}, @calipso={0x7, 0x48, {0x0, 0x10, 0x7f, 0x400, [0x2, 0x1ff, 0xbff, 0x8, 0x4328, 0xb24, 0x0, 0x7fffffff]}}, @calipso={0x7, 0x38, {0x1, 0xc, 0xb, 0x3, [0x7, 0x3, 0xd3b6, 0x68, 0xffff, 0x10000]}}]}}}], 0x1330}}, {{&(0x7f0000000f80)={0xa, 0x4e22, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0xffff}, 0x1c, &(0x7f0000001180)=[{&(0x7f0000000fc0)="df20f69cf0a0e5bfb785e190594a55a348ee9ed2917a96cabb0e3fe71b7fab6583686435e58c45f63fcb2878e3e036e561c4ffd910321f808c9c11471ea75f017f7e9ed9559cf69b880b7ad21697eadbf78bb105ef", 0x55}, {&(0x7f0000001040)}, {&(0x7f0000001140)="acd161870a1266e6", 0x8}], 0x3, &(0x7f00000011c0)=[@dstopts_2292={{0x58, 0x29, 0x4, {0x29, 0x7, '\x00', [@ra={0x5, 0x2, 0x5}, @ra={0x5, 0x2, 0x6}, @hao={0xc9, 0x10, @private2}, @jumbo={0xc2, 0x4, 0x7}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @empty}]}}}, @hopopts={{0x1e0, 0x29, 0x36, {0x2c, 0x38, '\x00', [@jumbo={0xc2, 0x4, 0x97}, @calipso={0x7, 0x30, {0x3, 0xa, 0x8, 0x744, [0x7, 0x8, 0x6, 0x101, 0x7]}}, @hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @ra={0x5, 0x2, 0x8}, @jumbo={0xc2, 0x4, 0x800}, @calipso={0x7, 0x38, {0x2, 0xc, 0x8, 0x0, [0x800, 0x2, 0x3, 0x2, 0x1, 0x8]}}, @calipso={0x7, 0x58, {0x2, 0x14, 0x0, 0x5, [0x40, 0x3cdf10c7, 0x4, 0x4, 0x8000000000000001, 0x0, 0x0, 0x1741c420, 0xdd60, 0x7]}}, @generic={0x7, 0xc7, "0a845df64b789b02f452fffad9f01fdb812fb0a7c95f70cc8235cfd36cee7009551972b0840bb92aa49c2a2e102be0cc7d79fe61911b12041a355fbc4b8449e46fdf4ef819cdac58e50856d9a9374a6399f5455676f31c8db3feeee639bc9f2463fe58038286e083b91da9f5be2820f29448b26548122b6abb52473d6dd16ea99701bee22a50611a857be14ee6107e3f9c7a692e38985cc256bbcfd75caf49fb4253036e302e83f1f82b6bc31335a3fd772069e0672c76af7d974c03281937e1064cf8e7e7ab05"}, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x1}}], 0x250}}, {{&(0x7f0000001440)={0xa, 0x4e23, 0x80, @remote, 0x9}, 0x1c, 0x0, 0x0, &(0x7f0000001580)=[@rthdr_2292={{0x38, 0x29, 0x39, {0x2c, 0x4, 0x2, 0xf8, 0x0, [@empty, @dev={0xfe, 0x80, '\x00', 0x33}]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x3}}, @rthdr={{0x68, 0x29, 0x39, {0x16, 0xa, 0x0, 0x2, 0x0, [@local, @remote, @mcast2, @mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02']}}}, @dontfrag={{0x14, 0x29, 0x3e, 0x9}}, @pktinfo={{0x24, 0x29, 0x32, {@ipv4={'\x00', '\xff\xff', @loopback}}}}, @hoplimit={{0x14, 0x29, 0x34, 0x6}}, @dontfrag={{0x14, 0x29, 0x3e, 0xe9}}, @hopopts={{0x70, 0x29, 0x36, {0x0, 0xa, '\x00', [@generic={0x8, 0x4f, "cbbb3db4fcef2e3e70644f44b068c33a564ad2a9372f772808c1a6e40ecab4792ded69b574fc5aa02309854b4e7bd3226a4a58967766713dadaf819480e2ccb0d5f96f8b6c0e9d296421eda7f1c3d1"}]}}}], 0x198}}, {{&(0x7f0000001c40)={0xa, 0x4e23, 0x3, @empty, 0x6}, 0x1c, &(0x7f0000001dc0)=[{&(0x7f0000001d40)}], 0x1, &(0x7f0000005380)=[@dstopts_2292={{0x20, 0x29, 0x4, {0x1, 0x0, '\x00', [@padn={0x1, 0x2, [0x0, 0x0]}]}}}, @hopopts={{0xe0, 0x29, 0x36, {0x0, 0x18, '\x00', [@enc_lim, @hao={0xc9, 0x10, @private0}, @pad1, @enc_lim={0x4, 0x1, 0xfa}, @generic={0xad, 0x9f, "83c66e1ceb4aef15cd4523a9267527dbad81ac7cdef533965f9f68a164172859800825905784199195c9417be24b697d88a471bd564ffef81c20d558d96541637ee697225707286f9da78c5e90ef1bef72441f262f65cd00b99d07e3d6c638d6292d94c3f5afb8a78c45449d7db4cfff35e6c707aafed9aefe64caebaa73ee40a34a632b5a8b963f04d08ddb2dc6e44d932f53dfd0baade52806b8d3e581d2"}, @pad1, @enc_lim={0x4, 0x1, 0x5}]}}}], 0x100}}, {{&(0x7f0000001e00)={0xa, 0x4e24, 0x57b, @empty, 0x4}, 0x1c, &(0x7f00000057c0)=[{&(0x7f0000001e40)="d51acf1af484ed611eea3d21", 0xc}, {0x0}, {&(0x7f0000001f00)="8c4e43ee08c5da4dcd8c0ceef83ca684fcca9c6ba73e8e1c861f5216166092cfcb2592bc0abf5737cddbe91cd5e0575a57383c6e799dd5e17d012696b8de8503d09a67c35548ead29d33feaf0ac458e9c8e7e63209b0554f9dcc0503366756d1cfbb674a3fadab26bc2f08ec06c8986cce8b9a5f6856cbaaa44e5930a8b29efe353e81e45315bf729a48d11c1552c7a5bf769da5c4a1f890251aea62a0cc5439cfb76bc6d8f5d6bd70f2e396d1ce35e42d76d580de67d2820dee9cf32b", 0xbd}, {&(0x7f00000055c0)="bc21d8a0f1fd6d52b71cb17d2284d7a53ce79e15f63a8b4457c73c9e7bcc3017e5359a28109eb72a18c069df9d131782fd0c9a3e07bdf76ea2e5e554399f246b94edf373cfad2cc3127ee30531500513eb4cc121d7bf10d5d4bfbfe20eb78088ebfc311d31446127c19fa44b87ddbbe998a111c22ff7e836671fa922", 0x7c}, {&(0x7f0000005640)="342c1340bd9fef5a1f2aa733c91bb5ea00239b3804ed93d42c7402ee6ed9016eb56438e5f3d951403f4f14067a9f23fbed6fc08a27d841a4102baeb530fa0d39f64d33f8e2ab271a3fc848fe94c2d5135a58a93181a27458f49cd25dd663d0cdd92682004e1476b60cd683aea7da1f9e77af7f33f8409cdda699572884d56470960dae500d82078c079a35a62c5afbdde59ddaef4c8ea688226a52dcac65c1d532bccfb59478d196f96e4ad844cfbffe18cc6dae7ac4f8e92ffe3e91f4e77ffe1e6c9e93c3c46e843b6aca80fb78efee2958eaeedb13db419f4e1a798b3054df70d40b0f664d7dae36ac5b1133931d7826cb8ff33e3f911ba6ae55d3", 0xfc}, {&(0x7f0000005740)="6a092d86aad69c7dc475425617e5c97d01c6d098ba7f4cbc767a7241bd935bea810f92dfa5f75b2460af1591d8cfc53459a7f2d2b182c9bacf4266e6cce500a2f496543315d211aaded80edab87a88e4d620dc7f3ca838fbc4e645cb7e66ea93a5cfc1a2e8", 0x65}], 0x6, &(0x7f0000005840)=[@hopopts_2292={{0xf0, 0x29, 0x36, {0x3b, 0x1a, '\x00', [@generic={0x2, 0xbd, "1a0465072c6146d954ddf893d249b8b3362578b56d7b4b7b24e733b272f105132da6f2fdd6728194cb955063b3e4234b177a060123abe149ee4b083dad1c67fadf85956176b6de93df4c2741713fbd629a9556d9ab5b756eebf8b58508c535fceec65ea9c35dee206baa4a308adfd8812ef9bcff989b0f08f91b57732105a0d8c205fde9fa8dffc4355e5c66b704dcf7bb34671834704df1e86716c7c4b19494eb675b27ab5185ede895b3c40b892c787f89f95547efe360fe6d5b5401"}, @hao={0xc9, 0x10, @private0={0xfc, 0x0, '\x00', 0x1}}, @jumbo={0xc2, 0x4, 0x4}]}}}, @rthdr_2292={{0x98, 0x29, 0x39, {0x0, 0x10, 0x1, 0x9, 0x0, [@empty, @mcast2, @private2={0xfc, 0x2, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @local, @mcast1, @local, @remote]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x9}}, @dontfrag={{0x14}}, @tclass={{0x14, 0x29, 0x43, 0x1b}}, @dontfrag={{0x14, 0x29, 0x3e, 0x80000000}}, @dontfrag={{0x14, 0x29, 0x3e, 0xa3}}, @hopopts={{0x30, 0x29, 0x36, {0x73, 0x2, '\x00', [@hao={0xc9, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}}}, @hopopts_2292={{0x68, 0x29, 0x36, {0x3a, 0x9, '\x00', [@generic={0xe, 0x48, "95ee243e82e555597c3fb44d63d8877caf2314ce098bc1921d07b608430850d57d0a8ecb5b39b2dc9b0834ed7f5e81c0e604f8a605938bcdc20489fc04d61d59cc050985397d1886"}]}}}, @hopopts={{0x18}}], 0x2b0}}, {{&(0x7f0000005b00)={0xa, 0x4e21, 0x8a5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xffffff01}, 0x1c, &(0x7f0000005ec0)=[{&(0x7f0000005b40)="f80c1bf04b0f5506a98b881f19d05632db2323407316407fa2a01f656e18cea472e17743c3d0d3796abb4efa64a1a79080080704ff6d88d598622f75e3d290e6b4440bb92dc5b912e23c92c28e6f229d0f9dc62f814be99bee9c89980e0d8d314c0cf1849de427a811f002fbd3b0093762babd", 0x73}, {&(0x7f0000005bc0)="78d644dc427e779c654fe551826d79d81bf7b355cc556a34d23d8ca86f4c5fa64ef257d4ce19dd0698c06d577c2ced65afc62761121e8a033c3e268847571b08979ab860a57fad226cbd34a54e2a295b03229da4f26513c181e95afaaafce5cd38ab19f7989efa69f686d37757b22462566c391ea1649edbaa9a6f458d474b3143f3982a6f", 0x85}, {&(0x7f0000005c80)="6691c58c0d5d2c4a04433d4a9ede975b7e941e548289db44c5db0f6fc0850ddf2efff5391244ab1e61710a8178a09367d5cd3c0ef1803ddf28469a705c26bc699f908a0e08cb3a5dc9ef8c9c3e27301839a81a2592fda295db81d694d126adf5ca4a486022b41717ffaea778c902189707e3783bf051830a3f7ba98fa66ef5081fdfab494104a4c6299cc627a46e60087e6f8039143efa050f81ecf81fc635b02c893b3e28f46563da6b2f346c6135cd951156087350c0b6d0a96dfd", 0xbc}, {&(0x7f0000005d40)="308d2835d9b025dd1e9bf1137c08007e163b", 0x12}, {&(0x7f0000005d80)="2a90f1edf886dd482f4e287595afd0c3832f6d57e863403810b9f1ef58e6186cc0eca049a0d8528e771da353280e72f6c13c6a60ff4d7f59bd8c9b6dc4aa9a16618a68ba15607def273ae7cb49fdf29f14688ed3ebcb6e9a3c838996dc33d51393de49b4a39aef2308da442cb36e793a6bd6bbf3ca364e344893f8ecb975bf545b06a83c29d4d00999044eeb8b31b43615de0df89b850c5fb4eaf60327a66e6ca195cb5897a14ec6dd381be73b79c4f07eb4225684aa37f7890b109c98a0e7b24e41712d9bc2fef59d8840f0ee32b48cf24103b317f2be7fbbad36584e3c27026ea9404effc808b9cd7a6fc2fee11d478d1034e75ee29970f9a8c41c67f0e2", 0xff}, {&(0x7f0000005e80)="aa55f5dfcd55fa809ce366202ac26da3680ce5acdca99d9983fab322573f0fe3d6bc4a3f380f52edc089b0c63e9498ae", 0x30}], 0x6}}], 0x8, 0x40048095) socket$xdp(0x2c, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) sendto$inet(r1, 0x0, 0x0, 0x24048081, 0x0, 0x0) connect$inet(r1, &(0x7f0000000140)={0x2, 0x0, @empty}, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) connect$802154_dgram(r3, &(0x7f00000001c0)={0x24, @short}, 0x14) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000002000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)={0x20, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x7f}]}]}, 0x20}}, 0x0) r5 = socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r5, 0x84, 0x83, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x85, &(0x7f0000000180)={0x0, @in={{0x2, 0x0, @empty}}}, 0x90) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x2, 0x2, 0x4}, 0x48) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x15, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000080000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000100850000000100000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000401500f8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendto$inet6(r0, &(0x7f0000000140)="6382", 0x5dc, 0x0, 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d80)}, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) 1.78617169s ago: executing program 3 (id=1871): memfd_secret(0x0) r0 = syz_usb_connect(0x1, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12012000f1048108cd060202d4920000000109021b1901000000d40904150001da40df00090582", @ANYRES32], 0x0) r1 = fsopen(&(0x7f0000000000)='sysfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) renameat2(r2, &(0x7f0000000100)='./file0\x00', r2, &(0x7f0000000280)='./file0\x00', 0x1) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x31) connect$can_bcm(0xffffffffffffffff, &(0x7f00000000c0), 0x10) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[], 0x448}}, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r3, 0xc0189372, 0xfffffffffffffffc) sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="14"], 0x14}}, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000200)={0x2, 0x0, @remote}, 0x10) getsockopt$inet_mptcp_buf(r4, 0x11c, 0x2, &(0x7f00000000c0)=""/63, &(0x7f0000000100)=0x14) syz_usb_control_io$hid(r0, 0x0, 0x0) bind$bt_sco(r3, &(0x7f0000000080)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x190180, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r5, 0xc018937c, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3, {0x4}}, './file0\x00'}) 1.356115238s ago: executing program 1 (id=1872): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x8, &(0x7f0000001b40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f6fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe508185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff90326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c6be0ed9257851ed916219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c5b901dbd7387f49e0b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000053046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25132a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a068c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238e3fee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e89884cb73f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182060e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000008835196ed0c6a1c1d4c140e5ff0000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd574d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d0104361c37c61a43b5afd865b60d4cae891b73220f17d25979a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fcd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d372e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36d3cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e64701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4faa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a2689217380400a9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000020bd79e41c682139c58ac1deb039a691ad640e12c12fe11d70fe495906f200d71778acbd4eee53a3996cb0de84bd2b059d60c0f96a53ea44e0b293865aa68df494f87db976e36ad6c06912244d4c883c4aaa60b4a1392ce0b2f2c519663b4652ff871e0f6dfff9f7d34ecf04be0a58c3d53174b67d1886e34b81ad8c60da56acc64739c3acab24aa8d0ac92d465074f915608b1b60a948bad401b1a7fb3627bbe6c45123ed44bfdf8cc143bd1b7a663dc3d0476b8e39becffc429e41f66b1e37ae52aacaff0f1dc8ea70b68c25072e20586b19127d75fa71577f265c5100000000000000000000000000028bfaaf1dce7970ae04e33a3d130761c0c0a53997716ebfa0e03c0acdb52e4af877a339d154fea243453e69bc89bb18fc501cf3a623bb871047060234ebc21155d0dc6efa64749afb63a0f8a9c28f62861e826ddf243bd9dda895a9b24d38641856dc058040a418e15139c0b13d52258254eacf045386abe27e8756c29758330146da2e25822afd92467974f70fa71a971517be63845c1eeb1a7a39a8e01750a67925746ffbc35c0046a1d660ebe5967bbc0496d0c9ba9758f9fcf46ecbd2e07523af5e56ff1d8eee549ecc92b0d13ad2edb0149b25debe70d227afb1ad45991bfb63f7cf6a8b5bcabf504d7fe21df0a23e8615055df856d88b7379a4c4499d01221d10c286c10b12ff5c89903806eab61c18721be6edc3d0fdbe2448f130b87b375f0de009ac38fd159a9f54771388f54b50caf5caf896ceb214b298b524c6cfeca9e0343038c68de8856772de2c498e191b9da24cc2a4b722c88a0fd2cca32ea9445e06549d1b5e9c1c90f4de9ce818694c1ced8354729bbec6a828876dae455e24f0f40490aaf80825d0fcdd8620b43da6b7f94c82aac9b256a469312aff3411ac73a377f01f7329a8027d9b47212c2ae9f2038152d0e99b4622a6eb35ba206e43cfbb50ef80b84a1854208c8414b309eb8a3408050772e161beac866e7247b3dc245c9ea14965f2a1a4a97c8baa5a4dd9f8904d47"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x49) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='mmap_lock_acquire_returned\x00', r0}, 0x10) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYRESOCT], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x61}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r1, 0x8010671f, &(0x7f00000001c0)={&(0x7f0000000440)=""/111, 0x6f}) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xf, 0x4, 0x4, 0x7}, 0x48) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r4, &(0x7f00000002c0)=[{&(0x7f0000000280)='2', 0x1}], 0x1) 764.305328ms ago: executing program 2 (id=1873): connect$inet(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x1e, 0x0, 0x0) recvmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, 0x0, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'dummy0\x00'}) socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r4 = socket$inet6(0xa, 0x3, 0x0) connect$inet6(r4, 0x0, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$igmp(0x2, 0x3, 0x2) r5 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup(r5) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="6d706f6c3d62696e642c6d6f64653d30303030303030303030303030303030303030303333362c687567653d6164766973652c6e725f626c6f636b733d652c6d706f6c3d7072656665723d72656c61746976653a34313a39323a310e2c6d6f64653d30313737373737373737373737373737373737373737372c7569643d", @ANYRESHEX, @ANYBLOB=',fowner>', @ANYRESDEC=0x0, @ANYBLOB="2c6673757569643d30376465623239352d3800cc352d303934662d323466652d636161783366f8150385cd45dbb8a60233b6a0c7986b65622c7365636c6162656c2c7065726d69745f646972656374696f2c00"]) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000e00)={0x0, 0x0}, &(0x7f0000000e40)=0xc) mount$tmpfs(0x0, &(0x7f0000000d80)='./file0\x00', &(0x7f0000000dc0), 0x0, &(0x7f00000002c0)={[{@mode={'mode', 0x3d, 0x7}}, {@mpol={'mpol', 0x3d, {'interleave', '', @val={0x3a, [0x39, 0x3a, 0x2f]}}}}, {@uid={'uid', 0x3d, r7}}, {@huge_advise}], [{@func={'func', 0x3d, 'FILE_CHECK'}}]}) syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b00011100000009", @ANYRES32], 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000000c0)) socket$packet(0x11, 0x2, 0x300) 472.919996ms ago: executing program 4 (id=1874): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, 0x0, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x24048000, &(0x7f00000001c0)={0xa, 0x0, 0x0, @remote, 0x307f}, 0x48) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000380)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000006604000008000300", @ANYRES32=r6, @ANYBLOB="0800b70004000000080026009409"], 0x4c}}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000440)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r8, @ANYBLOB="4200330000000000080300000001080211000000f80cdf28352000000000000000002d1a00000000000000000000000000000000004300000000000000000000040093000800cd"], 0x6c}}, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.controllers\x00', 0x275a, 0x0) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r10, &(0x7f0000000200), 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r9, 0x0) r11 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18050000000000000000000000000000851000000600000018100000", @ANYRES32=r11, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000a60a000000000000180000002020782500000000002020207b0af8ff00000000bd51000000000000070100000097f3410f4248bea80000371c03040000000000850000001900000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000003e40)=""/222}, 0x90) listen(r3, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000980)=ANY=[@ANYBLOB="058cb9abf70000", @ANYRES16=0x0, @ANYRES16=r3, @ANYBLOB="e70033005024e500080211000001ffffffffffff50505050505047000200000000000000080018000105826c180c36040600c03108bf07060205007107ffff0100000741dda1f2ddcffb69f79ad29beb592d407825849b6b89ede3d4f208b43673df836ba3ef05ec87ebb4485a9eba1bff5bf5589806e73d9e7f6065fdfe0f785c5c74"], 0x104}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000009000000070000000000000700000000002e305f2e00305f00"], &(0x7f0000000500)=""/172, 0x2d, 0xac, 0x0, 0xfffff8d5}, 0x20) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) r13 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r13, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNGETVNETHDRSZ(r13, 0x400454cb, &(0x7f0000000040)) ioctl$TUNSETPERSIST(r13, 0x400454cb, 0x0) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="98030000", @ANYRES16=r1, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r12, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) socket(0x0, 0x0, 0x0) 213.421346ms ago: executing program 0 (id=1875): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000200), 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18050000000000000000000000000000851000000600000018100000", @ANYRES32=r2, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000a60a000000000000180000002020782500000000002020207b0af8ff00000000bd51000000000000070100000097f3410f4248bea80000371c030400000000008500000019000000"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000003e40)=""/222}, 