last executing test programs: 8.967315685s ago: executing program 0 (id=1741): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8080}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo\x00') getdents64(r3, &(0x7f0000002f40)=""/4098, 0x1002) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x101ff, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000004c0), 0xc, 0x0}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) fsopen(&(0x7f00000000c0)='hugetlbfs\x00', 0x1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000180)={'ip6gre0\x00', 0x0, 0x4, 0x98, 0xa, 0x2, 0x20, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7, 0x7849, 0x6, 0x5}}) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={&(0x7f0000000080), 0xc, &(0x7f0000000240)={&(0x7f0000000640)=@delqdisc={0x278, 0x25, 0x8, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xfff2, 0x3}, {0x0, 0xffe0}, {0x3, 0xb}}, [@TCA_RATE={0x6, 0x5, {0x8, 0x37}}, @TCA_STAB={0x1c8, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xd5, 0x94, 0xe2, 0xaf9, 0x0, 0x8, 0x2, 0x7}}, {0x12, 0x2, [0x1, 0x3, 0xd7, 0xf, 0x2, 0x81, 0xcb]}}, {{0x1c, 0x1, {0x2, 0x9, 0x2, 0x400, 0x0, 0x7, 0x7, 0x6}}, {0x10, 0x2, [0xd8, 0xff4c, 0x4, 0xfffd, 0x2, 0x9]}}, {{0x1c, 0x1, {0x7, 0x6, 0x1, 0x6, 0x0, 0x1, 0xd99, 0x1}}, {0x6, 0x2, [0x8]}}, {{0x1c, 0x1, {0xf, 0x6, 0x5, 0x2, 0x1, 0x9, 0x2c, 0x9}}, {0x16, 0x2, [0x9, 0x119e, 0x9c, 0x1, 0x7, 0x5, 0x2, 0x1, 0x94fa]}}, {{0x1c, 0x1, {0x1, 0x9, 0x7f, 0x9, 0x2, 0x42f, 0x5, 0xa}}, {0x18, 0x2, [0x2, 0x7f, 0x9, 0x4, 0x40, 0xfffe, 0x0, 0x1, 0x3, 0x1]}}, {{0x1c, 0x1, {0x5, 0xff, 0x7, 0x400, 0x1, 0xfff, 0x7, 0x6}}, {0x10, 0x2, [0xf8a3, 0x8001, 0x9, 0xfbd3, 0x8, 0x3ff]}}, {{0x1c, 0x1, {0x5, 0xff, 0x4, 0xfffffff9, 0x1, 0x4, 0x3ff, 0x6}}, {0x10, 0x2, [0x7, 0x2, 0xfc63, 0x8, 0x9, 0x0]}}, {{0x1c, 0x1, {0x5, 0xf4, 0x2, 0xfffffffd, 0x2, 0x4, 0x6, 0x3}}, {0xa, 0x2, [0x5a6f, 0x3, 0x30]}}, {{0x1c, 0x1, {0x1, 0x81, 0x1a5, 0x2, 0x0, 0x3, 0xa, 0x9}}, {0x16, 0x2, [0x1, 0xe7, 0x80, 0x0, 0x1, 0x63d, 0x6, 0x4, 0x0]}}, {{0x1c, 0x1, {0x80, 0x10, 0x6, 0xb, 0x0, 0x1, 0x0, 0x4}}, {0xc, 0x2, [0x1, 0x100, 0x8, 0x0]}}]}, @qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x0, 0xdb}}}, @TCA_EGRESS_BLOCK={0x8}, @qdisc_kind_options=@q_cake={{0x9}, {0x3c, 0x2, [@TCA_CAKE_ATM={0x8, 0x4, 0x1}, @TCA_CAKE_MEMORY={0x8, 0xa, 0x56}, @TCA_CAKE_INGRESS={0x8, 0xf, 0x1}, @TCA_CAKE_FWMARK={0x8, 0x12, 0x3}, @TCA_CAKE_SPLIT_GSO={0x8, 0x11, 0x1}, @TCA_CAKE_RAW={0x8, 0xc, 0x1}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x4}]}}, @qdisc_kind_options=@q_pfifo={{0xa}, {0x8}}, @TCA_EGRESS_BLOCK={0x8}]}, 0x278}, 0x1, 0x0, 0x0, 0x40080c6}, 0x8) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r6 = socket(0x840000000002, 0x3, 0x104) connect$inet(r6, &(0x7f0000000900)={0x2, 0x0, @empty}, 0x10) sendmmsg$inet(r6, &(0x7f0000005240), 0x264e33, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaa97aaaaffffffff29ff86dd600a843500140600fe0000000000000000bbfe8000000000000000000000000000aa00"/58, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) syz_emit_ethernet(0xae, &(0x7f0000000000)=ANY=[@ANYRES64=r6], 0x0) 8.597092183s ago: executing program 0 (id=1744): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x350, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x334, 0x33, @beacon={{{}, {}, @device_b, @device_b}, 0x0, @random, 0x0, @void, @val, @val={0x3, 0x1}, @void, @void, @val={0x5, 0x8c, {0x0, 0x0, 0x0, "9af6da3eccb31dfdb01e6e7177c98c64430a038b1a5dfa035ea7a9381b60d5573f7a471f2255656c6fda4f9fe2a1cefb7e307f95a05deb88da8d6767435855a59a04759977ef1cf00cf302f452d67e80c72e836d0cfcfd95ca366d0e284f1c03058e40a2283bb06b723df5c6eef98646cae544fd4eebdf5effc6f1ba5debee4b327b12000000000000"}}, @void, @void, @val={0x3c, 0x4}, @void, @void, @void, @val={0x76, 0x6}, [{0xdd, 0xb7, "31851c27f0515dccb7554d54162c7b9db37edff2415d5589b53027d4db2f9527a9858f2910b19c7737136d933c4cb8b186a2cb77d33dc186120309d0107aae1822ca939dc88880a147e71f89f5936e8d68041d7e8bcc0f1b2831ed25db982a9cd8fcd5160c5cdc0cbe25dce28dc9925779fc4799284de17406d9ac3b5e35515e37ca5568297e0d3e19d80a5d5addb3184fec9543e41f70eb1bcd9a87da2f4b39e15dca2e549f43749edc5d2150d9349f08894e39ac26f6"}, {0xdd, 0xba, "1cb11f4c9767b25df19d1cb86cc9f4059996ff0021375555251d74cf6f777d24ac2b13bbd9b9d6f27b608e3a58d27ba7b7e16a8e13f0d8f288fa3e9a5e6c9ba0bd7028c0866f7cec56d3e0ae5cb3c8963c4d6e991fbd1547b046152bed86b40dc529d6663ed96a2f54759ca9fd4841407c6fb63f588fed1344890b04c3914826eaa5b022f53aa9fb6bffaa0370be496fc201cd5b33db589eb87730dee906175a89a626342c521f0b18b5cb5ed9de356bf155e503ca39d841b335"}, {0xdd, 0x25, "523a4aa23e4123ca5c555c2b2bf412911511b4b39a758f6e3a496d64414c19f01ba62cf366"}, {0xdd, 0x12, "0941a0e096d40b7d3b60bec79aa8aaa3f566"}, {0xdd, 0x3f, "7b1f666daa2c5732ac642cd918aea5ee68d9287e589b7d5326dd3b2bfb9e3d1679ee7c57f9ddfe7cc6179e25076e5fbf36bd5882a567a92f5c2ba4e5d1fe2e"}, {0xdd, 0xb, "0da71e815422994325dfec"}, {0xdd, 0x63, "30d8ac98fdedffdf2ad390d8c532101bdebf905f4f96a12b5400578c02f802cac6cedd077c38a52b4fb790de3ab2c28eed8f45baef37217a654a07159fd6efe9fc5a4effdb0327c0802a3a873e92979e62ab34d31a748ae171a86d656075c5a8c88eab"}, {0xdd, 0x6, "4f3fef835ea8"}]}}]}, 0x350}}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd, 0x0, 0x20000000, 0x8020, 0x0, 0x0, {0x2}}) r4 = memfd_secret(0x0) syz_io_uring_submit(0x0, 0x0, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x0) r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r6 = fcntl$dupfd(r5, 0x0, r4) ioctl$SCSI_IOCTL_GET_PCI(r6, 0x5393, &(0x7f0000000000)) socket$caif_stream(0x25, 0x1, 0x1000004) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r7, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$tipc(0x1e, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) socket$inet6(0xa, 0x800, 0xfffffffb) socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r9, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$kcm(r7, &(0x7f0000000480)={&(0x7f00000002c0)=@pppoe={0x18, 0x0, {0x0, @random="22b7a92a69ce", 'wg0\x00'}}, 0x80, &(0x7f00000003c0), 0x0, &(0x7f0000001a40)=ANY=[@ANYBLOB="d0000000000000002001000007000000da6549b5de4971c1f4fcd2eb9cfa3ab52ed1fe6329fae4aee911455e449dfe20283d77238a75bd5f5fa840a61faf9f587c8bf90909ba75f22fa94c41ee0937f04429acb0271f97dbc683bf53728efd13778054968914b2a91435c00968d0709c41837fda9051f9b722896149001f2e9319a66e02c2ffc085feab48c680fc6a474512921290f0b1380d05a8e4db4403a58ee96e48299753393cb275934d125e7ec01f48193c9f81f436175393032e948e8f47689588a3e0ad57d1c00000000000c80000000000000013010000550000000852263366650c27d7398280597612a9757c20543f7671e0d77a5f462bf9bfbafdd5ffb1beccf5484a9faf66897e69a711ab7ffcc43ec6372a0887ad07291b5b28c83dade4f8761f7bdd264d34a25008b4cec43276b0f67dc917f01ca578064d3587e4b11253c546a0e05b4635a36ad5d0266f588c29080c9dec8ccdb7c03f91837433fcee2458e3496b701f82a15674ab801397bafff2ee80fca2390089421e11323f4da1aba46b85f0efff4ecf2819f9af1fec00000000101000000000000011010000010400001f1da4def05bbd84c17294e9efb4c86533a7c8c46bad0b5621596d2c1bb6badb05294ee938f6e451df0837a61d8c19c62e5edfc65f91e7d6cdfa39f7c7315bb1c18154b954c81735ef30a5b8ef9148f750655045725807e399f52d8924d98334611ea68a234a65b8e673bf5165cc8e0e406695cb069ce6c6e0439b7e87d2e7278707b4b9022dc0098e7a7aab2ad2b3a2dcca3a11d558f23adb4cb3597f06ea063b99775d2dac52793ad2ba095bb7bc48fe4d371541f3abc8b062c627664efce675a64050a901538567b28b00426699f678a08d4052b1df334892204f68f3634b717d6bb092f4b420c07e5fcc33e5372c2f569083eaa0cbcca8fc147a750b2f88c239553f9c2aeb033702ce04790648bdc66c5e93e8284c01ae6d23bc09878f8ee9f3fb3a5368c182d676f0f641ce60cf10c533b6b9a99325d55ee2c7f717433b508fa7dfe58d25017d3bfdfbf687b65a5c0947d4b5bf0f5c48814236a8a1ca56fdf94a2c8a76fe95cc073d56207712c0e6d6b1f49d81c826d82e8dfcf0e6c0c42593fa98fa9a2a760d48d824214abdccd2403f9668803ff848d1ed0574eced50a725fde50887bbf502fea076e27fca745ecd0cd091b060835ceeb6d49f8c29f49918e6031b72b91efefef6e1363cf66760c950a5cff50d92f4a2048e70387d8eef60932a5ec1c1bfb64e7138c8d05b106fe055f1b9fb171a35b0e26088727d37b19b054439326db41407a3d6b0e66cad04434a1ddfe0ffae3192e269a43688f0c4cf85c5b897cc32fa694cb7410b956c1f8ca55d60fc3b0ffc8ab5394557417f79aff18084ec71024f12d4625e141816c45e319720303cea707c32726b3a2ec578fa8e5285a4d67701e838307343d0cfdc6b32eb7106fefec5beb5d996cd20ef3934590ddb5317e934c0eaea82d2a82e0fd5ab880aadef230559592ae270f871463f9f557c1a41c04d0225b61caadb1df55f148e2e00d821464871f97ec518c0a1e8f1e553c6117e2ae611003958739db3eb7eb2912ab220b3c90593c8fc1c3903de51228df77d1547ada4324f79c6f8099a8a65dd009d8cf9c724c92b02aca8c3c85f5cdbc036b19193de8fb302ac4ff2bbf6bc018231bbec294996827996ce742ca9981ac656a5ef813be4bc299e3b7bc512eb5eae106cc03abbfe977454288d6ef598c1ab6db87aad1daaee6618bfde45e3d6b8b01bc893d3fd742d2bbd142a3fd33cc6a8f27540af185c5d6f7130937d73949b426b43d694d1617d75f23ef29874b97a00f0f1f900121e9b18a496e03075276dab63dd1deb7a937ea8a70710d7ccc2cb46fe7fcae43ee74fe3ee346e4236270cd7764a0822b7e4c579f35d602c08b65985fdd16b72d3e7f7139120fef80869f714ace8301e8492c95f30a12bb0dc6473564f451a4bc4a0be3e0a641227ffb9a2ccf0c5e635b2191e3cc96e1d068093ed99f6a08b9a3e0649f6760b75d098f10c3c43929f47687d1cdcf64668d8be122ebaa02fb9e20b7fd279e1f698c4d1798d28584a48f410ab1c3ab78d9b0eef70ad206ec6bb327383cff285c409e35faf94d9c6a3695d0da61c6c9dc95ae48a1d09256430d036aaae5a9ad8c157745cb31dc55724072318bd93e65f360018432c2c677565ad224c126d13e211ca98f6d4b6b50fec7caf3a5776dd971d46d1b0f913dfaeb3eff14dd8a896be6c65416eecf308316efcfc57aa217da9662efd94bbcce34e783340532b289649cfc8921779bd5783c390214c69b41703cb555706e4bc0ffee1a81b090665718d4076d638e6126279559e7476a611b6af51a4b17d7cd3e48d3dc70cebcfc4f95abfce3294af93c5ba3ce8fc94bccb62b618f367b5ecb71dba6d79b147a1d58f7aaa31e68b503ce0db54f9be75d37ceeb2e4d4e9e65f700a3ea0f8ed265f24e332c0282674cd714aad678ddffc9f867b9a488d693f3b70cb8a573647ecc1a8c9bc908551a08b9f3ae0505919cc2c27f1684ced010c7779736b47a64207d5e63122dbfc1304a2db3cd435a06921e386c13b7080c031b880236e8a99995928bd8e9c766329a768aa2fa74186ed667b0365aae9ab397e3495e67d711d1559b51993ae3ce3a2912ffe3727250d04a2d0a11ad43c683d4c927aad487cc4a240e78259aee3fbca7e739020ec1bcd22ae87ae0c789e174399042c10e2443add5bc589ffea1e94dbd98a534a2f95607ff0b149b757baebd6e8ee34919726afbbe38bcf5d83b511fcd1ac016