0x90) 0s ago: executing program 0 (id=1876): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x24048000, &(0x7f00000001c0)={0xa, 0x0, 0x0, @remote, 0x307f}, 0x48) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000380)={'wlan0\x00'}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000440)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="4200330000000000080300000001080211000000f80cdf28352000000000000000002d1a00000000000000000000000000000000004300000000000000000000040093000800cd"], 0x6c}}, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.controllers\x00', 0x275a, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r9, &(0x7f0000000200), 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r8, 0x0) r10 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18050000000000000000000000000000851000000600000018100000", @ANYRES32=r10, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000a60a000000000000180000002020782500000000002020207b0af8ff00000000bd51000000000000070100000097f3410f4248bea80000371c03040000000000850000001900000095"], &(0x7f0000000000)='GPL\x00', 0x4, 0xde, &(0x7f0000003e40)=""/222}, 0x90) listen(r3, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000009000000070000000000000700000000002e305f2e00305f00"], &(0x7f0000000500)=""/172, 0x2d, 0xac, 0x0, 0xfffff8d5}, 0x20) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) r12 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r12, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) ioctl$TUNGETVNETHDRSZ(r12, 0x400454cb, &(0x7f0000000040)) ioctl$TUNSETPERSIST(r12, 0x400454cb, 0x0) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000680)=ANY=[@ANYBLOB="98030000", @ANYRES16=r1, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r11, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) socket(0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): erface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 454.145481][ T5138] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 454.177160][ T5138] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 454.178525][T10097] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1336'. [ 454.444782][T10082] netlink: 'syz.0.1331': attribute type 1 has an invalid length. [ 454.460358][T10082] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1331'. [ 454.499378][ T5138] usb 1-1: GET_CAPABILITIES returned 0 [ 454.521971][ T5138] usbtmc 1-1:16.0: can't read capabilities [ 454.645196][ T29] audit: type=1107 audit(1720502299.568:90): pid=10104 uid=0 auid=4294967295 ses=4294967295 subj=_ msg='' [ 454.784978][ T5134] usb 1-1: USB disconnect, device number 33 [ 455.166308][ T29] audit: type=1326 audit(1720502300.076:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10119 comm="syz.3.1343" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc7ecf75bd9 code=0x0 [ 455.307814][T10123] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1342'. [ 455.573945][T10126] netlink: 'syz.0.1344': attribute type 46 has an invalid length. [ 455.624916][T10126] netlink: 'syz.0.1344': attribute type 46 has an invalid length. [ 455.864145][T10130] No such timeout policy "syz0" [ 456.079649][ T29] audit: type=1326 audit(1720502301.002:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10133 comm="syz.3.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7ecf75bd9 code=0x7ffc0000 [ 456.166334][ T29] audit: type=1326 audit(1720502301.032:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10133 comm="syz.3.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7ecf75bd9 code=0x7ffc0000 [ 456.301142][ T29] audit: type=1326 audit(1720502301.052:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10133 comm="syz.3.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fc7ecf75bd9 code=0x7ffc0000 [ 456.333304][ T29] audit: type=1326 audit(1720502301.052:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10133 comm="syz.3.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7ecf75bd9 code=0x7ffc0000 [ 456.371383][ T29] audit: type=1326 audit(1720502301.052:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10133 comm="syz.3.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=129 compat=0 ip=0x7fc7ecf75bd9 code=0x7ffc0000 [ 456.392959][ C0] vkms_vblank_simulate: vblank timer overrun [ 456.416571][ T29] audit: type=1326 audit(1720502301.052:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10133 comm="syz.3.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7ecf75bd9 code=0x7ffc0000 [ 456.451703][ T5135] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 456.466694][ T29] audit: type=1326 audit(1720502301.052:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10133 comm="syz.3.1348" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc7ecf75bd9 code=0x7ffc0000 [ 456.973335][ T5135] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 457.010444][ T5135] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 457.034652][T10151] FAULT_INJECTION: forcing a failure. [ 457.034652][T10151] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 457.041064][ T5135] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 457.048696][T10151] CPU: 1 PID: 10151 Comm: syz.1.1352 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 457.071015][T10151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 457.081119][T10151] Call Trace: [ 457.084436][T10151] [ 457.087400][T10151] dump_stack_lvl+0x241/0x360 [ 457.092136][T10151] ? __pfx_dump_stack_lvl+0x10/0x10 [ 457.097385][T10151] ? __pfx__printk+0x10/0x10 [ 457.102021][T10151] ? __pfx_lock_release+0x10/0x10 [ 457.107096][T10151] should_fail_ex+0x3b0/0x4e0 [ 457.111855][T10151] _copy_from_user+0x2f/0xe0 [ 457.116468][T10151] copy_msghdr_from_user+0xae/0x680 [ 457.121708][T10151] ? _parse_integer_limit+0x1b5/0x200 [ 457.127110][T10151] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 457.132981][T10151] __sys_sendmmsg+0x374/0x740 [ 457.137681][T10151] ? __pfx___sys_sendmmsg+0x10/0x10 [ 457.142923][T10151] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 457.148836][T10151] ? ksys_write+0x23e/0x2c0 [ 457.153357][T10151] ? __pfx_lock_release+0x10/0x10 [ 457.158398][T10151] ? vfs_write+0x7c4/0xc90 [ 457.162859][T10151] ? __mutex_unlock_slowpath+0x21d/0x750 [ 457.168504][T10151] ? __pfx_vfs_write+0x10/0x10 [ 457.173315][T10151] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 457.179327][T10151] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 457.185675][T10151] ? do_syscall_64+0x100/0x230 [ 457.190482][T10151] __x64_sys_sendmmsg+0xa0/0xb0 [ 457.195360][T10151] do_syscall_64+0xf3/0x230 [ 457.199886][T10151] ? clear_bhb_loop+0x35/0x90 [ 457.204585][T10151] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.210497][T10151] RIP: 0033:0x7fe325175bd9 [ 457.214947][T10151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 457.234585][T10151] RSP: 002b:00007fe325e9b048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 457.243018][T10151] RAX: ffffffffffffffda RBX: 00007fe325303f60 RCX: 00007fe325175bd9 [ 457.251087][T10151] RDX: 0000000000000002 RSI: 0000000020010000 RDI: 0000000000000004 [ 457.259070][T10151] RBP: 00007fe325e9b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 457.267050][T10151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 457.275029][T10151] R13: 000000000000000b R14: 00007fe325303f60 R15: 00007ffc42ec9e78 [ 457.283046][T10151] [ 457.287758][ T5135] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 457.297951][ T5135] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 457.314075][ T5135] usb 3-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 457.424011][ T5135] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 457.462324][ T5135] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 457.499869][ T5135] usb 3-1: Product: syz [ 457.522410][ T5135] usb 3-1: Manufacturer: syz [ 457.527104][ T5135] usb 3-1: SerialNumber: syz [ 457.575516][ T5135] cdc_ncm 3-1:1.0: skipping garbage [ 457.623680][T10160] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1355'. [ 457.795212][ T5194] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 458.014206][ T5194] usb 2-1: Using ep0 maxpacket: 8 [ 458.025881][ T5194] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 458.054427][ T5194] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 458.092323][ T5194] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 458.116914][ T5194] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 458.146464][ T5194] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 458.156043][ T5194] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 458.404294][T10157] netlink: 'syz.1.1354': attribute type 1 has an invalid length. [ 458.448793][T10157] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1354'. [ 458.465203][T10138] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 458.478810][ T5194] usb 2-1: GET_CAPABILITIES returned 0 [ 458.491096][ T5194] usbtmc 2-1:16.0: can't read capabilities [ 458.516678][T10138] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 458.740703][ T8] usb 2-1: USB disconnect, device number 48 [ 458.878735][T10138] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 458.928988][T10138] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 459.023852][ T5135] cdc_ncm 3-1:1.0: bind() failure [ 459.046789][ T5135] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71 [ 459.081095][ T5135] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71 [ 459.121852][ T5135] usbtest 3-1:1.1: probe with driver usbtest failed with error -71 [ 459.330624][ T5135] usb 3-1: USB disconnect, device number 37 [ 459.370011][T10183] No such timeout policy "syz0" [ 460.122837][T10192] FAULT_INJECTION: forcing a failure. [ 460.122837][T10192] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 460.177493][ T5095] Bluetooth: hci4: unexpected event for opcode 0x2040 [ 460.185474][T10192] CPU: 0 PID: 10192 Comm: syz.1.1365 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 460.195678][T10192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 460.205749][T10192] Call Trace: [ 460.209041][T10192] [ 460.211979][T10192] dump_stack_lvl+0x241/0x360 [ 460.216688][T10192] ? __pfx_dump_stack_lvl+0x10/0x10 [ 460.221903][T10192] ? __pfx__printk+0x10/0x10 [ 460.226528][T10192] ? __pfx_lock_release+0x10/0x10 [ 460.231566][T10192] should_fail_ex+0x3b0/0x4e0 [ 460.236263][T10192] _copy_from_user+0x2f/0xe0 [ 460.240871][T10192] copy_msghdr_from_user+0xae/0x680 [ 460.246126][T10192] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 460.251983][T10192] __sys_sendmsg+0x23d/0x3a0 [ 460.256609][T10192] ? __pfx___sys_sendmsg+0x10/0x10 [ 460.261734][T10192] ? vfs_write+0x7c4/0xc90 [ 460.266215][T10192] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 460.272562][T10192] ? do_syscall_64+0x100/0x230 [ 460.277361][T10192] ? do_syscall_64+0xb6/0x230 [ 460.282057][T10192] do_syscall_64+0xf3/0x230 [ 460.286580][T10192] ? clear_bhb_loop+0x35/0x90 [ 460.291276][T10192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 460.297183][T10192] RIP: 0033:0x7fe325175bd9 [ 460.301609][T10192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 460.321244][T10192] RSP: 002b:00007fe325e7a048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 460.329667][T10192] RAX: ffffffffffffffda RBX: 00007fe325304038 RCX: 00007fe325175bd9 [ 460.337654][T10192] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000007 [ 460.345631][T10192] RBP: 00007fe325e7a0a0 R08: 0000000000000000 R09: 0000000000000000 [ 460.353612][T10192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 460.361589][T10192] R13: 000000000000006e R14: 00007fe325304038 R15: 00007ffc42ec9e78 [ 460.369612][T10192] [ 460.372772][ C0] vkms_vblank_simulate: vblank timer overrun [ 460.449123][ T29] kauditd_printk_skb: 10 callbacks suppressed [ 460.449145][ T29] audit: type=1326 audit(1720502305.326:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10193 comm="syz.3.1367" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc7ecf75bd9 code=0x0 [ 460.557844][T10197] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1366'. [ 461.185351][ T29] audit: type=1326 audit(1720502306.083:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10211 comm="syz.0.1371" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6a8fd75bd9 code=0x0 [ 461.338171][T10218] bridge0: entered allmulticast mode [ 462.094023][ T57] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 462.410423][ T57] usb 4-1: Using ep0 maxpacket: 8 [ 462.533933][T10234] No such timeout policy "syz0" [ 462.855216][ T57] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 462.872059][ T57] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 462.913298][ T57] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 462.929436][ T57] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 462.951324][ T57] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 462.966401][ T57] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.897891][T10225] netlink: 'syz.3.1374': attribute type 1 has an invalid length. [ 463.936227][T10225] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1374'. [ 463.990905][T10244] tmpfs: Bad value for 'mpol' [ 464.003015][ T57] usb 4-1: GET_CAPABILITIES returned 0 [ 464.031697][ T57] usbtmc 4-1:16.0: can't read capabilities [ 464.106351][T10246] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1380'. [ 464.210817][ T57] usb 4-1: USB disconnect, device number 37 [ 464.323272][ T29] audit: type=1326 audit(1720502309.202:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10250 comm="syz.0.1382" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6a8fd75bd9 code=0x0 [ 464.584154][ T29] audit: type=1326 audit(1720502309.471:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10263 comm="syz.1.1387" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe325175bd9 code=0x0 [ 465.596257][T10284] No such timeout policy "syz0" [ 466.301727][T10286] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1392'. [ 467.796432][T10296] tmpfs: Bad value for 'mpol' [ 468.332445][ T29] audit: type=1326 audit(1720502313.209:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10310 comm="syz.4.1400" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdc8a775bd9 code=0x0 [ 468.423899][ T2955] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 468.476173][ T29] audit: type=1326 audit(1720502313.338:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10321 comm="syz.0.1402" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6a8fd75bd9 code=0x0 [ 468.631597][ T2955] usb 2-1: Using ep0 maxpacket: 8 [ 468.644151][ T2955] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 468.661899][ T2955] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 468.690651][ T2955] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 468.703697][ T2955] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 468.719557][ T2955] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 468.728880][ T2955] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 468.949872][T10307] netlink: 'syz.1.1398': attribute type 1 has an invalid length. [ 468.969383][T10307] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1398'. [ 468.983865][ T2955] usb 2-1: GET_CAPABILITIES returned 0 [ 468.989523][ T2955] usbtmc 2-1:16.0: can't read capabilities [ 469.390597][ T57] usb 2-1: USB disconnect, device number 49 [ 469.454484][T10342] No such timeout policy "syz0" [ 469.846395][T10345] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1406'. [ 469.987417][T10347] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1407'. [ 470.065092][T10347] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1407'. [ 470.372430][T10355] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1410'. [ 470.580911][T10363] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 471.303471][ T29] audit: type=1326 audit(1720502316.169:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10369 comm="syz.4.1414" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdc8a775bd9 code=0x0 [ 471.479669][ T29] audit: type=1326 audit(1720502316.339:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10374 comm="syz.0.1416" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6a8fd75bd9 code=0x0 [ 471.888866][T10389] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1418'. [ 472.210044][T10391] No such timeout policy "syz0" [ 472.501164][ T29] audit: type=1800 audit(1720502317.356:117): pid=10396 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.4.1421" name="/" dev="9p" ino=2 res=0 errno=0 [ 472.718361][T10408] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1425'. [ 472.724363][ T57] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 472.824588][ T5134] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 472.934939][ T57] usb 4-1: Using ep0 maxpacket: 8 [ 473.183363][ T57] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 473.194650][ T57] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 473.208208][ T57] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 473.225060][ T57] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 473.243211][ T57] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 473.255108][ T57] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 473.376218][ T5134] usb 1-1: Using ep0 maxpacket: 16 [ 473.390257][ T5134] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 473.408650][ T5134] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 473.424845][ T5134] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 473.465500][ T5134] usb 1-1: config 0 descriptor?? [ 473.509210][T10395] netlink: 'syz.3.1420': attribute type 1 has an invalid length. [ 473.547716][T10395] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1420'. [ 473.586167][ T57] usb 4-1: GET_CAPABILITIES returned 0 [ 473.619308][ T57] usbtmc 4-1:16.0: can't read capabilities [ 473.753806][T10400] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1423'. [ 473.800436][T10417] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1429'. [ 473.815835][ T5133] usb 4-1: USB disconnect, device number 38 [ 473.911846][T10420] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 473.962314][T10420] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 474.271370][T10424] No such timeout policy "syz0" [ 474.455370][T10400] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1423'. [ 