405eb8cfd4410010530a55b0e4bffa78c26f5a0bd5f34128752c40cd4a3892c60d024d5ab06449cee5250c6a8ba626667ea3802cbe54595fd871019265a4c77b35d2a9f9ec4089d9f0f24694364cf46406a9a3365989fa608e70111bf7a9a9fd2beb33bb6ee240f9ebfbeeaec83b1c249038f6713ecf0d50b864554e070c59146c6d7e7a73f76955b57f75aed46b18e0f5f7777309bc115dc27025d08ec9cfaec0a859536d2ec9b79c9af5527cebe97749dd44759170fe4832c9fd45e1203478a9ac42cfefab6c41977f4b4abc491533ed3dc0d1bfa571d6c79dddf86308c0d5d7ede4191887c433265181c2896a56ea2c362d6b4ab184792861e4d0350a645b7552747fb2598a3d228d80c17e18ebbff45ae069603a9818f46a77b94f45e6221e2c56a166370eac2d8f7768a51776eb99e9831c17bcb3ef6ad20835b574e2721a4d3349687b1a84b157a77ce1312693221d7dbe6409a97174a410bf494a1b021946359a939158d58edbcebf71feba4dd72b6a061161307425ee7e55eb9f5fc6fb1906e63b2736b705413ae941be0901b9efd1fd469e83f51ecdd49fb79e6eb6f60b891445dc3b27e2915036a7f650f6533b0c89c0bb81dbe54c5c25ac9a9fb6ba93d3e683d9dd01ff4ac6005169226b614345e8527b8446190da1e5c146ec0fb7f59c97396fdbdc85625175ebac6728bcf9cf39a46a20ff26f49bbad5895dc96c7d06778844c331cceef5d9a95cb538d3419ca87e3a7f251b623a28b8b71aea81a12d0b51db1b6fa2d5deb1498216e44661ca2c5dced6fd5e16dd25015a4c19d4eff182172c48295b199f76c498bdfbf47548f1822570e2b002776487b14766f1eaed41ff7419fc8bda54f56f43b2ed7163521b8dd4b9ce01df9918f814b4b75024861a7a6b3015993258f9fc1205de7a8b35c54a94770f2806d3909e09394ee453d9ce4dc06874f765520aecbbf265609931e29e303cb9a803ad47d041f38ce186f67b6c01b56dc7c3eb1460b8bf3fefa11502b5813a95765488cd0cba8d9ed8efcdc9efcbc149c59ebc8650da27d2073f78a6535acdae4cab42d03fab5b27d1065d2c586e21bd9a1c570896cef0a796a0f2a7e8768d05fbca34e6f9ddd55ed526017c43da8c169466bcf671cdeaf8284272ecb0c3b1e30d80de31ca1a57fed22a7ad2b42201fd4eefd9569f5834684ff24b3c33aba5709b5ff9c48128f4235e78e4fb4b1c52a37030d3e57d63613bc1d2444d8c979d1e570383944b4565d109c814b8428c80e75d79484e206ef04ea0d3309dc72e5a9af7a1681e6ede94102badd4ae3065293866df73c4c1c4ac6b6c62124dc7e731ed190814ab54f7ce0bbb9623d573f715cb8576b31f368a9fdab84b9d17ecac85eb5c3629d6b3b07fba48e6975039ec483fe6a14dda8b15cc377eaadd045873b0d0079a3e6424bf911ded9043ce728e82b03face1ead690a1ae62ed901de7ea4a0709f641f3933675bb3b7a877671c5888c40c1ca86501c4936922b1e63e7d820a514465c7e3d6ddda2fdc4e9bc5c9ca047455ef6b9ee214304e891641f3ce51128f1ea9abeeffd2190e55679c38106ed625f8129a3213651d764eb116335ba317e05aa698c9c985df2dcfeeda628a7f73ff435b4dd265239ac32c3f462872979df0e2aae49987c78c53e926557ca1f47b5b487182cb72cda8885649f56c3b157d94ade440b76193b9e4649a411b1e1e3cdb77e0d83ef17e53f7f0da1b1aa3dc517ab2e9fbb33fb41e00f3e6607731cb22f1db53015e8c98eea458eabe1f4b0fb7036ca41dbd3c454b09b58692ad4c0e8b84559951b20172501a71f72e20ebf483ac3dce4c23cda1d833569590c2fad5811daf51aa2bc5276555c507d3d07ac6afee0d98ed740ddbb12266fe50e2fb911e633d0ccad58554fe4d2666b3d071a3afcf2883f36653959141b35cdbc8d5ea2bb4548f3318de094c841d7fe524a0e0cd93c84682380f685370d7667654db1c0c5e4b290db5a878076355fdbae79ea8af4b0d2778ef77e410bd6ada6a8848916c8bed7813d91dce4c8c789cea9036f8fd315be5b9945ab4029017a5fea732654c80a2ec3c17ee744fd709a8730a95f004ac14b0248d944e8eef783c5f43e3b151290e36cb01a3449e2c34fdc2d25ddb7a9c085d39ef48cd9ba981a3cec471df9625fba8f1390702fb112bd96310216ae01c059f4fa12ee22e097dae4e6d9147acdb176fc2b5cdcb4c5cec27145a8a588a447f4cbce633c1cbf4bf3b0b7295fec41a02ea419ed1d1529ccf3743d71e09929707244e15cf9632d752634edbb89da6a99d47305c706e7cbf1ab53b596c765aca1874c8677f39bd032d95e7027c29a5dab071ab83fca3d27521bda4f4d6e56e51c3130ce39382a8e4b1f0c283b1a21d053b79c55a03a8339ad3accd38da5b218b35996612ac37dca1f315d4fafe0d1ef644f517ccfa772b50422dd8594a4a46a6273ab5059dcda21fc6e40bfd8a09ef470862828ab12f11bb2ebf65d1db81a234d3f3cf53c830988752897a63c6d937c30e8a28acbcf056f1f3761009d9ef7343093c5f52cdc1e75fac6cf5812e5d4658fcdede401f82d91ee498c9f24ae3c15fc412220269ebcb40424d9f4526ad4a669780ab497e216524df7d5b56814d0231be1fa77de41cda072262e48fe6a98de73159d650881fb1a3ce818339d03c49e377e96afefe48a2d255aa77352fed93091bc39f8e8ee58f820b016661c82c18b3739de6b85eaec5387372a0a085f449ab5d8de9923791d0cf4a65c13426607146882edf19ef95eae7f7af74a3220510761a68b1451bf8bcfa21d93975dbcba0e73cc62d27354de702b7b982b47657a892d034f05d7ea431f81c80cba9a63a55fc6e8052fa6fc1ec7c959948ad63480c8face6cded2115bd10233d19b05cc40a92a8c81f8260bf816d96f11d426f256f162f45534dc71c98f1081f778a72330a5b08216c728eae71525b43dcaca49b0cd0969014c6460818ff3e051ffc21a14a52c3d170f31619cbe6c7ad42cc351772fddab059af80e02d06e0867205fac7c5938780fa0532b6292f521dee15817c1761523a9e38c94ba48ff96905028db9321256d8a9d24f5ad94ebe1674fb608d461a9db43cb78ab14a956fb749bea9188c50cfaca3b9296968223298417ad2cd090f8db98b4f886b55049d3209e11a7dd029eae2d0317ed9fbe98f08dbb69f81a65059e8492aca07c309c05bad5899e5a86ca5dd1883e02689e3e8df037c4bc33f907534db55a3a35cc02963d1220984d3422913f97924feb7b025f83717be7abb4e87c0951afa8c10c39b6f4b688db5cc9750e54bf01b693b5fd5131c0293617a12be8bac1da1a069a011c015b82d46cfdfc465e3ddf7de8f6b89b969e6d5586458ddeb7d2de46d0bbe5dd7b71bbba95b7c39390226706840da72d608a163411fc27265c01a870cd50ec81c0f38f843dcdb74753c0823948ce7dc98af2bafd820ca93012128f4b47eb9cc196df64962be053a453221d464b96cf75446306836ffbda