474.489635][T10400] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1423'. [ 474.510638][T10421] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 474.532471][T10421] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 474.566788][ T5134] hid (null): unknown global tag 0xc [ 474.577786][ T5134] hid (null): unknown global tag 0x83 [ 474.585615][ T5134] hid (null): unknown global tag 0xc [ 474.593982][ T5134] hid (null): global environment stack underflow [ 474.630575][ T5134] hid-generic 0003:0158:0100.000C: unknown main item tag 0x1 [ 474.641000][ T5134] hid-generic 0003:0158:0100.000C: unexpected long global item [ 474.667989][ T5134] hid-generic 0003:0158:0100.000C: probe with driver hid-generic failed with error -22 [ 474.871933][ T5133] usb 1-1: USB disconnect, device number 34 [ 474.991437][T10439] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1437'. [ 475.025781][T10439] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1437'. [ 475.187681][T10448] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1439'. [ 475.208505][T10439] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1437'. [ 476.028123][T10456] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 476.050674][T10458] IPVS: sync thread started: state = BACKUP, mcast_ifn = dummy0, syncid = 0, id = 0 [ 476.066771][T10456] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 476.149822][T10461] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1441'. [ 476.478904][ T5095] Bluetooth: hci1: unexpected event 0x17 length: 14 > 6 [ 476.545620][ T2955] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 476.796546][ T2955] usb 2-1: Using ep0 maxpacket: 8 [ 476.823788][ T2955] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 476.865604][ T2955] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 476.886044][ T29] audit: type=1804 audit(1720502321.733:118): pid=10484 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.1450" name="/newroot/26/file0/bus" dev="ramfs" ino=32838 res=1 errno=0 [ 476.896728][ T2955] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 476.965923][ T2955] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 477.043094][ T29] audit: type=1804 audit(1720502321.892:119): pid=10488 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.0.1450" name="/newroot/26/file0/bus" dev="ramfs" ino=32838 res=1 errno=0 [ 477.046955][ T2955] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 477.103185][ T29] audit: type=1800 audit(1720502321.922:120): pid=10484 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.0.1450" name="bus" dev="ramfs" ino=32838 res=0 errno=0 [ 477.120848][ T2955] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 477.357192][T10466] netlink: 'syz.1.1445': attribute type 1 has an invalid length. [ 477.370399][T10466] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1445'. [ 477.389072][ T2955] usb 2-1: GET_CAPABILITIES returned 0 [ 477.394611][ T2955] usbtmc 2-1:16.0: can't read capabilities [ 477.606772][ T2955] usb 2-1: USB disconnect, device number 50 [ 477.770927][T10509] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1454'. [ 478.093408][T10513] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1456'. [ 478.182476][T10516] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xd [ 478.376357][T10520] FAULT_INJECTION: forcing a failure. [ 478.376357][T10520] name failslab, interval 1, probability 0, space 0, times 0 [ 478.753136][T10520] CPU: 1 PID: 10520 Comm: syz.1.1458 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 478.764412][T10520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 478.774664][T10520] Call Trace: [ 478.777958][T10520] [ 478.780914][T10520] dump_stack_lvl+0x241/0x360 [ 478.785790][T10520] ? __pfx_dump_stack_lvl+0x10/0x10 [ 478.791005][T10520] ? __pfx__printk+0x10/0x10 [ 478.795706][T10520] ? __pfx___might_resched+0x10/0x10 [ 478.801006][T10520] should_fail_ex+0x3b0/0x4e0 [ 478.805730][T10520] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 478.811498][T10520] should_failslab+0x9/0x20 [ 478.816043][T10520] __kmalloc_noprof+0xd8/0x400 [ 478.820944][T10520] ? kfree+0x4e/0x360 [ 478.824975][T10520] tomoyo_realpath_from_path+0xcf/0x5e0 [ 478.830599][T10520] tomoyo_path_number_perm+0x23a/0x880 [ 478.836098][T10520] ? tomoyo_path_number_perm+0x208/0x880 [ 478.841764][T10520] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 478.847832][T10520] ? __fget_files+0x29/0x470 [ 478.852456][T10520] ? __fget_files+0x3f6/0x470 [ 478.857169][T10520] ? __fget_files+0x29/0x470 [ 478.861804][T10520] security_file_ioctl+0x75/0xb0 [ 478.866787][T10520] __se_sys_ioctl+0x47/0x170 [ 478.871439][T10520] do_syscall_64+0xf3/0x230 [ 478.875979][T10520] ? clear_bhb_loop+0x35/0x90 [ 478.880691][T10520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 478.886632][T10520] RIP: 0033:0x7fe325175bd9 [ 478.891068][T10520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 478.910737][T10520] RSP: 002b:00007fe325e9b048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 478.919170][T10520] RAX: ffffffffffffffda RBX: 00007fe325303f60 RCX: 00007fe325175bd9 [ 478.927168][T10520] RDX: 0000000000000000 RSI: 00000000000007cb RDI: 0000000000000003 [ 478.935169][T10520] RBP: 00007fe325e9b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 478.943163][T10520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 478.951159][T10520] R13: 000000000000000b R14: 00007fe325303f60 R15: 00007ffc42ec9e78 [ 478.959198][T10520] [ 479.043512][T10520] ERROR: Out of memory at tomoyo_realpath_from_path. [ 479.051569][T10524] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 479.129141][T10524] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 479.343583][ T2955] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 479.379741][T10533] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 479.393057][T10539] x_tables: duplicate underflow at hook 2 [ 479.481614][T10538] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 479.556961][ T2955] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 479.573977][ T2955] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 479.599332][ T2955] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 479.621552][ T2955] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 479.633685][ T2955] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 479.645122][ T2955] usb 1-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 479.662171][ T2955] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 479.678598][ T2955] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 479.688365][ T2955] usb 1-1: Product: syz [ 479.692577][ T2955] usb 1-1: Manufacturer: syz [ 479.697536][ T2955] usb 1-1: SerialNumber: syz [ 479.716740][ T2955] cdc_ncm 1-1:1.0: skipping garbage [ 479.932458][T10552] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1467'. [ 480.269233][T10559] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1470'. [ 480.609578][T10526] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 480.627081][T10526] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 480.714404][T10573] FAULT_INJECTION: forcing a failure. [ 480.714404][T10573] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 480.727750][T10573] CPU: 1 PID: 10573 Comm: syz.2.1472 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 480.737936][T10573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 480.748016][T10573] Call Trace: [ 480.751315][T10573] [ 480.754284][T10573] dump_stack_lvl+0x241/0x360 [ 480.759031][T10573] ? __pfx_dump_stack_lvl+0x10/0x10 [ 480.764278][T10573] ? __pfx__printk+0x10/0x10 [ 480.768905][T10573] ? __pfx_lock_release+0x10/0x10 [ 480.773972][T10573] should_fail_ex+0x3b0/0x4e0 [ 480.778692][T10573] _copy_from_user+0x2f/0xe0 [ 480.783310][T10573] copy_msghdr_from_user+0xae/0x680 [ 480.788554][T10573] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 480.794420][T10573] __sys_sendmsg+0x23d/0x3a0 [ 480.799049][T10573] ? __pfx___sys_sendmsg+0x10/0x10 [ 480.804238][T10573] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 480.810596][T10573] ? do_syscall_64+0x100/0x230 [ 480.815410][T10573] ? do_syscall_64+0xb6/0x230 [ 480.820132][T10573] do_syscall_64+0xf3/0x230 [ 480.824671][T10573] ? clear_bhb_loop+0x35/0x90 [ 480.829387][T10573] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.835313][T10573] RIP: 0033:0x7f76c3f75bd9 [ 480.839755][T10573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 480.859404][T10573] RSP: 002b:00007f76c39ff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 480.867860][T10573] RAX: ffffffffffffffda RBX: 00007f76c4104110 RCX: 00007f76c3f75bd9 [ 480.875858][T10573] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000006 [ 480.883856][T10573] RBP: 00007f76c39ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 480.891853][T10573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 480.899849][T10573] R13: 000000000000006e R14: 00007f76c4104110 R15: 00007fffe0f2f838 [ 480.907869][T10573] [ 481.540866][T10526] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 481.593528][T10526] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 481.651733][ T2955] cdc_ncm 1-1:1.0: bind() failure [ 481.659833][T10584] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 481.679913][ T2955] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71 [ 481.702007][ T2955] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71 [ 481.713016][T10584] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 481.762719][ T2955] usbtest 1-1:1.1: probe with driver usbtest failed with error -71 [ 481.793050][ T2955] usb 1-1: USB disconnect, device number 35 [ 481.816398][T10587] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1478'. [ 482.081949][T10591] FAULT_INJECTION: forcing a failure. [ 482.081949][T10591] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 482.103250][T10591] CPU: 1 PID: 10591 Comm: syz.2.1480 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 482.113473][T10591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 482.123567][T10591] Call Trace: [ 482.126885][T10591] [ 482.129850][T10591] dump_stack_lvl+0x241/0x360 [ 482.134592][T10591] ? __pfx_dump_stack_lvl+0x10/0x10 [ 482.139854][T10591] ? __pfx__printk+0x10/0x10 [ 482.144500][T10591] ? __pfx_lock_release+0x10/0x10 [ 482.149570][T10591] ? vfs_write+0x7c4/0xc90 [ 482.154069][T10591] should_fail_ex+0x3b0/0x4e0 [ 482.158825][T10591] _copy_from_user+0x2f/0xe0 [ 482.163458][T10591] __sys_bpf+0x1a4/0x810 [ 482.167737][T10591] ? __pfx___sys_bpf+0x10/0x10 [ 482.172532][T10591] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 482.178524][T10591] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 482.184860][T10591] ? do_syscall_64+0x100/0x230 [ 482.189657][T10591] __x64_sys_bpf+0x7c/0x90 [ 482.194093][T10591] do_syscall_64+0xf3/0x230 [ 482.198615][T10591] ? clear_bhb_loop+0x35/0x90 [ 482.203311][T10591] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 482.209321][T10591] RIP: 0033:0x7f76c3f75bd9 [ 482.213751][T10591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 482.233377][T10591] RSP: 002b:00007f76c4c85048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 482.241803][T10591] RAX: ffffffffffffffda RBX: 00007f76c4103f60 RCX: 00007f76c3f75bd9 [ 482.249789][T10591] RDX: 000000000000000d RSI: 0000000020000000 RDI: 000000000000001c [ 482.257786][T10591] RBP: 00007f76c4c850a0 R08: 0000000000000000 R09: 0000000000000000 [ 482.265773][T10591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 482.273753][T10591] R13: 000000000000000b R14: 00007f76c4103f60 R15: 00007fffe0f2f838 [ 482.281747][T10591] [ 482.569479][T10597] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1482'. [ 482.709349][T10603] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1483'. [ 483.053763][ T57] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 483.414168][ T57] usb 5-1: Using ep0 maxpacket: 32 [ 483.465158][ T57] usb 5-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 483.484238][ T57] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 483.511508][ T5095] Bluetooth: hci0: command 0x0406 tx timeout [ 483.512226][ T57] usb 5-1: Product: syz [ 483.561424][ T57] usb 5-1: Manufacturer: syz [ 483.567435][ T57] usb 5-1: SerialNumber: syz [ 483.581398][ T57] usb 5-1: config 0 descriptor?? [ 483.810341][ T57] RobotFuzz Open Source InterFace, OSIF 5-1:0.0: failure sending bit rate [ 483.830241][ T57] RobotFuzz Open Source InterFace, OSIF 5-1:0.0: probe with driver RobotFuzz Open Source InterFace, OSIF failed with error -71 [ 483.909629][ T57] usb 5-1: USB disconnect, device number 20 [ 483.964370][T10626] bridge0: port 2(bridge_slave_1) entered disabled state [ 483.972423][T10626] bridge0: port 1(bridge_slave_0) entered disabled state [ 484.143577][T10628] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1489'. [ 484.760075][ T2955] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 484.961428][ T2955] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 485.000448][ T5138] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 485.032484][ T2955] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 485.076809][ T2955] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 485.107540][ T2955] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 485.134177][ T2955] usb 1-1: SerialNumber: syz [ 485.241927][ T5138] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 485.278495][ T5138] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 485.297228][ T5138] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 485.322630][ T5138] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 485.403808][ T5138] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 485.424518][ T2955] usb 1-1: 0:2 : does not exist [ 485.433610][ T2955] usb 1-1: unit 5 not found! [ 485.438540][ T5138] usb 2-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 485.495242][ T5138] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 485.509892][ T2955] usb 1-1: USB disconnect, device number 36 [ 485.520022][ T5138] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 485.537642][ T5138] usb 2-1: Product: syz [ 485.543642][ T5138] usb 2-1: Manufacturer: syz [ 485.564614][ T5138] usb 2-1: SerialNumber: syz [ 485.606913][ T5138] cdc_ncm 2-1:1.0: skipping garbage [ 485.812574][ T9324] udevd[9324]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 485.845353][T10643] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 485.914125][T10643] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 486.069843][T10649] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1496'. [ 486.260040][ T4477] Bluetooth: hci0: unexpected event 0x2f length: 509 > 260 [ 486.337293][T10656] netlink: 'syz.0.1498': attribute type 12 has an invalid length. [ 486.423882][T10636] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 486.440686][T10636] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 486.665555][T10636] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 486.692691][T10636] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 486.709346][ T5138] cdc_ncm 2-1:1.0: bind() failure [ 486.737380][ T5138] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 486.772184][T10661] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1500'. [ 486.809627][ T5138] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 486.842740][ T5138] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 486.888942][ T5138] usb 2-1: USB disconnect, device number 51 [ 487.739380][T10682] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1506'. [ 487.777726][T10682] smk_cipso_doi:708 cipso add rc = -22 [ 488.187608][T10689] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 488.466810][T10689] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 489.337088][T10703] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1512'. [ 489.553378][T10709] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1513'. [ 490.110577][ T57] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 490.231643][T10719] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xd [ 490.382257][ T57] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 490.421184][ T57] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 490.463348][ T57] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 490.511710][ T57] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 490.552118][ T57] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 490.584985][ T57] usb 5-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 490.629318][ T57] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 490.657501][ T57] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 490.682081][ T57] usb 5-1: Product: syz [ 490.686320][ T57] usb 5-1: Manufacturer: syz [ 490.691133][ T57] usb 5-1: SerialNumber: syz [ 490.737337][ T57] cdc_ncm 5-1:1.0: skipping garbage [ 491.233135][ T5134] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 491.386002][ T5134] usb 1-1: device descriptor read/64, error -71 [ 491.865832][T10715] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 491.910335][T10715] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 492.003436][T10742] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1524'. [ 492.025137][ T5134] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 492.158889][T10715] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 492.178224][T10715] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 492.195881][ T5134] usb 1-1: device descriptor read/64, error -71 [ 492.231619][ T57] cdc_ncm 5-1:1.0: bind() failure [ 492.259319][T10744] FAULT_INJECTION: forcing a failure. [ 492.259319][T10744] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 492.285805][ T57] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71 [ 492.315807][ T5134] usb usb1-port1: attempt power cycle [ 492.321552][ T57] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71 [ 492.337664][T10744] CPU: 0 PID: 10744 Comm: syz.2.1525 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 492.347897][T10744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 492.357984][T10744] Call Trace: [ 492.361288][T10744] [ 492.364242][T10744] dump_stack_lvl+0x241/0x360 [ 492.368960][T10744] ? __pfx_dump_stack_lvl+0x10/0x10 [ 492.374183][T10744] ? __pfx__printk+0x10/0x10 [ 492.378810][T10744] ? ip_mroute_setsockopt+0x15b/0x1190 [ 492.384291][T10744] should_fail_ex+0x3b0/0x4e0 [ 492.388991][T10744] _copy_from_user+0x2f/0xe0 [ 492.393595][T10744] copy_from_sockptr+0x62/0xa0 [ 492.398375][T10744] ip_mroute_setsockopt+0x77a/0x1190 [ 492.403682][T10744] ? __pfx_ip_mroute_setsockopt+0x10/0x10 [ 492.409429][T10744] ? mark_lock+0x9a/0x350 [ 492.413797][T10744] do_ip_setsockopt+0x129f/0x3cd0 [ 492.418859][T10744] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 492.424269][T10744] ? __pfx_lock_acquire+0x10/0x10 [ 492.429312][T10744] ip_setsockopt+0x63/0x100 [ 492.433831][T10744] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 492.439735][T10744] do_sock_setsockopt+0x3af/0x720 [ 492.444774][T10744] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 492.450332][T10744] ? __fget_files+0x29/0x470 [ 492.454931][T10744] ? __fget_files+0x3f6/0x470 [ 492.459624][T10744] __sys_setsockopt+0x1ae/0x250 [ 492.464493][T10744] __x64_sys_setsockopt+0xb5/0xd0 [ 492.469534][T10744] do_syscall_64+0xf3/0x230 [ 492.474056][T10744] ? clear_bhb_loop+0x35/0x90 [ 492.478761][T10744] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 492.484668][T10744] RIP: 0033:0x7f76c3f75bd9 [ 492.489114][T10744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 492.508729][T10744] RSP: 002b:00007f76c4c85048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 492.517160][T10744] RAX: ffffffffffffffda RBX: 00007f76c4103f60 RCX: 00007f76c3f75bd9 [ 492.525158][T10744] RDX: 00000000000000d4 RSI: 0000000000000000 RDI: 0000000000000003 [ 492.533140][T10744] RBP: 00007f76c4c850a0 R08: 0000000000000004 R09: 0000000000000000 [ 492.541118][T10744] R10: 0000000020000900 R11: 0000000000000246 R12: 0000000000000001 [ 492.549097][T10744] R13: 000000000000000b R14: 00007f76c4103f60 R15: 00007fffe0f2f838 [ 492.557095][T10744] [ 492.574775][ T57] usbtest 5-1:1.1: probe with driver usbtest failed with error -71 [ 492.594088][ T57] usb 5-1: USB disconnect, device number 21 [ 492.620413][T10746] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 492.672051][T10746] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 492.769297][T10751] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1528'. [ 492.911403][ T5138] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 493.007139][ T5134] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 493.053097][ T5134] usb 1-1: device descriptor read/8, error -71 [ 493.133985][ T5138] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 493.155342][ T5138] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 493.197810][ T5138] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 493.214382][ T5138] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 493.238797][ T5138] usb 2-1: Product: syz [ 493.245368][ T5138] usb 2-1: Manufacturer: syz [ 493.274394][ T5138] usb 2-1: SerialNumber: syz [ 493.368003][ T5134] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 493.369139][ T5138] cdc_ncm 2-1:1.0: skipping garbage [ 493.433496][ T5134] usb 1-1: device descriptor read/8, error -71 [ 493.598254][ T5134] usb usb1-port1: unable to enumerate USB device [ 494.079364][T10771] overlayfs: conflicting lowerdir path [ 494.198254][T10748] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 494.240494][T10748] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 494.497833][T10748] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 494.556329][T10748] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 494.731387][T10781] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 494.752363][T10781] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 494.786201][ T5138] cdc_ncm 2-1:1.0: bind() failure [ 494.821854][ T5138] cdc_ncm 2-1:1.1: probe with driver cdc_ncm failed with error -71 [ 494.840882][ T5138] cdc_mbim 2-1:1.1: probe with driver cdc_mbim failed with error -71 [ 494.869579][ T5138] usbtest 2-1:1.1: probe with driver usbtest failed with error -71 [ 494.900121][ T5138] usb 2-1: USB disconnect, device number 52 [ 495.741967][T10791] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1540'. [ 495.877890][T10791] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1540'. [ 495.953640][ T2955] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 495.987884][T10800] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 496.022832][T10800] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 496.056909][ T5138] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 496.147562][ T2955] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 496.157991][ T2955] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 496.168716][ T2955] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 496.182503][ T2955] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 496.193608][ T2955] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 496.205911][ T2955] usb 5-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 496.232393][ T2955] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 496.251935][ T2955] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.263537][ T2955] usb 5-1: Product: syz [ 496.271455][ T2955] usb 5-1: Manufacturer: syz [ 496.281594][ T2955] usb 5-1: SerialNumber: syz [ 496.286358][ T5138] usb 1-1: Using ep0 maxpacket: 32 [ 496.296773][ T5138] usb 1-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 496.318378][ T2955] cdc_ncm 5-1:1.0: skipping garbage [ 496.329173][ T5138] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 496.355314][ T5138] usb 1-1: config 0 descriptor?? [ 496.373516][ T5138] gspca_main: sunplus-2.14.0 probing 041e:400b [ 496.404803][ T5133] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 496.584808][ T5133] usb 2-1: device descriptor read/64, error -71 [ 496.865493][ T5133] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 496.921642][ T5138] gspca_sunplus: reg_r err -71 [ 496.949676][ T5138] sunplus 1-1:0.0: probe with driver sunplus failed with error -71 [ 496.984329][ T5138] usb 1-1: USB disconnect, device number 41 [ 497.036101][ T5133] usb 2-1: device descriptor read/64, error -71 [ 497.149679][T10792] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 497.167859][T10792] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 497.169612][ T5133] usb usb2-port1: attempt power cycle [ 497.469184][T10792] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 497.494663][T10826] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 497.505292][T10792] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 497.528950][ T2955] cdc_ncm 5-1:1.0: bind() failure [ 497.553789][ T2955] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71 [ 497.557340][T10826] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 497.572682][ T2955] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71 [ 497.593145][ T2955] usbtest 5-1:1.1: probe with driver usbtest failed with error -71 [ 497.607089][ T5133] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 497.635076][ T2955] usb 5-1: USB disconnect, device number 22 [ 497.657749][ T5133] usb 2-1: device descriptor read/8, error -71 [ 497.727926][T10831] FAULT_INJECTION: forcing a failure. [ 497.727926][T10831] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 497.757280][T10831] CPU: 1 PID: 10831 Comm: syz.3.1550 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 497.767507][T10831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 497.777610][T10831] Call Trace: [ 497.780936][T10831] [ 497.783896][T10831] dump_stack_lvl+0x241/0x360 [ 497.788630][T10831] ? __pfx_dump_stack_lvl+0x10/0x10 [ 497.793859][T10831] ? __pfx__printk+0x10/0x10 [ 497.798473][T10831] ? snprintf+0xda/0x120 [ 497.802762][T10831] should_fail_ex+0x3b0/0x4e0 [ 497.807486][T10831] _copy_to_user+0x2f/0xb0 [ 497.811942][T10831] simple_read_from_buffer+0xca/0x150 [ 497.817347][T10831] proc_fail_nth_read+0x1e9/0x250 [ 497.822417][T10831] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 497.827989][T10831] ? rw_verify_area+0x520/0x6b0 [ 497.832856][T10831] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 497.838417][T10831] vfs_read+0x204/0xbc0 [ 497.842618][T10831] ? __pfx_lock_release+0x10/0x10 [ 497.847680][T10831] ? do_sock_setsockopt+0x3e2/0x720 [ 497.852933][T10831] ? __pfx_vfs_read+0x10/0x10 [ 497.857648][T10831] ? __fget_files+0x29/0x470 [ 497.862273][T10831] ? __fget_files+0x3f6/0x470 [ 497.866988][T10831] ksys_read+0x1a0/0x2c0 [ 497.871267][T10831] ? __pfx_ksys_read+0x10/0x10 [ 497.876084][T10831] ? do_syscall_64+0x100/0x230 [ 497.880891][T10831] ? do_syscall_64+0xb6/0x230 [ 497.885621][T10831] do_syscall_64+0xf3/0x230 [ 497.890166][T10831] ? clear_bhb_loop+0x35/0x90 [ 497.894894][T10831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 497.900812][T10831] RIP: 0033:0x7fc7ecf746bc [ 497.905241][T10831] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 497.924854][T10831] RSP: 002b:00007fc7edd3e040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 497.933276][T10831] RAX: ffffffffffffffda RBX: 00007fc7ed104038 RCX: 00007fc7ecf746bc [ 497.941260][T10831] RDX: 000000000000000f RSI: 00007fc7edd3e0b0 RDI: 0000000000000004 [ 497.949256][T10831] RBP: 00007fc7edd3e0a0 R08: 0000000000000000 R09: 0000000000000000 [ 497.957238][T10831] R10: 0000000020000300 R11: 0000000000000246 R12: 0000000000000001 [ 497.965226][T10831] R13: 000000000000006e R14: 00007fc7ed104038 R15: 00007ffc3cfdcb88 [ 497.973228][T10831] [ 498.148216][ T5133] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 498.188967][ T5133] usb 2-1: device descriptor read/8, error -71 [ 498.309053][ T5133] usb usb2-port1: unable to enumerate USB device [ 498.359173][T10842] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1554'. [ 498.509978][T10842] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1554'. [ 499.450829][T10852] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 499.510730][T10853] IPVS: sync thread started: state = BACKUP, mcast_ifn = dummy0, syncid = 0, id = 0 [ 499.527155][T10852] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 499.631163][ T5134] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 499.841632][ T5134] usb 5-1: Using ep0 maxpacket: 8 [ 499.851142][ T5134] usb 5-1: config 0 has an invalid interface number: 221 but max is 0 [ 499.870035][ T5134] usb 5-1: config 0 has no interface number 0 [ 499.893573][ T5134] usb 5-1: too many endpoints for config 0 interface 221 altsetting 230: 203, using maximum allowed: 30 [ 499.944247][ T5134] usb 5-1: config 0 interface 221 altsetting 230 has 0 endpoint descriptors, different from the interface descriptor's value: 203 [ 499.963424][ T5134] usb 5-1: config 0 interface 221 has no altsetting 0 [ 499.999036][ T5134] usb 5-1: New USB device found, idVendor=0af0, idProduct=d033, bcdDevice=e0.05 [ 500.016780][ T5134] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 500.031500][ T5134] usb 5-1: Product: syz [ 500.036684][ T5134] usb 5-1: Manufacturer: syz [ 500.041445][ T5134] usb 5-1: SerialNumber: syz [ 500.063283][ T5134] usb 5-1: config 0 descriptor?? [ 500.076885][ T5134] hso 5-1:0.221: Not our interface [ 501.977250][T10886] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 502.003265][T10886] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 502.125910][ T5134] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 502.316293][ T5134] usb 2-1: Using ep0 maxpacket: 16 [ 502.323556][ T5134] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 502.335777][ T5134] usb 2-1: config 0 has no interfaces? [ 502.347488][ T5134] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 502.357135][ T5134] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 502.381232][ T5134] usb 2-1: config 0 descriptor?? [ 502.478854][T10888] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1566'. [ 502.617930][ T5134] usb 5-1: USB disconnect, device number 23 [ 502.647499][T10888] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1566'. [ 502.929326][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.935932][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.758048][ T4477] Bluetooth: hci2: unexpected event for opcode 0x6160 [ 503.830415][T10899] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 503.895556][T10899] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 503.968024][T10903] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 504.028354][T10903] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 504.818404][T10917] fuse: Unknown parameter '017777777777777777777770xffffffffffffffff' [ 505.001624][T10917] netlink: 'syz.2.1573': attribute type 1 has an invalid length. [ 505.010072][T10917] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1573'. [ 505.047225][ T5134] usb 2-1: USB disconnect, device number 57 [ 505.101192][T10917] 9pnet_fd: Insufficient options for proto=fd [ 505.362614][T10930] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 505.422417][ T2955] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 505.616109][ T2955] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 505.637827][ T2955] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 505.672386][ T2955] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 505.692585][ T2955] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 505.714627][ T2955] usb 5-1: Product: syz [ 505.722027][ T2955] usb 5-1: Manufacturer: syz [ 505.730886][ T2955] usb 5-1: SerialNumber: syz [ 505.759772][ T2955] cdc_ncm 5-1:1.0: skipping garbage [ 506.069198][T10941] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1580'. [ 506.406970][T10947] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1581'. [ 506.453749][T10947] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1581'. [ 506.577520][T10925] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 506.609604][T10925] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 506.873302][T10952] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 506.936961][T10952] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 506.944511][T10925] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 507.011355][T10925] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 507.259669][ T2955] cdc_ncm 5-1:1.0: bind() failure [ 507.322088][ T2955] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71 [ 507.345119][ T2955] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71 [ 507.418425][ T2955] usbtest 5-1:1.1: probe with driver usbtest failed with error -71 [ 507.475289][ T2955] usb 5-1: USB disconnect, device number 24 [ 508.257094][T10975] bridge0: port 2(bridge_slave_1) entered disabled state [ 508.265368][T10975] bridge0: port 1(bridge_slave_0) entered disabled state [ 508.428756][T10968] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1587'. [ 508.466186][T10968] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1587'. [ 508.605891][T10968] bridge0: port 2(bridge_slave_1) entered blocking state [ 508.613257][T10968] bridge0: port 2(bridge_slave_1) entered forwarding state [ 508.621161][T10968] bridge0: port 1(bridge_slave_0) entered blocking state [ 508.628453][T10968] bridge0: port 1(bridge_slave_0) entered forwarding state [ 508.675998][T10968] bridge0: entered promiscuous mode [ 508.779032][T10983] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 508.798241][ T8] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 509.000543][ T8] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 509.044421][ T8] usb 4-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 509.061425][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 509.109527][ T8] usb 4-1: config 0 descriptor?? [ 509.349435][ T5134] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 509.432469][T10991] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1593'. [ 509.531794][ T8] usb 4-1: USB disconnect, device number 39 [ 509.538380][T10991] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1593'. [ 509.561090][ T5134] usb 3-1: device descriptor read/64, error -71 [ 509.880039][ T5134] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 510.059759][ T5134] usb 3-1: device descriptor read/64, error -71 [ 510.201227][ T5134] usb usb3-port1: attempt power cycle [ 510.661503][ T5134] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 510.722689][ T5134] usb 3-1: device descriptor read/8, error -71 [ 511.021953][ T5134] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 511.075904][ T5134] usb 3-1: device descriptor read/8, error -71 [ 511.182580][ T2955] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 511.232430][ T5134] usb usb3-port1: unable to enumerate USB device [ 511.384816][ T2955] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 511.412677][ T2955] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 511.449159][ T2955] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 511.472195][ T2955] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 511.490684][ T2955] usb 5-1: Product: syz [ 511.502630][ T2955] usb 5-1: Manufacturer: syz [ 511.510954][ T2955] usb 5-1: SerialNumber: syz [ 511.549021][ T2955] cdc_ncm 5-1:1.0: skipping garbage [ 512.823531][T11023] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 512.896859][T11023] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 513.006066][T11030] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1605'. [ 513.217279][T11013] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 513.413665][T11013] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 513.425523][T11030] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1605'. [ 513.669144][ T2955] cdc_ncm 5-1:1.0: bind() failure [ 513.687319][T11034] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 513.700023][ T2955] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71 [ 513.745409][ T2955] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71 [ 513.779295][T11034] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 513.785628][ T2955] usbtest 5-1:1.1: probe with driver usbtest failed with error -71 [ 513.845915][ T2955] usb 5-1: USB disconnect, device number 25 [ 515.571811][ T5134] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 515.790819][ T5134] usb 4-1: device descriptor read/64, error -71 [ 515.970249][ T5095] Bluetooth: hci1: command 0x0406 tx timeout [ 516.097994][ T5134] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 516.360513][ T5134] usb 4-1: device descriptor read/64, error -71 [ 516.488386][ T5134] usb usb4-port1: attempt power cycle [ 516.619001][T11078] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1618'. [ 516.698269][T11078] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1618'. [ 516.941746][ T5134] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 517.035424][ T5134] usb 4-1: device descriptor