9a6fd2cd9db0d37a3c800000000000000180100000800000089972a3daaaf146738cfad86ebec8a715e160d5c06ebf56aa3e3b73419ee3fa1a8d88f40367b60fc334de39106fa8f6f4f15b0f5d348aa142addbd09c8be544dcaea8d8a536f9e07f4281afaedaada581571e0f8d88a5f6d13e35e61f814b5e7ca68e28fc77c1e24c1c036479ccb4143c9954c6258dfa1bdc23ce85de99310861bdf8e1dfe395a6e78003ad67cc6915305f2b4eeb3a8a369c5abe0ea0d20fd6edeec65dba2af7b1a26412bbf8bc18d87ca43095a48f9ea0060000000000000000701000001000000c8f95e3151a4c8b4d40413726c883b83103c94cbecfc95d1ccf92ae39c03f53842c09a46660ee6a30dbb5f98b694f5b301026b9af36a5941f72eca873ea4ab2fe2020a5f5492cb538ece7d02bc973000d80000000000000006000000df400000965cc0b8ef5c1a1d60f1ca312ad1d1ce2af72b5a2225b0eec51fa54bd93360b39d4898b97ed3286c8a24e6f7e7cc978149a4d5363f922885797f2171f843e4d07a0bd7ee6dca87e065160c948aafbae05edfb1d12beb50232976bea769a2ed79e4c523f01e2f4b38e31e09867c79d31d6e662abe3b4f46620b7d78fdd37cff90bf0a7703a96514ace0bb283f662e72cdb517696bfc287711fae3a8db0ec210710d7ea2347f68305c16ecf4db4f805cb490fb7af0329970f2675df6faa4e4d7d850653261000000002411c7c4fc81ff6ada345b218e82fdf17c9977cd732c77fdd216e26fc75d2bcb5945a02644fbc21d4c5c8e6f3eb31c42e4bbb91c8deb02dd027bf157a9f80b9ebe3461bad7ba6ed1bb5ca448486a7be9300cb005632f3630"], 0x13a8}, 0xf376f9a8029ab7b6) sendmsg$NL80211_CMD_START_AP(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x8c, r9, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3c}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x10}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}], @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x8c}}, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) socket$packet(0x11, 0x2, 0x300) socket$nl_generic(0x10, 0x3, 0x10) 7.413188487s ago: executing program 0 (id=1753): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000200)={'wlan0\x00'}) socket$can_raw(0x1d, 0x3, 0x1) socket$unix(0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x2, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r1, &(0x7f0000000180)=[{&(0x7f0000001a80)=""/102400, 0x19000}, {0x0}], 0x2, 0x0, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000020303000000000000000000000000000800050f86d87fd9b66a010001000080"], 0x1c}}, 0x0) sendmsg$NFQNL_MSG_VERDICT(r3, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f00000014c0)={0x20, 0x1, 0x3, 0x101, 0x0, 0x0, {}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffc}}]}, 0x20}}, 0x0) r4 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000700)=@newlink={0x44, 0x10, 0x401, 0x4, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_ALL_SLAVES_ACTIVE={0x5}, @IFLA_BOND_ARP_INTERVAL={0x8, 0x7, 0x3}]}}}]}, 0x44}}, 0x0) bind$can_raw(0xffffffffffffffff, 0x0, 0x0) r6 = syz_open_dev$video(&(0x7f0000000000), 0x100000001, 0x0) ioctl$VIDIOC_SUBDEV_G_FMT(r6, 0xc0585604, &(0x7f0000000040)={0x0, 0x0, {0x7f, 0x3, 0x1012, 0x9, 0x6, 0x2, 0x1, 0x4}}) ioctl$VIDIOC_G_SLICED_VBI_CAP(r6, 0xc0745645, &(0x7f00000000c0)={0x1, [0xffff, 0x5, 0x0, 0x7, 0x7fff, 0x400, 0x2, 0x0, 0x8, 0x1000, 0x1, 0x32b, 0x4, 0x3, 0x8, 0x44a, 0x8, 0xf9e, 0x77c5, 0x1, 0x9, 0x86, 0x3, 0x9, 0xffff, 0x9, 0x2, 0x1, 0x1, 0x55c, 0x200, 0x8, 0x4, 0x7, 0x8, 0x5, 0x0, 0x9, 0xfff9, 0x4, 0x1, 0x9, 0x7, 0x9, 0x5, 0x1, 0x76d, 0x4], 0x8}) ioctl$VIDIOC_ENUM_FMT(r6, 0xc0405602, &(0x7f0000000140)={0x8000, 0x1, 0x0, "1774d2a45f2b661f8efe34fff774d44b0ba98c7b153a056b0501278b440b3567", 0x34324d59}) ioctl$VIDIOC_QUERYBUF_DMABUF(r6, 0xc0585609, &(0x7f00000001c0)={0x831, 0xb, 0x4, 0x2, 0x9, {0x0, 0xea60}, {0x5, 0x1, 0x8, 0x81, 0x7f, 0x0, 'z.`z'}, 0x9, 0x4, {0xffffffffffffffff}, 0x675c}) ioctl$VIDIOC_S_CROP(r6, 0x4014563c, &(0x7f0000000240)={0x8, {0x4, 0x2, 0x1, 0x6}}) r8 = memfd_secret(0x80000) epoll_ctl$EPOLL_CTL_MOD(r8, 0x3, r7, &(0x7f0000000280)) ioctl$VIDIOC_SUBDEV_G_SELECTION(r8, 0xc040563d, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x6, {0x159, 0xfffffffa}}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) io_uring_register$IORING_REGISTER_FILES_UPDATE(r8, 0x6, &(0x7f0000000380)={0x8, 0x0, &(0x7f0000000340)=[r9, r7]}, 0x2) 7.255206118s ago: executing program 4 (id=1754): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8080}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo\x00') getdents64(r3, &(0x7f0000002f40)=""/4098, 0x1002) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x101ff, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000004c0), 0xc, 0x0}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) fsopen(&(0x7f00000000c0)='hugetlbfs\x00', 0x1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000180)={'ip6gre0\x00', 0x0, 0x4, 0x98, 0xa, 0x2, 0x20, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7, 0x7849, 0x6, 0x5}}) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={&(0x7f0000000080), 0xc, &(0x7f0000000240)={&(0x7f0000000640)=@delqdisc={0x230, 0x25, 0x8, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xfff2, 0x3}, {0x0, 0xffe0}, {0x3, 0xb}}, [@TCA_RATE={0x6, 0x5, {0x8, 0x37}}, @TCA_STAB={0x1c8, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xd5, 0x94, 0xe2, 0xaf9, 0x0, 0x8, 0x2, 0x7}}, {0x12, 0x2, [0x1, 0x3, 0xd7, 0xf, 0x2, 0x81, 0xcb]}}, {{0x1c, 0x1, {0x2, 0x9, 0x2, 0x400, 0x0, 0x7, 0x7, 0x6}}, {0x10, 0x2, [0xd8, 0xff4c, 0x4, 0xfffd, 0x2, 0x9]}}, {{0x1c, 0x1, {0x7, 0x6, 0x1, 0x6, 0x0, 0x1, 0xd99, 0x1}}, {0x6, 0x2, [0x8]}}, {{0x1c, 0x1, {0xf, 0x6, 0x5, 0x2, 0x1, 0x9, 0x2c, 0x9}}, {0x16, 0x2, [0x9, 0x119e, 0x9c, 0x1, 0x7, 0x5, 0x2, 0x1, 0x94fa]}}, {{0x1c, 0x1, {0x1, 0x9, 0x7f, 0x9, 0x2, 0x42f, 0x5, 0xa}}, {0x18, 0x2, [0x2, 0x7f, 0x9, 0x4, 0x40, 0xfffe, 0x0, 0x1, 0x3, 0x1]}}, {{0x1c, 0x1, {0x5, 0xff, 0x7, 0x400, 0x1, 0xfff, 0x7, 0x6}}, {0x10, 0x2, [0xf8a3, 0x8001, 0x9, 0xfbd3, 0x8, 0x3ff]}}, {{0x1c, 0x1, {0x5, 0xff, 0x4, 0xfffffff9, 0x1, 0x4, 0x3ff, 0x6}}, {0x10, 0x2, [0x7, 0x2, 0xfc63, 0x8, 0x9, 0x0]}}, {{0x1c, 0x1, {0x5, 0xf4, 0x2, 0xfffffffd, 0x2, 0x4, 0x6, 0x3}}, {0xa, 0x2, [0x5a6f, 0x3, 0x30]}}, {{0x1c, 0x1, {0x1, 0x81, 0x1a5, 0x2, 0x0, 0x3, 0xa, 0x9}}, {0x16, 0x2, [0x1, 0xe7, 0x80, 0x0, 0x1, 0x63d, 0x6, 0x4, 0x0]}}, {{0x1c, 0x1, {0x80, 0x10, 0x6, 0xb, 0x0, 0x1, 0x0, 0x4}}, {0xc, 0x2, [0x1, 0x100, 0x8, 0x0]}}]}, @qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x0, 0xdb}}}, @TCA_EGRESS_BLOCK={0x8}, @qdisc_kind_options=@q_pfifo={{0xa}, {0x8, 0x2, 0x2}}, @TCA_EGRESS_BLOCK={0x8}]}, 0x230}, 0x1, 0x0, 0x0, 0x40080c6}, 0x8) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r6 = socket(0x840000000002, 0x3, 0x104) connect$inet(r6, &(0x7f0000000900)={0x2, 0x0, @empty}, 0x10) sendmmsg$inet(r6, &(0x7f0000005240), 0x264e33, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaa97aaaaffffffff29ff86dd600a843500140600fe0000000000000000bbfe8000000000000000000000000000aa00"/58, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) syz_emit_ethernet(0xae, &(0x7f0000000000)=ANY=[@ANYRES64=r6], 0x0) 6.937162655s ago: executing program 0 (id=1756): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r3, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000040)="0f017715b9800000c00f3235000100000f300f01cb0f01c9b8010000000f01c10f090fc7ab008000000f20e035400000000f22e00f01cf0f01c3", 0x3a}], 0x1, 0x0, 0x0, 0x0) preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000001280)=""/127, 0x7f}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x5) ioctl$sock_inet_SIOCGARP(0xffffffffffffffff, 0x8954, &(0x7f00000001c0)={{0x2, 0x0, @broadcast}, {0x0, @local}, 0x0, {0x2, 0xfffc, @broadcast}, 'ip6gretap0\x00'}) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000080)=0x677c, 0x4) bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r5, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$sock_int(r5, 0x1, 0x1d, &(0x7f0000000000)=0x7c, 0x4) recvmmsg(r5, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000100)={{0x0, 0x6, 0x0, 0x40}, 'syz0\x00', 0x26}) ioctl$UI_DEV_CREATE(r0, 0x5501) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0) preadv(r6, &(0x7f0000002480)=[{&(0x7f0000000280)=""/4096, 0x1000}], 0x1, 0x0, 0x0) landlock_create_ruleset(&(0x7f00000002c0)={0x0, 0x1}, 0x10, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901) move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 6.903726717s ago: executing program 4 (id=1757): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1d, 0x4, 0x8, 0x8}, 0x48) rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) r1 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8) mkdir(&(0x7f0000000280)='./control\x00', 0x0) wait4(0xffffffffffffffff, 0x0, 0x1000000, &(0x7f0000000300)) close(r1) r2 = inotify_init1(0x0) fcntl$setstatus(r2, 0x4, 0x2c00) r3 = gettid() openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x541a, 0x0) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100), 0x10, &(0x7f0000000240)={&(0x7f00000001c0)={0x1, 0x0, 0x0, {0x0, 0xea60}, {0x0, 0x2710}, {}, 0x2}, 0x48}}, 0x0) rt_sigprocmask(0x0, 0x0, 0x0, 0x0) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0x8604}, 0x10) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@mpls_getroute={0x1c, 0x1a, 0x0, 0x0, 0x0, {0x1c, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}}, 0x1c}}, 0x0) inotify_add_watch(r2, &(0x7f0000000040)='./control\x00', 0xa0000000) rmdir(&(0x7f0000000080)='./control\x00') socketpair(0x1e, 0x801, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f0000000840)=[{{&(0x7f0000000000)=@file={0xe8e6005ca50009c5, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x1}}, {{&(0x7f00000006c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x2a}}], 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x10) r6 = syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x0, 0x11100}, &(0x7f0000000000), &(0x7f0000000040)) io_uring_enter(r6, 0x2def, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYRES8=r0, @ANYBLOB="9f3078c68158a7e7f4a5127edd2999c400af7bb537c2775d2a4d34195a41f3ed87a0debf3c3348526e2e01958a198db10aa0d758744dc24c711ad701353514ad15fe08a44f2ea4d25765990a8051f89ec7a1f206875824ee97a4b63e", @ANYRES8, @ANYRES32=r6, @ANYRES16=r3, @ANYRES32, @ANYRES16=r0], 0x0}, 0x90) syz_usb_connect(0x0, 