read/8, error -71 [ 517.471602][T11090] No such timeout policy "syz0" [ 517.476887][ T5134] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 517.515691][ T5134] usb 4-1: device descriptor read/8, error -71 [ 517.665355][ T5134] usb usb4-port1: unable to enumerate USB device [ 517.723525][ T5133] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 518.261745][ T5133] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 518.303595][ T5133] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 518.362135][ T5133] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 518.388320][ T5133] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 518.408953][ T5133] usb 5-1: Product: syz [ 518.413167][ T5133] usb 5-1: Manufacturer: syz [ 518.432729][ T5133] usb 5-1: SerialNumber: syz [ 518.475283][ T5133] cdc_ncm 5-1:1.0: skipping garbage [ 518.846424][T11112] FAULT_INJECTION: forcing a failure. [ 518.846424][T11112] name failslab, interval 1, probability 0, space 0, times 0 [ 518.859929][T11112] CPU: 1 PID: 11112 Comm: syz.1.1626 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 518.870132][T11112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 518.880222][T11112] Call Trace: [ 518.883532][T11112] [ 518.886505][T11112] dump_stack_lvl+0x241/0x360 [ 518.891242][T11112] ? __pfx_dump_stack_lvl+0x10/0x10 [ 518.896488][T11112] ? __pfx__printk+0x10/0x10 [ 518.901131][T11112] ? __pfx___might_resched+0x10/0x10 [ 518.906460][T11112] should_fail_ex+0x3b0/0x4e0 [ 518.911191][T11112] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 518.916944][T11112] should_failslab+0x9/0x20 [ 518.921466][T11112] __kmalloc_noprof+0xd8/0x400 [ 518.926244][T11112] ? kfree+0x4e/0x360 [ 518.930244][T11112] tomoyo_realpath_from_path+0xcf/0x5e0 [ 518.935833][T11112] tomoyo_path_number_perm+0x23a/0x880 [ 518.941311][T11112] ? tomoyo_path_number_perm+0x208/0x880 [ 518.946958][T11112] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 518.952990][T11112] ? __pfx_hook_file_ioctl+0x10/0x10 [ 518.958285][T11112] ? __se_sys_ioctl+0x30/0x170 [ 518.963066][T11112] ? hook_file_ioctl+0x3c/0x2d0 [ 518.967934][T11112] security_file_ioctl+0x75/0xb0 [ 518.972886][T11112] __se_sys_ioctl+0x47/0x170 [ 518.977496][T11112] do_syscall_64+0xf3/0x230 [ 518.982022][T11112] ? clear_bhb_loop+0x35/0x90 [ 518.986723][T11112] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.992633][T11112] RIP: 0033:0x7fe325175bd9 [ 518.997055][T11112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 519.016669][T11112] RSP: 002b:00007fe325e7a048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 519.025182][T11112] RAX: ffffffffffffffda RBX: 00007fe325304038 RCX: 00007fe325175bd9 [ 519.033159][T11112] RDX: 0000000020000800 RSI: 00000000c00c642e RDI: 0000000000000008 [ 519.041136][T11112] RBP: 00007fe325e7a0a0 R08: 0000000000000000 R09: 0000000000000000 [ 519.049117][T11112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 519.057091][T11112] R13: 000000000000006e R14: 00007fe325304038 R15: 00007ffc42ec9e78 [ 519.065083][T11112] [ 519.071145][T11117] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xd [ 519.085255][T11112] ERROR: Out of memory at tomoyo_realpath_from_path. [ 519.513218][T11089] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 519.552946][T11089] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 519.749565][T11125] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1630'. [ 519.771878][T11125] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1630'. [ 519.777874][T11123] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 519.814823][T11125] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1630'. [ 519.852728][T11089] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 519.858795][T11123] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 519.882118][T11089] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 520.117105][ T5133] cdc_ncm 5-1:1.0: bind() failure [ 520.134316][ T5133] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71 [ 520.152859][ T5133] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71 [ 520.175537][ T5133] usbtest 5-1:1.1: probe with driver usbtest failed with error -71 [ 520.213679][ T5133] usb 5-1: USB disconnect, device number 26 [ 521.362031][T11148] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 521.458390][T11150] netlink: 'syz.3.1638': attribute type 4 has an invalid length. [ 521.553518][T11150] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1638'. [ 522.130078][T11166] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1642'. [ 522.163146][ T5133] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 522.179721][T11166] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1642'. [ 522.267874][T11166] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1642'. [ 522.377310][ T5133] usb 4-1: Using ep0 maxpacket: 32 [ 522.402085][ T5133] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 522.430667][ T5133] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 522.463357][ T5133] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 522.610851][ T5133] usb 4-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 522.647158][ T5133] usb 4-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 522.667725][T11174] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 522.690593][ T5133] usb 4-1: Product: syz [ 522.694825][ T5133] usb 4-1: Manufacturer: syz [ 522.699465][ T5133] usb 4-1: SerialNumber: syz [ 522.722919][T11164] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 522.738389][T11174] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 522.767799][ T5133] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input26 [ 522.813518][T11179] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 522.857204][ C1] appletouch 4-1:1.0: atp_complete: usb_submit_urb failed with result -1 [ 522.907653][T11179] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 522.951088][ T5134] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 523.150620][ T5134] usb 1-1: Using ep0 maxpacket: 32 [ 523.161020][ T5134] usb 1-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 523.170491][ T5134] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 523.178610][ T5134] usb 1-1: Product: syz [ 523.183304][ T5134] usb 1-1: Manufacturer: syz [ 523.193444][ T5134] usb 1-1: SerialNumber: syz [ 523.204829][ T5134] usb 1-1: config 0 descriptor?? [ 523.417603][ T5134] RobotFuzz Open Source InterFace, OSIF 1-1:0.0: failure sending bit rate [ 523.440466][ T5134] RobotFuzz Open Source InterFace, OSIF 1-1:0.0: probe with driver RobotFuzz Open Source InterFace, OSIF failed with error -71 [ 523.491613][ T5134] usb 1-1: USB disconnect, device number 42 [ 524.040128][ T5082] usb 4-1: USB disconnect, device number 44 [ 524.164870][ T5082] appletouch 4-1:1.0: input: appletouch disconnected [ 524.580098][T11195] netlink: 'syz.0.1652': attribute type 2 has an invalid length. [ 525.363945][ T5136] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 525.599643][ T5136] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 525.621032][ T5136] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 525.644610][ T5136] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 525.668198][ T5136] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 525.687121][ T5136] usb 1-1: SerialNumber: syz [ 525.922129][ T5136] usb 1-1: 0:2 : does not exist [ 525.931584][ T5136] usb 1-1: unit 5 not found! [ 525.949270][ T5136] usb 1-1: USB disconnect, device number 43 [ 526.176675][T11217] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1657'. [ 526.203743][ T9324] udevd[9324]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 526.242259][T11217] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1657'. [ 526.405142][T11217] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1657'. [ 526.435950][T11226] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 526.586241][T11226] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 527.263930][T11239] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1664'. [ 527.657367][ T5136] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 527.827022][T11256] capability: warning: `syz.2.1666' uses deprecated v2 capabilities in a way that may be insecure [ 528.069536][ T5136] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 528.082805][ T5136] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 528.099332][ T5136] usb 5-1: New USB device found, idVendor=258a, idProduct=6a88, bcdDevice= 0.00 [ 528.117957][ T5136] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.135842][ T5136] usb 5-1: config 0 descriptor?? [ 528.626872][ T5136] usbhid 5-1:0.0: can't add hid device: -71 [ 528.654187][ T5136] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 528.700662][ T5136] usb 5-1: USB disconnect, device number 27 [ 529.873948][T11285] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 529.946252][T11285] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 530.266034][ T5133] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 530.486211][ T5133] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 530.509122][ T5133] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 530.535502][ T5133] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 530.550446][ T5133] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 530.586748][ T5133] usb 3-1: SerialNumber: syz [ 530.600418][ T45] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 530.809613][ T45] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 530.841655][ T5133] usb 3-1: 0:2 : does not exist [ 530.846843][ T5133] usb 3-1: unit 5 not found! [ 530.862904][ T45] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 530.900328][ T45] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 530.923540][ T45] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 530.932622][ T5133] usb 3-1: USB disconnect, device number 42 [ 530.949901][ T45] usb 2-1: SerialNumber: syz [ 531.180103][ T45] usb 2-1: 0:2 : does not exist [ 531.197840][ T45] usb 2-1: unit 5 not found! [ 531.215210][ T9324] udevd[9324]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 531.275420][ T45] usb 2-1: USB disconnect, device number 58 [ 531.545761][ T5184] udevd[5184]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 531.801857][ T5136] usb 4-1: new full-speed USB device number 45 using dummy_hcd [ 532.025082][ T5136] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 532.085746][ T5136] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.164580][ T5136] usb 4-1: config 0 descriptor?? [ 532.315271][T11336] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1689'. [ 532.332069][T11336] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1689'. [ 532.673266][T11343] syz.2.1691: attempt to access beyond end of device [ 532.673266][T11343] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 532.718301][T11344] syz.2.1691: attempt to access beyond end of device [ 532.718301][T11344] nbd2: rw=0, sector=0, nr_sectors = 1 limit=0 [ 533.725379][T11358] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1696'. [ 533.879154][T11360] netlink: 'syz.0.1697': attribute type 2 has an invalid length. [ 533.907363][T11360] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1697'. [ 533.980383][T11358] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1696'. [ 534.076363][ T5136] pegasus 4-1:0.0: setup Pegasus II specific registers [ 534.272156][ T5136] pegasus 4-1:0.0: can't locate MII phy, using default [ 534.373007][ T5136] pegasus 4-1:0.0: eth1, ELECOM USB Ethernet LD-USB20, 8e:eb:45:3a:5e:f4 [ 534.425094][ T5136] usb 4-1: USB disconnect, device number 45 [ 534.575315][ T45] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 534.779676][ T45] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 534.792435][ T45] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 534.820767][ T45] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 534.831766][ T45] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 534.842511][ T45] usb 1-1: SerialNumber: syz [ 535.106309][ T45] usb 1-1: 0:2 : does not exist [ 535.117411][ T45] usb 1-1: unit 5 not found! [ 535.158327][ T45] usb 1-1: USB disconnect, device number 44 [ 535.428509][ T9324] udevd[9324]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 536.145513][T11396] bridge0: port 2(bridge_slave_1) entered disabled state [ 536.387315][ T8] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 536.618907][ T8] usb 4-1: Using ep0 maxpacket: 32 [ 536.619921][T11406] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1709'. [ 536.646575][ T8] usb 4-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 536.683094][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 536.716232][ T8] usb 4-1: Product: syz [ 536.743960][ T8] usb 4-1: Manufacturer: syz [ 536.745916][T11406] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1709'. [ 536.770495][ T8] usb 4-1: SerialNumber: syz [ 536.797492][ T8] usb 4-1: config 0 descriptor?? [ 537.035565][ T8] RobotFuzz Open Source InterFace, OSIF 4-1:0.0: failure sending bit rate [ 537.087696][ T8] RobotFuzz Open Source InterFace, OSIF 4-1:0.0: probe with driver RobotFuzz Open Source InterFace, OSIF failed with error -71 [ 537.187334][ T8] usb 4-1: USB disconnect, device number 46 [ 537.877339][T11424] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xd [ 538.276252][T11432] netlink: 'syz.1.1715': attribute type 11 has an invalid length. [ 538.284795][T11432] netlink: 140 bytes leftover after parsing attributes in process `syz.1.1715'. [ 538.331885][T11434] bridge0: port 2(bridge_slave_1) entered disabled state [ 538.541213][ T5082] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 538.790345][ T5082] usb 3-1: Using ep0 maxpacket: 16 [ 538.820371][ T5082] usb 3-1: config 0 has an invalid descriptor of length 56, skipping remainder of the config [ 538.863661][ T5082] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 538.909567][ T5082] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 538.953445][ T5082] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 538.995884][ T5082] usb 3-1: config 0 descriptor?? [ 539.060384][ T5082] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 539.296052][T11428] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1717'. [ 539.338721][T11447] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1721'. [ 539.361281][ T5095] Bluetooth: hci1: command 0x0406 tx timeout [ 539.421569][T11447] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1721'. [ 539.730639][T11456] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1723'. [ 539.819104][T11456] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1723'. [ 540.245550][T11428] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1717'. [ 540.271816][T11428] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1717'. [ 540.334308][T11465] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 541.073918][T11428] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 541.121331][T11467] FAULT_INJECTION: forcing a failure. [ 541.121331][T11467] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 541.144456][T11428] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 541.166296][T11467] CPU: 0 PID: 11467 Comm: syz.3.1726 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 541.176530][T11467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 541.186613][T11467] Call Trace: [ 541.189951][T11467] [ 541.192896][T11467] dump_stack_lvl+0x241/0x360 [ 541.197654][T11467] ? __pfx_dump_stack_lvl+0x10/0x10 [ 541.202912][T11467] ? __pfx__printk+0x10/0x10 [ 541.207562][T11467] ? __pfx_lock_release+0x10/0x10 [ 541.212651][T11467] should_fail_ex+0x3b0/0x4e0 [ 541.217382][T11467] _copy_from_user+0x2f/0xe0 [ 541.222029][T11467] iommufd_fops_ioctl+0x47e/0x5a0 [ 541.227096][T11467] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 541.232704][T11467] ? bpf_lsm_file_ioctl+0x9/0x10 [ 541.237674][T11467] ? security_file_ioctl+0x87/0xb0 [ 541.242794][T11467] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 541.248349][T11467] __se_sys_ioctl+0xfc/0x170 [ 541.252958][T11467] do_syscall_64+0xf3/0x230 [ 541.257477][T11467] ? clear_bhb_loop+0x35/0x90 [ 541.262184][T11467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.268244][T11467] RIP: 0033:0x7fc7ecf75bd9 [ 541.272685][T11467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 541.292357][T11467] RSP: 002b:00007fc7edd5f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 541.300798][T11467] RAX: ffffffffffffffda RBX: 00007fc7ed103f60 RCX: 00007fc7ecf75bd9 [ 541.308793][T11467] RDX: 00000000200002c0 RSI: 0000000000003ba0 RDI: 0000000000000003 [ 541.316776][T11467] RBP: 00007fc7edd5f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 541.324758][T11467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 541.332746][T11467] R13: 000000000000000b R14: 00007fc7ed103f60 R15: 00007ffc3cfdcb88 [ 541.340761][T11467] [ 541.854718][ T4477] Bluetooth: hci0: unexpected event 0x17 length: 14 > 6 [ 541.961151][T11482] No such timeout policy "syz0" [ 542.640531][ T8] usb 3-1: USB disconnect, device number 43 [ 542.739355][ T5136] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 542.966413][ T5136] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 542.985739][ T5136] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 543.026031][ T5136] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 543.041948][ T5136] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 543.064645][ T5136] usb 5-1: Product: syz [ 543.088712][ T5136] usb 5-1: Manufacturer: syz [ 543.103731][ T5136] usb 5-1: SerialNumber: syz [ 543.142008][ T5136] cdc_ncm 5-1:1.0: skipping garbage [ 543.954429][T11488] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 543.975979][T11488] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 544.095753][T11498] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1735'. [ 544.178101][T11498] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1735'. [ 544.356169][T11488] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 544.366283][T11488] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 544.615105][ T5136] cdc_ncm 5-1:1.0: bind() failure [ 544.685382][ T5136] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71 [ 544.709045][ T5136] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71 [ 544.748644][ T5136] usbtest 5-1:1.1: probe with driver usbtest failed with error -71 [ 544.770893][ T5136] usb 5-1: USB disconnect, device number 28 [ 