0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="130100009b23fd406d04c1088dee000000410902240001fa0000000904000000ff01000007240100002e000b24"], 0x0) 6.362477668s ago: executing program 0 (id=1762): openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r2 = dup(r0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@multicast, @random="cabf9c84344f", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x8000000, @local}, {0x0, 0x17c1, 0x8}}}}}, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000100)={0x84, @broadcast, 0x0, 0x0, 'rr\x00', 0x1, 0x0, 0x4}, 0x2c) r7 = socket$inet_sctp(0x2, 0x5, 0x84) r8 = socket(0x10, 0x3, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000540)) ioctl$FIONCLEX(0xffffffffffffffff, 0x5450) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001540)=ANY=[@ANYBLOB="150000001a0001100000000000000000000000000084e8cff8380010"], 0x1c}}, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000009200)=[@in={0x2, 0x12c, @remote}], 0x10) ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, &(0x7f0000000700)={"ce85bf2fb3cd8f0e18f44494adfd754252f57b44e3463dfcb57b5aa2b43cd438723b695eec6b4426ea40a206b9cdbc407406838fcc7114ee6e137328f81af34923eb4829d751fe67819c96419effe8f53ecc9abb1c638d0daf743cf4f42698c10d497e714371c2c78b293c2e33df72ca75c4f998b90a473868c98f53ed8f448286b859d15f97b4b6802e87f2170db785ac72fbc40e3ca4684e282864a612c553ebd1ca1948bfea0769e283fa6ed8e2216714062bcf9059e36c3697dd9aee5af04c32980b53ea45e5cf150d3442ba0e58aacdfdeb14d6a20bed8351e1f2b17abdb988f50fbf4074f815d68745a04f2e7ac4212ab17a2872ad028e133aa42778e459ab306a7b6b1cef1f7facf93ddfc3f93908f1b21a13217f02d020f45649159822d69c818682368f0e59316563717a71fcf3c65c496d766a7d7fa6840377e9e93d46f322c1d36fd5275d97da2d9f5eeaee4cdd98e9d0c911ba7b21e47766397360658f815eff477dd353f82cb463aa5e1b9fc305d21e07e657de987152fd9372f4225a5b1231c4b680c9b8918bc5b10786c1660eb829c5f1096f7c4270dcef52c9ad70a3dd9b80e32d0a2c45a6a469e28fa75a064cdaae3e59099df9c3e384e6927ebf0f84df459d179410ce200dc8d9452923b32c67a5165c78a0b382aa9c2755e83834be0b88fbdeffb4841192d5c9480dfd52aaad7c928f601ebf48523775c20399fbaa5b6d83e5add38fea61e11491496e164b09fbffeab88f9329bc4526a076377a4d0a47ea223e1660e9dcbf562e505914b6ca6d978d84162fa5895299eb8fb8eaec40808fe6eb449333f62ac02b8bece9c708971d1d1cb6dffe416c2c6fae7c906678dfe105ff10cfe1eda88c69dcaa73c89cfcfdf92ef6ad69889b1d9984feb0711745f126fae4523f0e3d087978b127cc272033c9f3f1b0ac7e0ed4f3cfeb3e60b691478d9fb01b4158d22d1f64698d076aa830586aff206b3e65772b0d189e770ea239689638d0d935aef9ab8c167819cb17ad67a7e8fd5d658f4f929efa834be01e2644e36ab7c13930499a50ad46716274d62407635b97d6e6c19b1226451294b5e575135a8c972a739e89c92f698b043ed9b97d8b6d7e44522d462a54c10190eecb15f7edd14e3815eff39d614b50f015356e731f0812649979de235f19552bc2826e15c9b67ed40416ba164033135fee831df925e9baabdb846b5bf66855e3f8b79dca16f3bec23aa634606196a388f8e1b126f36618f685cb62065d30f6fe2b0a562a94591ee3fa981160e1481ee781c371cc7ee8c928f77b4e6d9b73fa3bfc479060ce1f4f0b68fd21d068d50e29c84bc2af8328817bcc3293afe6c78d4ee87c835097b383169d8017ef12eabd7ff4f91701088ace6da8a31c05e729aade819777203973c20f6c1611f8adb2ac10d22795c125db94b18cf9"}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000001c0)="0f2145b8000001000f23c00f21f83501000c000f23f80f005f8e660feeb700000080b93c080000b837b40000ba00000000c134b9c20b0000b812000000ba000000000f30c4e3f148cf00f30fc7b304000000660f2c6d4cb805000000b95b2900000f01c1", 0x64}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r2, 0x40000000) r9 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x3}, 0x10) setsockopt$packet_tx_ring(r9, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0xfffffffa}, 0x10) 6.069268094s ago: executing program 0 (id=1764): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) write$binfmt_script(r2, 0x0, 0xfffffe5d) getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="3c00000010008506000000ff0100000000000000", @ANYRES32=r3, @ANYBLOB="01ff00e1c2ed00001c0012000c000100626f6e64"], 0x3c}}, 0x0) getsockname$packet(r2, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000004c0)=0x14) r5 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="3c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001400128009000100626f6e64000000000400028008000a00", @ANYRES32=r4], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x8847, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x24, 0x11, 0x1, 0x0, 0x0, {0x10, 0x0, 0x4c, r3}}, 0x24}}, 0x0) 5.113181003s ago: executing program 4 (id=1770): socket$caif_stream(0x25, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$tipc(0x1e, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000200)=""/4095, 0xfff}], 0x1, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a40)=ANY=[], 0x70}}, 0x0) r3 = memfd_secret(0x0) ftruncate(r3, 0x4) sendmsg$nl_route(r2, &(0x7f0000001280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000001200)=@ipv6_newrule={0x58, 0x20, 0x1, 0x70bd2d, 0x25dfdbfd, {0xa, 0x14, 0x0, 0xd3, 0x5, 0x0, 0x0, 0x1, 0x10004}, [@FIB_RULE_POLICY=@FRA_IIFNAME={0x14, 0x3, 'ip6tnl0\x00'}, @FRA_SRC={0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, @FRA_SRC={0x14, 0x2, @mcast1}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000014}, 0x20040080) r4 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x7, 0x1, 0x1}}]}}]}}, 0x0) syz_usb_control_io$printer(r4, 0x0, &(0x7f00000006c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)={0x20, 0x0, 0x1}}) r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$SNDCTL_DSP_SYNC(r5, 0x5002, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x9, 0x13, r3, 0x0) set_mempolicy(0x3, &(0x7f0000000040)=0xfffffffffffffffb, 0x5) mbind(&(0x7f0000ffa000/0x6000)=nil, 0x6000, 0x0, 0x0, 0x0, 0x3) socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(r6, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000000080)=""/77, 0x4d}], 0x1, 0xa3, 0x0) 4.984570331s ago: executing program 1 (id=1771): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x74, &(0x7f0000000000)={&(0x7f0000001640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01000000000000000000010000000900010073797a300000000040000000160a01000000000000000000010000000900010073797a30000000000900020073797a300000000014000380080002400000000046e00140000000002c000000180a0108000b000000000000010000000900020073797a30000000000900010073797a30"], 0xb4}}, 0x0) 4.892954797s ago: executing program 3 (id=1772): r0 = socket$key(0xf, 0x3, 0x2) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) socket$inet_smc(0x2b, 0x1, 0x0) close_range(0xffffffffffffffff, r1, 0x0) sched_setscheduler(0x0, 0x0, 0x0) socket$qrtr(0x2a, 0x2, 0x0) keyctl$restrict_keyring(0x3, 0xfffffffffffffffb, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) writev(r0, &(0x7f0000000340)=[{0x0}, {&(0x7f0000000380)="1135dde43c3ec81910cf79c4244c8befffc15a1308ecd54b9936", 0x1a}, {&(0x7f0000000280)="9c216fd803fd819e6fe2680af2d734780800000000000000b6dddf3419006d054d91e0687f5200"/49, 0x31}], 0x3) ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, &(0x7f0000000940)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x1) ioctl$TCSETSW2(r2, 0x5435, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000001a80)=""/102384, 0x18ff0}], 0x1, 0x0, 0xffffffff) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/stat\x00') write$USERIO_CMD_SEND_INTERRUPT(r4, 0x0, 0x0) syz_emit_vhci(0x0, 0x7) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005b40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)="be86bee2eb7cd52386acbb852ef2ebfda2d635ec067e1fc8400449f82e43b51d0168731ec0992b0ffbf3cbee93516f17fa696e61098f947b0b994137c75b1f893b3e28a654dd286f7ff4b835d8fb5e878ea5e35e54a67ae574ffbdfe1a57dc5015027d1855bb0306fd73c454fef0cb925471981085874a5348a65d2afa17dadd73b7e43492722b8d2d5377b66f274f4b08c2a4ad6346ba38ec0744aa7e0528e560a728dae79bfaef2d164b941b7d663d1bee93", 0xb3}], 0xbe7d6019aadec558}}, {{0x0, 0x0, &(0x7f0000004240)=[{&(0x7f0000003140)}], 0x1}}], 0x2, 0xc080) r5 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) sendmmsg$inet6(r5, &(0x7f0000000f40)=[{{0x0, 0xcb000000, 0x0}}], 0x28000, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) add_key$user(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000180)="41121b64addba10ef57db4c9f4214f66a38a63820b3fd514364dbe8adef4378f95e194aa2477062513c748933231cd95ad5ca3fae18301519dd998ae292e45b8f1c14fdd9f6cecb085fabaa2f2d8b35ea4df8660e53067fff839", 0x5a, 0xfffffffffffffffc) add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) 4.819806359s ago: executing program 2 (id=1773): r0 = syz_open_dev$usbfs(&(0x7f00000002c0), 0x3, 0x1ef142) ioctl$USBDEVFS_FREE_STREAMS(r0, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303a37a07006000000002000020d3"]) socket$inet6_sctp(0xa, 0x5, 0x84) syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x711201) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0, 0x0}, &(0x7f0000000380)=0x6) socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[@ANYRESHEX=r2], 0xfe33) socket(0x2, 0x80805, 0x0) r3 = landlock_create_ruleset(&(0x7f0000000000)={0x118}, 0x10, 0x0) landlock_restrict_self(r3, 0x0) landlock_restrict_self(0xffffffffffffffff, 0x0) landlock_create_ruleset(&(0x7f0000000280)={0x31b9, 0x3}, 0x10, 0x0) r4 = landlock_create_ruleset(&(0x7f0000000180), 0x10, 0x0) landlock_restrict_self(r4, 0x0) landlock_restrict_self(r4, 0x0) r5 = landlock_create_ruleset(0x0, 0x0, 0x0) landlock_restrict_self(r5, 0x0) landlock_restrict_self(r5, 0x0) landlock_restrict_self(r5, 0x0) landlock_restrict_self(r5, 0x0) landlock_create_ruleset(&(0x7f0000000100)={0x40, 0x1}, 0x10, 0x0) pivot_root(&(0x7f00000003c0)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000000c0)='./file0\x00') 4.641370892s ago: executing program 1 (id=1774): openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r2 = dup(r0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@multicast, @random="cabf9c84344f", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @private=0x8000000, @local}, {0x0, 0x17c1, 0x8}}}}}, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000100)={0x84, @broadcast, 0x0, 0x0, 'rr\x00', 0x1, 0x0, 0x4}, 0x2c) r7 = socket$inet_sctp(0x2, 0x5, 0x84) r8 = socket(0x10, 