545.396074][T11524] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1742'. [ 545.509461][T11524] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1742'. [ 545.578267][T11524] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1742'. [ 545.592210][T11524] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1742'. [ 545.627775][T11527] tmpfs: Bad value for 'mpol' [ 545.731072][T11524] netlink: 'syz.2.1742': attribute type 1 has an invalid length. [ 545.742020][T11524] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1742'. [ 545.758245][T11524] sctp: [Deprecated]: syz.2.1742 (pid 11524) Use of struct sctp_assoc_value in delayed_ack socket option. [ 545.758245][T11524] Use struct sctp_sack_info instead [ 545.937626][ T5133] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 546.178874][ T5133] usb 1-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config [ 546.248699][ T5133] usb 1-1: config 17 has 0 interfaces, different from the descriptor's value: 1 [ 546.330384][ T5133] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 546.404763][ T5133] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 547.336757][ T4477] Bluetooth: hci1: unexpected event for opcode 0x0060 [ 548.299758][ T8] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 548.540092][ T8] usb 5-1: device descriptor read/64, error -71 [ 548.580820][ T5136] usb 1-1: USB disconnect, device number 45 [ 548.809149][T11554] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 548.870404][ T8] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 548.975785][T11554] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 549.062508][ T8] usb 5-1: device descriptor read/64, error -71 [ 549.192607][ T5095] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 549.203864][ T5095] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 549.230899][ T5095] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 549.291420][ T8] usb usb5-port1: attempt power cycle [ 549.309792][ T5095] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 549.318776][ T5095] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 549.333989][ T5095] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 549.721253][ T45] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 549.781163][ T8] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 549.830123][ T8] usb 5-1: device descriptor read/8, error -71 [ 549.974982][ T45] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 550.021698][ T45] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 550.041160][T11557] chnl_net:caif_netlink_parms(): no params data found [ 550.095785][ T45] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 550.126142][ T45] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 550.161693][ T8] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 550.164037][ T45] usb 3-1: Product: syz [ 550.230301][ T45] usb 3-1: Manufacturer: syz [ 550.245799][ T45] usb 3-1: SerialNumber: syz [ 550.246793][ T8] usb 5-1: device descriptor read/8, error -71 [ 550.309912][ T45] cdc_ncm 3-1:1.0: skipping garbage [ 550.422688][ T8] usb usb5-port1: unable to enumerate USB device [ 550.471869][ T5136] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 550.582367][ T5133] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 550.666795][ T5136] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 550.688454][ T5136] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 550.700191][T11557] bridge0: port 1(bridge_slave_0) entered blocking state [ 550.713286][T11557] bridge0: port 1(bridge_slave_0) entered disabled state [ 550.744587][ T5136] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 550.761293][T11557] bridge_slave_0: entered allmulticast mode [ 550.774727][ T5136] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 550.803970][T11557] bridge_slave_0: entered promiscuous mode [ 550.815118][ T5136] usb 1-1: SerialNumber: syz [ 550.836631][T11557] bridge0: port 2(bridge_slave_1) entered blocking state [ 550.847371][ T5133] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 550.889746][ T5133] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 550.902860][T11557] bridge0: port 2(bridge_slave_1) entered disabled state [ 550.940138][T11557] bridge_slave_1: entered allmulticast mode [ 550.946846][ T5133] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 550.979422][T11557] bridge_slave_1: entered promiscuous mode [ 550.986336][ T5133] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 551.036084][ T5133] usb 4-1: SerialNumber: syz [ 551.122003][ T5136] usb 1-1: 0:2 : does not exist [ 551.137759][ T5136] usb 1-1: unit 5 not found! [ 551.211434][T11562] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 551.238145][ T5136] usb 1-1: USB disconnect, device number 46 [ 551.264274][T11557] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 551.297546][T11562] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 551.454686][ T5095] Bluetooth: hci7: command tx timeout [ 551.494718][T11557] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 551.579838][ T5133] usb 4-1: 0:2 : does not exist [ 551.604241][ T5133] usb 4-1: unit 5 not found! [ 551.670272][ T5133] usb 4-1: USB disconnect, device number 47 [ 551.732642][T11562] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 551.755697][T11557] team0: Port device team_slave_0 added [ 551.762455][T11562] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 551.883582][ T5184] udevd[5184]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 551.947155][T11557] team0: Port device team_slave_1 added [ 552.024442][ T5131] udevd[5131]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 552.170464][T11557] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 552.191712][T11557] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 552.285643][ T45] cdc_ncm 3-1:1.0: bind() failure [ 552.302009][ T45] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71 [ 552.335013][ T45] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71 [ 552.356772][ T45] usbtest 3-1:1.1: probe with driver usbtest failed with error -71 [ 552.367574][T11557] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 552.370065][ T45] usb 3-1: USB disconnect, device number 44 [ 552.466122][T11557] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 552.521179][T11557] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 552.645168][T11591] tmpfs: Bad value for 'mpol' [ 552.645573][T11557] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 552.954030][ T8] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 552.958700][ T5133] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 552.986531][T11557] hsr_slave_0: entered promiscuous mode [ 553.183355][T11557] hsr_slave_1: entered promiscuous mode [ 553.202877][T11557] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 553.231477][T11557] Cannot create hsr debugfs directory [ 553.286428][ T8] usb 5-1: Using ep0 maxpacket: 16 [ 553.307756][ T5133] usb 4-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config [ 553.308843][ T8] usb 5-1: config 0 has an invalid descriptor of length 253, skipping remainder of the config [ 553.365049][ T5133] usb 4-1: config 17 has 0 interfaces, different from the descriptor's value: 1 [ 553.400994][ T8] usb 5-1: New USB device found, idVendor=046d, idProduct=0721, bcdDevice=9c.25 [ 553.410411][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 553.437454][ T8] usb 5-1: Product: syz [ 553.445576][ T5133] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 553.452041][ T8] usb 5-1: Manufacturer: syz [ 553.459515][ T8] usb 5-1: SerialNumber: syz [ 553.485774][ T8] usb 5-1: config 0 descriptor?? [ 553.534942][ T5095] Bluetooth: hci7: command tx timeout [ 553.545282][ T5133] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 554.602735][T11557] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 554.697874][T11604] FAULT_INJECTION: forcing a failure. [ 554.697874][T11604] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 554.742327][T11604] CPU: 1 PID: 11604 Comm: syz.0.1763 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 554.752564][T11604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 554.762885][T11604] Call Trace: [ 554.766213][T11604] [ 554.769182][T11604] dump_stack_lvl+0x241/0x360 [ 554.773905][T11604] ? __pfx_dump_stack_lvl+0x10/0x10 [ 554.779149][T11604] ? __pfx__printk+0x10/0x10 [ 554.783782][T11604] ? __pfx_lock_release+0x10/0x10 [ 554.788856][T11604] should_fail_ex+0x3b0/0x4e0 [ 554.793741][T11604] _copy_from_user+0x2f/0xe0 [ 554.798511][T11604] copy_msghdr_from_user+0xae/0x680 [ 554.803768][T11604] ? timespec64_add_safe+0x1be/0x220 [ 554.809097][T11604] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 554.814952][T11604] do_recvmmsg+0x40f/0xae0 [ 554.819393][T11604] ? mark_lock+0x9a/0x350 [ 554.823755][T11604] ? __pfx_do_recvmmsg+0x10/0x10 [ 554.828741][T11604] ? __pfx___might_resched+0x10/0x10 [ 554.834040][T11604] ? __might_fault+0xaa/0x120 [ 554.838730][T11604] ? __pfx_lock_release+0x10/0x10 [ 554.843767][T11604] ? vfs_write+0x7c4/0xc90 [ 554.848241][T11604] ? get_timespec64+0x19c/0x280 [ 554.853134][T11604] __x64_sys_recvmmsg+0x1b8/0x250 [ 554.858202][T11604] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 554.863782][T11604] ? do_syscall_64+0x100/0x230 [ 554.868626][T11604] ? do_syscall_64+0xb6/0x230 [ 554.873334][T11604] do_syscall_64+0xf3/0x230 [ 554.877864][T11604] ? clear_bhb_loop+0x35/0x90 [ 554.882563][T11604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 554.888479][T11604] RIP: 0033:0x7f6a8fd75bd9 [ 554.892905][T11604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 554.912526][T11604] RSP: 002b:00007f6a90b79048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 554.920960][T11604] RAX: ffffffffffffffda RBX: 00007f6a8ff03f60 RCX: 00007f6a8fd75bd9 [ 554.928947][T11604] RDX: 04000000000003b4 RSI: 00000000200037c0 RDI: 0000000000000003 [ 554.936927][T11604] RBP: 00007f6a90b790a0 R08: 0000000020003700 R09: 0000000000000000 [ 554.944907][T11604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 554.952930][T11604] R13: 000000000000000b R14: 00007f6a8ff03f60 R15: 00007fff5b091568 [ 554.960929][T11604] [ 555.157642][T11557] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.452668][T11557] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.498203][ T5133] usb 4-1: USB disconnect, device number 48 [ 555.616641][ T5095] Bluetooth: hci7: command tx timeout [ 555.697205][ T8] usb 5-1: USB disconnect, device number 33 [ 555.864905][T11557] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 556.105920][T11619] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1768'. [ 556.117018][T11619] netlink: 'syz.4.1768': attribute type 3 has an invalid length. [ 556.273968][ T1088] macvlan2: left allmulticast mode [ 556.374064][ T1088] macvlan2: left promiscuous mode [ 556.402315][ T1088] bridge0: port 2(macvlan2) entered disabled state [ 556.416611][ T1088] bridge_slave_0: left allmulticast mode [ 556.442882][ T1088] bridge_slave_0: left promiscuous mode [ 556.467295][ T1088] bridge0: port 1(bridge_slave_0) entered disabled state [ 556.877630][ T2955] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 557.090870][ T2955] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 557.121428][ T2955] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 557.161094][ T2955] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 557.178944][ T2955] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 557.183163][ T5134] usb 1-1: new full-speed USB device number 47 using dummy_hcd [ 557.198663][ T45] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 557.206466][ T2955] usb 5-1: SerialNumber: syz [ 557.210721][ T1088] bridge0 (unregistering): left allmulticast mode [ 557.401348][ T5134] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 557.409307][ T45] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 557.434767][ T5134] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 557.444369][ T45] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 557.487416][ T45] usb 4-1: config 0 descriptor?? [ 557.487959][ T5134] usb 1-1: config 0 descriptor?? [ 557.503056][ T45] cp210x 4-1:0.0: cp210x converter detected [ 557.698881][ T5095] Bluetooth: hci7: command tx timeout [ 557.726448][ T1088] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 557.862320][ T1088] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 557.889190][ T1088] bond0 (unregistering): Released all slaves [ 558.000480][ T2955] usb 5-1: 0:2 : does not exist [ 558.016007][ T2955] usb 5-1: unit 5 not found! [ 558.031452][T11630] mkiss: ax0: crc mode is auto. [ 558.069879][ T1088] IPVS: stopping backup sync thread 10853 ... [ 558.078594][T11629] batman_adv: batadv0: Adding interface: macvlan2 [ 558.085105][ T2955] usb 5-1: USB disconnect, device number 34 [ 558.104060][T11629] batman_adv: batadv0: The MTU of interface macvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 558.131287][T11629] batman_adv: batadv0: Not using interface macvlan2 (retrying later): interface not active [ 558.449580][T11641] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xd [ 558.882534][ T1088] hsr_slave_0: left promiscuous mode [ 558.923187][ T1088] hsr_slave_1: left promiscuous mode [ 558.938187][ T1088] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 558.946437][ T1088] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 558.975473][ T1088] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 559.022282][ T1088] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 559.129914][ T1088] veth1_macvtap: left promiscuous mode [ 559.137063][ T1088] veth0_macvtap: left promiscuous mode [ 559.149036][ T1088] veth1_vlan: left promiscuous mode [ 559.155297][ T1088] veth0_vlan: left promiscuous mode [ 559.394656][T11648] tmpfs: Bad value for 'mpol' [ 559.530694][ T5134] pegasus 1-1:0.0: setup Pegasus II specific registers [ 559.655679][ T45] cp210x 4-1:0.0: failed to get vendor val 0x370c size 13: -71 [ 559.681379][ T5134] pegasus 1-1:0.0: can't locate MII phy, using default [ 559.694782][ T45] cp210x 4-1:0.0: GPIO initialisation failed: -71 [ 559.721383][ T5133] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 559.958596][ T45] usb 4-1: cp210x converter now attached to ttyUSB0 [ 559.984194][ T45] usb 4-1: USB disconnect, device number 49 [ 559.994273][ T45] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 560.005118][ T45] cp210x 4-1:0.0: device disconnected [ 560.136504][ T5133] usb 5-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config [ 560.167349][ T5133] usb 5-1: config 17 has 0 interfaces, different from the descriptor's value: 1 [ 560.198600][ T5133] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 560.233524][ T5133] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 561.815565][ T1088] team0 (unregistering): Port device team_slave_1 removed [ 562.012466][ T1088] team0 (unregistering): Port device team_slave_0 removed [ 562.235986][ T57] usb 5-1: USB disconnect, device number 35 [ 563.123930][ T5134] pegasus 1-1:0.0: eth1, ELECOM USB Ethernet LD-USB20, a6:8f:d2:ea:c6:ff [ 563.162135][T11557] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 563.162478][ T5134] usb 1-1: USB disconnect, device number 47 [ 563.261612][T11557] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 563.362107][T11557] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 563.392007][T11674] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1782'. [ 563.410468][T11557] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 563.590352][ T9324] udevd[9324]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 563.608428][T11680] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xd [ 563.678857][T11674] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1782'. [ 563.814787][ T5134] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 564.077603][ T5134] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 564.088554][ T5134] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 564.119515][ T5134] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 564.153059][ T5134] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 564.171261][ T5134] usb 1-1: SerialNumber: syz [ 564.226337][T11557] 8021q: adding VLAN 0 to HW filter on device bond0 [ 564.474115][ T1250] ieee802154 phy0 wpan0: encryption failed: -22 [ 564.480884][ T1250] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.568451][T11557] 8021q: adding VLAN 0 to HW filter on device team0 [ 564.789190][ T5134] usb 1-1: 0:2 : does not exist [ 564.794850][ T5134] usb 1-1: unit 5 not found! [ 564.851888][ T5136] usb 3-1: new full-speed USB device number 45 using dummy_hcd [ 564.866468][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 564.873772][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 564.883445][ T5134] usb 1-1: USB disconnect, device number 48 [ 565.638038][ T5136] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 565.667659][ T5136] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 565.685461][ T5135] bridge0: port 2(bridge_slave_1) entered blocking state [ 565.692741][ T5135] bridge0: port 2(bridge_slave_1) entered forwarding state [ 565.736181][ T5136] usb 3-1: config 0 descriptor?? [ 566.395079][ T5184] udevd[5184]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 566.542233][T11557] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 566.699705][T11557] veth0_vlan: entered promiscuous mode [ 566.729636][T11557] veth1_vlan: entered promiscuous mode [ 566.838470][T11557] veth0_macvtap: entered promiscuous mode [ 566.867561][T11557] veth1_macvtap: entered promiscuous mode [ 566.916898][T11557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 566.936556][ T9] usb 5-1: new full-speed USB device number 36 using dummy_hcd [ 566.982103][T11557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 566.997484][T11557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 567.008992][T11557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.022316][T11557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 567.043423][T11557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.066345][T11557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 567.089686][T11557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.100604][T11557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 567.112227][T11557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.123815][T11557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 567.136277][T11557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.152049][ T9] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 567.163414][T11557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 567.168151][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.184516][T11557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.202214][ T9] usb 5-1: config 0 descriptor?? [ 567.213089][T11557] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 567.267087][T11557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 567.289672][T11557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.326915][T11557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 567.358176][T11557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.374665][T11557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 567.395835][T11557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.416349][T11557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 567.445764][T11557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.457063][T11557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 567.479716][T11557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.503277][T11557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 567.524367][T11557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.566159][T11557] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 567.587918][T11557] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.618700][T11557] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 567.660055][T11557] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 567.670464][T11557] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 567.680247][T11557] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 567.706570][T11557] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 567.713472][ T5136] pegasus 3-1:0.0: setup Pegasus II specific registers [ 567.843284][ T45] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 567.869122][ T5136] pegasus 3-1:0.0: can't locate MII phy, using default [ 567.933769][ T5136] pegasus 3-1:0.0: eth1, ELECOM USB Ethernet LD-USB20, ce:56:37:80:85:a7 [ 567.975519][ T5136] usb 3-1: USB disconnect, device number 45 [ 568.006025][ T6876] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 568.013970][ T6876] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 568.064959][ T45] usb 1-1: Using ep0 maxpacket: 32 [ 568.090098][ T45] usb 1-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15 [ 568.095134][ T1088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 568.099766][ T45] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 568.107928][ T1088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 568.135625][ T45] usb 1-1: Product: syz [ 568.145432][ T45] usb 1-1: Manufacturer: syz [ 568.152354][ T45] usb 1-1: SerialNumber: syz [ 568.167723][ T45] usb 1-1: config 0 descriptor?? [ 568.188012][ T5138] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 568.380865][ T5138] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 568.417554][ T45] RobotFuzz Open Source InterFace, OSIF 1-1:0.0: failure sending bit rate [ 568.432805][ T5138] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 568.462326][ T45] RobotFuzz Open Source InterFace, OSIF 1-1:0.0: probe with driver RobotFuzz Open Source InterFace, OSIF failed with error -71 [ 568.502269][ T5138] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 568.524205][ T5138] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 568.540469][ T45] usb 1-1: USB disconnect, device number 49 [ 568.557009][ T5138] usb 4-1: Product: syz [ 568.565049][ T5138] usb 4-1: Manufacturer: syz [ 568.571340][ T5138] usb 4-1: SerialNumber: syz [ 568.600715][ T5138] cdc_ncm 4-1:1.0: skipping garbage [ 569.649715][ T9] pegasus 5-1:0.0: setup Pegasus II specific registers [ 569.790756][ T9] pegasus 5-1:0.0: can't locate MII phy, using default [ 569.816337][T11727] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 569.828682][ T9] pegasus 5-1:0.0: eth1, ELECOM USB Ethernet LD-USB20, 0e:45:3a:dc:aa:eb [ 569.842231][T11727] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 569.915015][ T9] usb 5-1: USB disconnect, device number 36 [ 570.182719][T11753] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1803'. [ 570.199105][T11727] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 570.210505][T11727] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 570.636391][ T5138] cdc_ncm 4-1:1.0: bind() failure [ 570.685487][ T5138] cdc_ncm 4-1:1.1: probe with driver cdc_ncm failed with error -71 [ 570.742008][ T5138] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71 [ 570.798732][ T5138] usbtest 4-1:1.1: probe with driver usbtest failed with error -71 [ 570.909463][ T5138] usb 4-1: USB disconnect, device number 50 [ 570.996143][ T9] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 571.261040][ T9] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 571.287597][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 571.311325][ T9] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 571.352788][ T9] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 571.369905][ T9] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 571.388291][ T9] usb 1-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 571.434216][ T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 571.460498][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 571.478675][ T9] usb 1-1: Product: syz [ 571.496420][ T9] usb 1-1: Manufacturer: syz [ 571.521922][ T9] usb 1-1: SerialNumber: syz [ 571.536478][T11775] mkiss: ax0: crc mode is auto. [ 571.559200][ T9] cdc_ncm 1-1:1.0: skipping garbage [ 571.844309][ T5134] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 571.932136][ T5138] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 572.056296][ T5134] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 572.093380][ T5134] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 572.104433][ T5134] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 572.131949][ T5134] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 572.136087][ T5138] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 572.150860][ T5134] usb 4-1: SerialNumber: syz [ 572.203230][ T5138] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 572.260851][ T5138] usb 5-1: config 0 descriptor?? [ 572.295850][ T5138] cp210x 5-1:0.0: cp210x converter detected [ 572.399829][ T5134] usb 4-1: 0:2 : does not exist [ 572.417767][ T5134] usb 4-1: unit 5 not found! [ 572.419569][T11766] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 572.460647][T11766] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 572.508254][ T5134] usb 4-1: USB disconnect, device number 51 [ 572.758992][ T9] cdc_ncm 1-1:1.0: bind() failure [ 572.759180][ T5138] usb 5-1: cp210x converter now attached to ttyUSB0 [ 572.799137][ T9] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71 [ 572.807936][ T5184] udevd[5184]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 573.185664][ T9] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71 [ 573.207697][ T9] usbtest 1-1:1.1: probe with driver usbtest failed with error -71 [ 573.239462][ T9] usb 1-1: USB disconnect, device number 50 [ 573.705926][T11797] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xd [ 573.803738][T11800] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1815'. [ 575.323144][ T5194] usb 5-1: USB disconnect, device number 37 [ 575.350339][ T5194] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 575.438278][ T35] macvlan4: left allmulticast mode [ 575.463041][ T35] macvlan4: left promiscuous mode [ 575.481760][T11829] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xd [ 575.501563][ T5194] cp210x 5-1:0.0: device disconnected [ 575.536643][ T35] bridge0: port 5(macvlan4) entered disabled state [ 575.640727][ T35] macvlan3: left allmulticast mode [ 575.664429][ T35] macvlan3: left promiscuous mode [ 575.696815][ T35] bridge0: port 4(macvlan3) entered disabled state [ 575.733024][ T35] macvlan2: left allmulticast mode [ 575.767805][ T35] macvlan2: left promiscuous mode [ 576.248714][ T35] bridge0: port 3(macvlan2) entered disabled state [ 576.296968][ T35] bridge_slave_1: left allmulticast mode [ 576.319280][ T35] bridge_slave_1: left promiscuous mode [ 576.325246][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 576.375805][ T35] bridge_slave_0: left allmulticast mode [ 576.388614][ T35] bridge_slave_0: left promiscuous mode [ 576.402126][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 576.918793][ T5134] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 577.077701][ T35] bridge0 (unregistering): left allmulticast mode [ 577.116299][ T5095] Bluetooth: hci7: command 0x0406 tx timeout [ 577.140780][ T5134] usb 4-1: Using ep0 maxpacket: 8 [ 577.158493][ T5134] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 577.168550][ T5134] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 577.195070][ T5134] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 577.205464][ T5134] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 577.218792][ T5134] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 577.235375][ T5134] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.348324][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 577.364856][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 577.389718][ T35] bond0 (unregistering): Released all slaves [ 577.405211][T11826] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 577.481913][ T5134] usb 4-1: GET_CAPABILITIES returned 0 [ 577.524516][ T5134] usbtmc 4-1:16.0: can't read capabilities [ 577.544942][ T35] : left promiscuous mode [ 577.638009][T11852] bridge0: port 2(bridge_slave_1) entered disabled state [ 577.642561][ T5082] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 577.645956][T11852] bridge0: port 1(bridge_slave_0) entered disabled state [ 577.712839][ T5138] usb 4-1: USB disconnect, device number 52 [ 577.715032][T11852] bridge0: left promiscuous mode [ 577.761077][ T5095] Bluetooth: hci7: SCO packet for unknown connection handle 0 [ 577.769111][ T35] IPVS: stopping backup sync thread 6142 ... [ 577.885033][ T5082] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 577.929208][ T5082] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 577.964641][ T5082] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 577.979514][ T5082] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 577.991031][ T5082] usb 1-1: SerialNumber: syz [ 578.113128][T11857] mkiss: ax0: crc mode is auto. [ 578.274116][ T5082] usb 1-1: 0:2 : does not exist [ 578.345544][ T5082] usb 1-1: unit 5 not found! [ 578.425013][ T5134] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 578.429888][ T5082] usb 1-1: USB disconnect, device number 51 [ 578.586601][ T35] hsr_slave_0: left promiscuous mode [ 578.616400][ T5134] usb 3-1: Using ep0 maxpacket: 16 [ 578.626936][ T35] hsr_slave_1: left promiscuous mode [ 578.634788][ T5134] usb 3-1: config 0 has an invalid descriptor of length 160, skipping remainder of the config [ 578.636530][ T5138] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 578.664530][ T5134] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 578.684958][ T5134] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 578.695665][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 578.704479][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 578.721706][ T5134] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 578.727920][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 578.766227][ T9324] udevd[9324]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 578.766789][ T5134] usb 3-1: config 0 descriptor?? [ 578.794275][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 578.832621][ T5134] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 578.893838][T11873] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 578.993118][ T35] veth1_macvtap: left promiscuous mode [ 579.026676][ T5138] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 579.041561][ T35] veth0_macvtap: left promiscuous mode [ 579.054297][ T35] veth1_vlan: left promiscuous mode [ 579.059582][ T5138] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 579.077113][T11874] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 579.100863][ T5138] usb 5-1: config 0 descriptor?? [ 579.125392][ T35] veth0_vlan: left promiscuous mode [ 579.158575][ T5138] cp210x 5-1:0.0: cp210x converter detected [ 579.524567][T11862] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1835'. [ 580.008401][ T5138] usb 5-1: cp210x converter now attached to ttyUSB0 [ 580.494506][T11862] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1835'. [ 580.552945][T11862] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1835'. [ 580.614660][T11862] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 580.642905][T11862] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 581.603248][ T35] team0 (unregistering): Port device team_slave_1 removed [ 581.686679][ T5134] usb 5-1: USB disconnect, device number 38 [ 581.722697][ T5134] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 581.734154][ T35] team0 (unregistering): Port device team_slave_0 removed [ 581.773309][ T5134] cp210x 5-1:0.0: device disconnected [ 581.789628][ T5095] Bluetooth: hci7: Controller not accepting commands anymore: ncmd = 0 [ 581.798802][ T5095] Bluetooth: hci7: Injecting HCI hardware error event [ 581.808193][ T5095] Bluetooth: hci7: hardware error 0x00 [ 582.118049][ T5134] usb 3-1: USB disconnect, device number 46 [ 582.266213][T11902] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xd [ 582.560021][T11905] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1843'. [ 582.718892][T11905] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1843'. [ 583.075335][ T2955] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 583.286870][ T2955] usb 2-1: Using ep0 maxpacket: 8 [ 583.296710][ T5138] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 583.313197][ T2955] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 583.332750][ T2955] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 583.350520][ T2955] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 583.366738][ T2955] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 583.385782][ T2955] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 583.395878][ T2955] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 583.508339][ T5138] usb 3-1: Using ep0 maxpacket: 16 [ 583.528823][ T5138] usb 3-1: config 0 has an invalid descriptor of length 56, skipping remainder of the config [ 583.557102][ T5138] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 583.584756][ T5138] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 583.594986][ T5138] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 583.619138][ T5138] usb 3-1: config 0 descriptor?? [ 583.633038][ T2955] usb 2-1: GET_CAPABILITIES returned 0 [ 583.644745][ T5138] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 583.652491][ T2955] usbtmc 2-1:16.0: can't read capabilities [ 583.876540][ T5134] usb 2-1: USB disconnect, device number 59 [ 583.881418][ T5095] Bluetooth: hci7: Opcode 0x0c03 failed: -110 [ 584.033399][T11935] fuse: Bad value for 'fd' [ 584.046705][T11937] bridge0: port 2(bridge_slave_1) entered disabled state [ 584.054608][T11937] bridge0: port 1(bridge_slave_0) entered disabled state [ 584.651697][T11919] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1848'. [ 585.304188][T11948] tmpfs: Bad value for 'mpol' [ 585.634143][ T9] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 585.741207][T11962] mkiss: ax0: crc mode is auto. [ 585.858421][ T9] usb 1-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config [ 585.901367][ T9] usb 1-1: config 17 has 0 interfaces, different from the descriptor's value: 1 [ 585.923832][ T9] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 585.939450][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.161195][ T5138] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 586.180657][ T9] usb 1-1: USB disconnect, device number 52 [ 586.404164][ T5138] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 586.449156][ T5138] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.474372][ T5138] usb 4-1: config 0 descriptor?? [ 586.493691][ T5138] cp210x 4-1:0.0: cp210x converter detected [ 586.548152][T11971] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1861'. [ 586.593820][T11974] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1862'. [ 586.616187][T11952] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1848'. [ 586.621941][T11971] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1861'. [ 586.659810][T11952] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1848'. [ 586.718676][T11976] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 586.781515][T11976] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 586.942904][ T5138] usb 4-1: cp210x converter now attached to ttyUSB0 [ 587.015038][T11978] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1863'. [ 587.103139][T11978] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1863'. [ 588.002905][T11997] No such timeout policy "syz0" [ 588.398152][ T2955] usb 3-1: USB disconnect, device number 47 [ 589.392572][ T9] usb 4-1: USB disconnect, device number 53 [ 589.404602][ T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 589.545182][ T9] cp210x 4-1:0.0: device disconnected [ 589.668676][ T5095] Bluetooth: hci1: unexpected event 0x17 length: 14 > 6 [ 590.223304][ T9] usb 4-1: new low-speed USB device number 54 using dummy_hcd [ 590.491616][ T9] usb 4-1: config index 0 descriptor too short (expected 6427, got 27) [ 590.529514][ T9] usb 4-1: config 0 has an invalid interface number: 21 but max is 0 [ 590.623397][ T9] usb 4-1: config 0 has no interface number 0 [ 590.657513][ T9] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid maxpacket 65535, setting to 8 [ 590.686819][ T9] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 590.711842][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 590.749160][ T9] usb 4-1: config 0 descriptor?? [ 590.784321][T12024] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 590.846270][T12034] tmpfs: Bad value for 'mpol' [ 591.084686][T12037] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1874'. [ 591.142103][ T5194] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 591.250583][T12037] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1874'. [ 591.375092][ T5194] usb 3-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config [ 591.406129][ T5194] usb 3-1: config 17 has 0 interfaces, different from the descriptor's value: 1 [ 591.462676][ T5194] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 591.470297][ T9] input: USB Keyspan Remote 06cd:0202 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.21/input/input28 [ 591.492889][ T5194] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 591.569767][T12043] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1876'. [ 591.621201][ C0] ------------[ cut here ]------------ [ 591.628864][ C0] WARNING: CPU: 0 PID: 12043 at kernel/kcov.c:871 kcov_remote_start+0x5a2/0x7e0 [ 591.637962][ C0] Modules linked in: [ 591.641897][ C0] CPU: 0 PID: 12043 Comm: syz.0.1876 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 591.652082][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 591.662170][ C0] RIP: 0010:kcov_remote_start+0x5a2/0x7e0 [ 591.667933][ C0] Code: 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 00 00 0f 85 a6 01 00 00 41 f7 c6 00 02 00 00 0f 84 93 fa ff ff fb e9 8d fa ff ff 90 <0f> 0b 90 e8 56 1e e7 09 89 c0 48 c7 c7 c8 d4 02 00 48 03 3c c5 e0 [ 591.687595][ C0] RSP: 0018:ffffc90000007030 EFLAGS: 00010002 [ 591.693812][ C0] RAX: 0000000080010101 RBX: ffff888020d89e00 RCX: 0000000000000002 [ 591.701807][ C0] RDX: dffffc0000000000 RSI: ffffffff8bcaccc0 RDI: ffffffff8c1f15c0 [ 591.709798][ C0] RBP: 0100000000000004 R08: ffffffff92f715f7 R09: 1ffffffff25ee2be [ 591.717783][ C0] R10: dffffc0000000000 R11: fffffbfff25ee2bf R12: ffffffff8196306e [ 591.725767][ C0] R13: ffff888020e01900 R14: 0000000000000006 R15: ffff8880b942d4c8 [ 591.733745][ C0] FS: 00007f6a90b796c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 591.742682][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 591.749272][ C0] CR2: 0000000020085000 CR3: 000000007c776000 CR4: 00000000003506f0 [ 591.757261][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 591.765255][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 591.773256][ C0] Call Trace: [ 591.776544][ C0] [ 591.779409][ C0] ? __warn+0x163/0x4e0 [ 591.783588][ C0] ? kcov_remote_start+0x5a2/0x7e0 [ 591.788716][ C0] ? report_bug+0x2b3/0x500 [ 591.793236][ C0] ? kcov_remote_start+0x5a2/0x7e0 [ 591.798361][ C0] ? handle_bug+0x3e/0x70 [ 591.802723][ C0] ? exc_invalid_op+0x1a/0x50 [ 591.807411][ C0] ? asm_exc_invalid_op+0x1a/0x20 [ 591.812451][ C0] ? kcov_remote_start+0x9e/0x7e0 [ 591.817491][ C0] ? kcov_remote_start+0x5a2/0x7e0 [ 591.822612][ C0] ? usb_unanchor_urb+0xa3/0xc0 [ 591.827478][ C0] ? usb_anchor_suspend_wakeups+0x3a/0x40 [ 591.833223][ C0] __usb_hcd_giveback_urb+0x405/0x6e0 [ 591.838614][ C0] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 591.844525][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 591.849781][ C0] dummy_timer+0x830/0x45d0 [ 591.854323][ C0] ? __pfx_lock_release+0x10/0x10 [ 591.859397][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 591.865778][ C0] ? __hrtimer_run_queues+0x477/0xd50 [ 591.871296][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 591.876566][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 591.881537][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 591.886495][ C0] __hrtimer_run_queues+0x59b/0xd50 [ 591.891738][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 591.897500][ C0] ? ktime_get_update_offsets_now+0x22d/0x250 [ 591.903600][ C0] hrtimer_interrupt+0x396/0x990 [ 591.908590][ C0] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 591.914623][ C0] sysvec_apic_timer_interrupt+0x52/0xc0 [ 591.920280][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 591.926284][ C0] RIP: 0010:ieee80211_get_bssid+0xea/0x1f0 [ 591.932102][ C0] Code: fc 00 00 00 bf 1c 00 00 00 89 ee e8 00 6f 9c f6 66 83 fd 1c 75 11 e8 55 6b 9c f6 eb 52 e8 4e 6b 9c f6 45 31 f6 eb 4c 48 89 df <48> c7 c6 20 39 85 8f e8 ba 70 9c f6 66 85 db 74 48 0f b7 c3 83 f8 [ 591.951731][ C0] RSP: 0018:ffffc900000077d0 EFLAGS: 00000297 [ 591.957812][ C0] RAX: 0000000000000002 RBX: 0000000000000000 RCX: dffffc0000000000 [ 591.965795][ C0] RDX: ffff888020d89e00 RSI: 0000000000000000 RDI: 0000000000000000 [ 591.973784][ C0] RBP: 0000000000000000 R08: ffffffff8af9bb60 R09: 1ffffffff1f583a5 [ 591.981863][ C0] R10: dffffc0000000000 R11: fffffbfff1f583a6 R12: 000000000000003e [ 591.989876][ C0] R13: dffffc0000000000 R14: ffff88807707b340 R15: 0000000000000001 [ 591.997876][ C0] ? ieee80211_get_bssid+0xd0/0x1f0 [ 592.003103][ C0] ieee80211_prepare_and_rx_handle+0x624/0x6360 [ 592.009466][ C0] ? __pfx_lock_release+0x10/0x10 [ 592.014507][ C0] ? __pfx_ieee80211_prepare_and_rx_handle+0x10/0x10 [ 592.021206][ C0] ? sta_info_get_bss+0x50/0x320 [ 592.026153][ C0] ? sta_info_get_bss+0x2c8/0x320 [ 592.031274][ C0] ? sta_info_get_bss+0x50/0x320 [ 592.036220][ C0] ? ieee80211_rx_for_interface+0x304/0x3d0 [ 592.042145][ C0] ieee80211_rx_list+0x2cde/0x3780 [ 592.047276][ C0] ? __lock_acquire+0x1346/0x1fd0 [ 592.052322][ C0] ? __pfx_ieee80211_rx_list+0x10/0x10 [ 592.057807][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 592.062844][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 592.068837][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 592.075189][ C0] ? ieee80211_rx_napi+0xd6/0x3c0 [ 592.080236][ C0] ieee80211_rx_napi+0x18a/0x3c0 [ 592.085193][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 592.091545][ C0] ? __pfx_ieee80211_rx_napi+0x10/0x10 [ 592.097026][ C0] ? skb_dequeue+0x113/0x150 [ 592.101628][ C0] ieee80211_handle_queued_frames+0xe7/0x1e0 [ 592.107631][ C0] tasklet_action_common+0x321/0x4d0 [ 592.112933][ C0] ? __pfx_tasklet_action_common+0x10/0x10 [ 592.118749][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 592.125091][ C0] ? workqueue_softirq_action+0xca/0x140 [ 592.130746][ C0] handle_softirqs+0x2c4/0x970 [ 592.135520][ C0] ? do_softirq+0x11b/0x1e0 [ 592.140035][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 592.145348][ C0] do_softirq+0x11b/0x1e0 [ 592.149686][ C0] [ 592.152620][ C0] [ 592.155557][ C0] ? __pfx_do_softirq+0x10/0x10 [ 592.160416][ C0] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 592.166064][ C0] ? rcu_is_watching+0x15/0xb0 [ 592.170848][ C0] __local_bh_enable_ip+0x1bb/0x200 [ 592.176055][ C0] ? ieee80211_xmit+0x30f/0x3f0 [ 592.180924][ C0] ? __ieee80211_tx_skb_tid_band+0x49e/0x610 [ 592.187011][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 592.192745][ C0] ? __ieee80211_tx_skb_tid_band+0x4e2/0x610 [ 592.198744][ C0] ? ieee80211_tx_skb_tid+0x30/0x420 [ 592.204044][ C0] ieee80211_tx_skb_tid+0x264/0x420 [ 592.209258][ C0] ? ieee80211_tx_skb_tid+0x30/0x420 [ 592.214586][ C0] ieee80211_mgmt_tx+0x1b46/0x2170 [ 592.219723][ C0] ? trace_kmalloc+0x1f/0xd0 [ 592.224340][ C0] ? ieee80211_mgmt_tx+0xa2e/0x2170 [ 592.229554][ C0] cfg80211_mlme_mgmt_tx+0x950/0x16a0 [ 592.234950][ C0] nl80211_tx_mgmt+0xb0d/0x1190 [ 592.239821][ C0] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 592.245117][ C0] ? __pfx_netdev_run_todo+0x10/0x10 [ 592.250445][ C0] genl_rcv_msg+0xb14/0xec0 [ 592.254960][ C0] ? mark_lock+0x9a/0x350 [ 592.259310][ C0] ? __pfx_genl_rcv_msg+0x10/0x10 [ 592.264366][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 592.269403][ C0] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 592.274796][ C0] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 592.280095][ C0] ? __pfx_nl80211_post_doit+0x10/0x10 [ 592.285580][ C0] ? __pfx___might_resched+0x10/0x10 [ 592.290893][ C0] netlink_rcv_skb+0x1e3/0x430 [ 592.295674][ C0] ? __pfx_genl_rcv_msg+0x10/0x10 [ 592.300710][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 592.306023][ C0] ? __netlink_deliver_tap+0x77e/0x7c0 [ 592.311510][ C0] genl_rcv+0x28/0x40 [ 592.315586][ C0] netlink_unicast+0x7ea/0x980 [ 592.320371][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 592.325685][ C0] ? __virt_addr_valid+0x183/0x520 [ 592.330815][ C0] ? __check_object_size+0x49c/0x900 [ 592.336114][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 592.341249][ C0] netlink_sendmsg+0x8db/0xcb0 [ 592.346040][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 592.351341][ C0] ? __import_iovec+0x536/0x820 [ 592.356214][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 592.361507][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 592.367000][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 592.372300][ C0] __sock_sendmsg+0x221/0x270 [ 592.376989][ C0] ____sys_sendmsg+0x525/0x7d0 [ 592.381781][ C0] ? __pfx_____sys_sendmsg+0x10/0x10 [ 592.387102][ C0] __sys_sendmsg+0x2b0/0x3a0 [ 592.391710][ C0] ? __pfx___sys_sendmsg+0x10/0x10 [ 592.396874][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 592.403214][ C0] ? do_syscall_64+0x100/0x230 [ 592.408005][ C0] ? do_syscall_64+0xb6/0x230 [ 592.412700][ C0] do_syscall_64+0xf3/0x230 [ 592.417219][ C0] ? clear_bhb_loop+0x35/0x90 [ 592.421916][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 592.427825][ C0] RIP: 0033:0x7f6a8fd75bd9 [ 592.432255][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 592.451870][ C0] RSP: 002b:00007f6a90b79048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 592.460296][ C0] RAX: ffffffffffffffda RBX: 00007f6a8ff03f60 RCX: 00007f6a8fd75bd9 [ 592.468275][ C0] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000007 [ 592.476253][ C0] RBP: 00007f6a8fde4e60 R08: 0000000000000000 R09: 0000000000000000 [ 592.484235][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 592.492241][ C0] R13: 000000000000000b R14: 00007f6a8ff03f60 R15: 00007fff5b091568 [ 592.500239][ C0] [ 592.503267][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 592.510552][ C0] CPU: 0 PID: 12043 Comm: syz.0.1876 Not tainted 6.10.0-rc7-syzkaller-00003-g4376e966ecb7 #0 [ 592.520708][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 592.530769][ C0] Call Trace: [ 592.534055][ C0] [ 592.536903][ C0] dump_stack_lvl+0x241/0x360 [ 592.541604][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 592.546822][ C0] ? __pfx__printk+0x10/0x10 [ 592.551456][ C0] ? _printk+0xd5/0x120 [ 592.555636][ C0] ? vscnprintf+0x5d/0x90 [ 592.559973][ C0] panic+0x349/0x860 [ 592.563884][ C0] ? __warn+0x172/0x4e0 [ 592.568054][ C0] ? __pfx_panic+0x10/0x10 [ 592.572485][ C0] ? show_trace_log_lvl+0x4e6/0x520 [ 592.577716][ C0] __warn+0x346/0x4e0 [ 592.581717][ C0] ? kcov_remote_start+0x5a2/0x7e0 [ 592.586846][ C0] report_bug+0x2b3/0x500 [ 592.591207][ C0] ? kcov_remote_start+0x5a2/0x7e0 [ 592.596356][ C0] handle_bug+0x3e/0x70 [ 592.600541][ C0] exc_invalid_op+0x1a/0x50 [ 592.605055][ C0] asm_exc_invalid_op+0x1a/0x20 [ 592.609920][ C0] RIP: 0010:kcov_remote_start+0x5a2/0x7e0 [ 592.615673][ C0] Code: 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 00 00 0f 85 a6 01 00 00 41 f7 c6 00 02 00 00 0f 84 93 fa ff ff fb e9 8d fa ff ff 90 <0f> 0b 90 e8 56 1e e7 09 89 c0 48 c7 c7 c8 d4 02 00 48 03 3c c5 e0 [ 592.635311][ C0] RSP: 0018:ffffc90000007030 EFLAGS: 00010002 [ 592.641402][ C0] RAX: 0000000080010101 RBX: ffff888020d89e00 RCX: 0000000000000002 [ 592.649383][ C0] RDX: dffffc0000000000 RSI: ffffffff8bcaccc0 RDI: ffffffff8c1f15c0 [ 592.657365][ C0] RBP: 0100000000000004 R08: ffffffff92f715f7 R09: 1ffffffff25ee2be [ 592.665348][ C0] R10: dffffc0000000000 R11: fffffbfff25ee2bf R12: ffffffff8196306e [ 592.673347][ C0] R13: ffff888020e01900 R14: 0000000000000006 R15: ffff8880b942d4c8 [ 592.681330][ C0] ? kcov_remote_start+0x9e/0x7e0 [ 592.686387][ C0] ? usb_unanchor_urb+0xa3/0xc0 [ 592.691275][ C0] ? usb_anchor_suspend_wakeups+0x3a/0x40 [ 592.697051][ C0] __usb_hcd_giveback_urb+0x405/0x6e0 [ 592.702459][ C0] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 592.708380][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 592.713610][ C0] dummy_timer+0x830/0x45d0 [ 592.718137][ C0] ? __pfx_lock_release+0x10/0x10 [ 592.723192][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 592.729558][ C0] ? __hrtimer_run_queues+0x477/0xd50 [ 592.734961][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 592.740188][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 592.745146][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 592.750172][ C0] __hrtimer_run_queues+0x59b/0xd50 [ 592.755454][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 592.761205][ C0] ? ktime_get_update_offsets_now+0x22d/0x250 [ 592.767296][ C0] hrtimer_interrupt+0x396/0x990 [ 592.772278][ C0] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 592.778287][ C0] sysvec_apic_timer_interrupt+0x52/0xc0 [ 592.783940][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 592.789938][ C0] RIP: 0010:ieee80211_get_bssid+0xea/0x1f0 [ 592.795775][ C0] Code: fc 00 00 00 bf 1c 00 00 00 89 ee e8 00 6f 9c f6 66 83 fd 1c 75 11 e8 55 6b 9c f6 eb 52 e8 4e 6b 9c f6 45 31 f6 eb 4c 48 89 df <48> c7 c6 20 39 85 8f e8 ba 70 9c f6 66 85 db 74 48 0f b7 c3 83 f8 [ 592.815414][ C0] RSP: 0018:ffffc900000077d0 EFLAGS: 00000297 [ 592.821504][ C0] RAX: 0000000000000002 RBX: 0000000000000000 RCX: dffffc0000000000 [ 592.829486][ C0] RDX: ffff888020d89e00 RSI: 0000000000000000 RDI: 0000000000000000 [ 592.837466][ C0] RBP: 0000000000000000 R08: ffffffff8af9bb60 R09: 1ffffffff1f583a5 [ 592.845450][ C0] R10: dffffc0000000000 R11: fffffbfff1f583a6 R12: 000000000000003e [ 592.853429][ C0] R13: dffffc0000000000 R14: ffff88807707b340 R15: 0000000000000001 [ 592.861416][ C0] ? ieee80211_get_bssid+0xd0/0x1f0 [ 592.866641][ C0] ieee80211_prepare_and_rx_handle+0x624/0x6360 [ 592.872920][ C0] ? __pfx_lock_release+0x10/0x10 [ 592.877963][ C0] ? __pfx_ieee80211_prepare_and_rx_handle+0x10/0x10 [ 592.884651][ C0] ? sta_info_get_bss+0x50/0x320 [ 592.889619][ C0] ? sta_info_get_bss+0x2c8/0x320 [ 592.894659][ C0] ? sta_info_get_bss+0x50/0x320 [ 592.899627][ C0] ? ieee80211_rx_for_interface+0x304/0x3d0 [ 592.905542][ C0] ieee80211_rx_list+0x2cde/0x3780 [ 592.910675][ C0] ? __lock_acquire+0x1346/0x1fd0 [ 592.915722][ C0] ? __pfx_ieee80211_rx_list+0x10/0x10 [ 592.921207][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 592.926244][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 592.932234][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 592.938579][ C0] ? ieee80211_rx_napi+0xd6/0x3c0 [ 592.943620][ C0] ieee80211_rx_napi+0x18a/0x3c0 [ 592.948574][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 592.954943][ C0] ? __pfx_ieee80211_rx_napi+0x10/0x10 [ 592.960427][ C0] ? skb_dequeue+0x113/0x150 [ 592.965031][ C0] ieee80211_handle_queued_frames+0xe7/0x1e0 [ 592.971031][ C0] tasklet_action_common+0x321/0x4d0 [ 592.976337][ C0] ? __pfx_tasklet_action_common+0x10/0x10 [ 592.982158][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 592.988501][ C0] ? workqueue_softirq_action+0xca/0x140 [ 592.994168][ C0] handle_softirqs+0x2c4/0x970 [ 592.998949][ C0] ? do_softirq+0x11b/0x1e0 [ 593.003463][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 593.008771][ C0] do_softirq+0x11b/0x1e0 [ 593.013142][ C0] [ 593.016116][ C0] [ 593.019055][ C0] ? __pfx_do_softirq+0x10/0x10 [ 593.023933][ C0] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 593.029584][ C0] ? rcu_is_watching+0x15/0xb0 [ 593.034364][ C0] __local_bh_enable_ip+0x1bb/0x200 [ 593.039571][ C0] ? ieee80211_xmit+0x30f/0x3f0 [ 593.044517][ C0] ? __ieee80211_tx_skb_tid_band+0x49e/0x610 [ 593.050511][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 593.056258][ C0] ? __ieee80211_tx_skb_tid_band+0x4e2/0x610 [ 593.062257][ C0] ? ieee80211_tx_skb_tid+0x30/0x420 [ 593.067554][ C0] ieee80211_tx_skb_tid+0x264/0x420 [ 593.072765][ C0] ? ieee80211_tx_skb_tid+0x30/0x420 [ 593.078070][ C0] ieee80211_mgmt_tx+0x1b46/0x2170 [ 593.083188][ C0] ? trace_kmalloc+0x1f/0xd0 [ 593.087798][ C0] ? ieee80211_mgmt_tx+0xa2e/0x2170 [ 593.093007][ C0] cfg80211_mlme_mgmt_tx+0x950/0x16a0 [ 593.098401][ C0] nl80211_tx_mgmt+0xb0d/0x1190 [ 593.103270][ C0] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 593.108571][ C0] ? __pfx_netdev_run_todo+0x10/0x10 [ 593.113894][ C0] genl_rcv_msg+0xb14/0xec0 [ 593.118405][ C0] ? mark_lock+0x9a/0x350 [ 593.122756][ C0] ? __pfx_genl_rcv_msg+0x10/0x10 [ 593.127814][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 593.132845][ C0] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 593.138232][ C0] ? __pfx_nl80211_tx_mgmt+0x10/0x10 [ 593.143545][ C0] ? __pfx_nl80211_post_doit+0x10/0x10 [ 593.149023][ C0] ? __pfx___might_resched+0x10/0x10 [ 593.154332][ C0] netlink_rcv_skb+0x1e3/0x430 [ 593.159142][ C0] ? __pfx_genl_rcv_msg+0x10/0x10 [ 593.164177][ C0] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 593.169490][ C0] ? __netlink_deliver_tap+0x77e/0x7c0 [ 593.174974][ C0] genl_rcv+0x28/0x40 [ 593.178969][ C0] netlink_unicast+0x7ea/0x980 [ 593.183756][ C0] ? __pfx_netlink_unicast+0x10/0x10 [ 593.189052][ C0] ? __virt_addr_valid+0x183/0x520 [ 593.194200][ C0] ? __check_object_size+0x49c/0x900 [ 593.199493][ C0] ? bpf_lsm_netlink_send+0x9/0x10 [ 593.204629][ C0] netlink_sendmsg+0x8db/0xcb0 [ 593.209426][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 593.214729][ C0] ? __import_iovec+0x536/0x820 [ 593.219591][ C0] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 593.224881][ C0] ? security_socket_sendmsg+0x87/0xb0 [ 593.230363][ C0] ? __pfx_netlink_sendmsg+0x10/0x10 [ 593.235662][ C0] __sock_sendmsg+0x221/0x270 [ 593.240348][ C0] ____sys_sendmsg+0x525/0x7d0 [ 593.245159][ C0] ? __pfx_____sys_sendmsg+0x10/0x10 [ 593.250476][ C0] __sys_sendmsg+0x2b0/0x3a0 [ 593.255090][ C0] ? __pfx___sys_sendmsg+0x10/0x10 [ 593.260255][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 593.266592][ C0] ? do_syscall_64+0x100/0x230 [ 593.271374][ C0] ? do_syscall_64+0xb6/0x230 [ 593.276069][ C0] do_syscall_64+0xf3/0x230 [ 593.280593][ C0] ? clear_bhb_loop+0x35/0x90 [ 593.285292][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 593.291200][ C0] RIP: 0033:0x7f6a8fd75bd9 [ 593.295624][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 593.315243][ C0] RSP: 002b:00007f6a90b79048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 593.323696][ C0] RAX: ffffffffffffffda RBX: 00007f6a8ff03f60 RCX: 00007f6a8fd75bd9 [ 593.331676][ C0] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000007 [ 593.339669][ C0] RBP: 00007f6a8fde4e60 R08: 0000000000000000 R09: 0000000000000000 [ 593.347665][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 593.355660][ C0] R13: 000000000000000b R14: 00007f6a8ff03f60 R15: 00007fff5b091568 [ 593.363673][ C0] [ 593.367044][ C0] Kernel Offset: disabled [ 593.371474][ C0] Rebooting in 86400 seconds..