0x3, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000540)) ioctl$FIONCLEX(0xffffffffffffffff, 0x5450) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001540)=ANY=[@ANYBLOB="150000001a0001100000000000000000000000000084e8cff8380010"], 0x1c}}, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r7, 0x84, 0x6e, &(0x7f0000009200)=[@in={0x2, 0x12c, @remote}], 0x10) ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, &(0x7f0000000700)={"ce85bf2fb3cd8f0e18f44494adfd754252f57b44e3463dfcb57b5aa2b43cd438723b695eec6b4426ea40a206b9cdbc407406838fcc7114ee6e137328f81af34923eb4829d751fe67819c96419effe8f53ecc9abb1c638d0daf743cf4f42698c10d497e714371c2c78b293c2e33df72ca75c4f998b90a473868c98f53ed8f448286b859d15f97b4b6802e87f2170db785ac72fbc40e3ca4684e282864a612c553ebd1ca1948bfea0769e283fa6ed8e2216714062bcf9059e36c3697dd9aee5af04c32980b53ea45e5cf150d3442ba0e58aacdfdeb14d6a20bed8351e1f2b17abdb988f50fbf4074f815d68745a04f2e7ac4212ab17a2872ad028e133aa42778e459ab306a7b6b1cef1f7facf93ddfc3f93908f1b21a13217f02d020f45649159822d69c818682368f0e59316563717a71fcf3c65c496d766a7d7fa6840377e9e93d46f322c1d36fd5275d97da2d9f5eeaee4cdd98e9d0c911ba7b21e47766397360658f815eff477dd353f82cb463aa5e1b9fc305d21e07e657de987152fd9372f4225a5b1231c4b680c9b8918bc5b10786c1660eb829c5f1096f7c4270dcef52c9ad70a3dd9b80e32d0a2c45a6a469e28fa75a064cdaae3e59099df9c3e384e6927ebf0f84df459d179410ce200dc8d9452923b32c67a5165c78a0b382aa9c2755e83834be0b88fbdeffb4841192d5c9480dfd52aaad7c928f601ebf48523775c20399fbaa5b6d83e5add38fea61e11491496e164b09fbffeab88f9329bc4526a076377a4d0a47ea223e1660e9dcbf562e505914b6ca6d978d84162fa5895299eb8fb8eaec40808fe6eb449333f62ac02b8bece9c708971d1d1cb6dffe416c2c6fae7c906678dfe105ff10cfe1eda88c69dcaa73c89cfcfdf92ef6ad69889b1d9984feb0711745f126fae4523f0e3d087978b127cc272033c9f3f1b0ac7e0ed4f3cfeb3e60b691478d9fb01b4158d22d1f64698d076aa830586aff206b3e65772b0d189e770ea239689638d0d935aef9ab8c167819cb17ad67a7e8fd5d658f4f929efa834be01e2644e36ab7c13930499a50ad46716274d62407635b97d6e6c19b1226451294b5e575135a8c972a739e89c92f698b043ed9b97d8b6d7e44522d462a54c10190eecb15f7edd14e3815eff39d614b50f015356e731f0812649979de235f19552bc2826e15c9b67ed40416ba164033135fee831df925e9baabdb846b5bf66855e3f8b79dca16f3bec23aa634606196a388f8e1b126f36618f685cb62065d30f6fe2b0a562a94591ee3fa981160e1481ee781c371cc7ee8c928f77b4e6d9b73fa3bfc479060ce1f4f0b68fd21d068d50e29c84bc2af8328817bcc3293afe6c78d4ee87c835097b383169d8017ef12eabd7ff4f91701088ace6da8a31c05e729aade819777203973c20f6c1611f8adb2ac10d22795c125db94b18cf9"}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000001c0)="0f2145b8000001000f23c00f21f83501000c000f23f80f005f8e660feeb700000080b93c080000b837b40000ba00000000c134b9c20b0000b812000000ba000000000f30c4e3f148cf00f30fc7b304000000660f2c6d4cb805000000b95b2900000f01c1", 0x64}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r2, 0x40000000) r9 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x3}, 0x10) setsockopt$packet_tx_ring(r9, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0xfffffffa}, 0x10) 4.571531096s ago: executing program 2 (id=1775): socket$alg(0x26, 0x5, 0x0) r0 = fsopen(&(0x7f0000000040)='efs\x00', 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x8}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r1}, 0x0, &(0x7f00000003c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0}, 0x20) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='c:::/', 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$xdp(0x2c, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x1e, 0x4, &(0x7f0000000680)=ANY=[], &(0x7f0000000640)='syzkaller\x00', 0x4, 0x98, &(0x7f0000000180)=""/152, 0x0, 0x0, '\x00', 0x0, 0x33}, 0x90) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xa, 0x0, 0x8, 0x1}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0xd, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002a000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r3}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r2}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20) unshare(0x22040400) r4 = syz_open_dev$evdev(&(0x7f0000000340), 0x48, 0x1) syz_usb_disconnect(r4) syz_usb_connect(0x4, 0x24, &(0x7f0000000100)=ANY=[], 0x0) ioctl$EVIOCRMFF(r4, 0x40085507, &(0x7f00000003c0)) syz_usb_connect(0x5, 0x0, 0x0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x4, [{0x0, 0x0}, {0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0x41a}}, {0xf7, &(0x7f0000000a40)=ANY=[@ANYRESHEX=r3]}, {0x0, 0x0}]}) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x6e, &(0x7f0000000780)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c200000086dd6002adf700383a00fe880000000000000000000000000001ff020000000000000000000000000001040090780000000060fd906300403a0000000000000000000000ffffac1414aa00000000000000000000ffffac1414aa1e520b4c951ee12e498924c7dc65397852a8bd76be1a00df5f4540f561c798c7f0f4f28b75c39889911933100fb81f82f2e91a7a837723a5046243b5dcfc97e4a53d55ac2cba9275598ff6a4c75332b80ea65dab548259352a0acbc97136c35f9e38ea80523c70452aaef90f6c245a4b5b85b18bbc5669df3961514bb36ffd7564f3208484de4ab809c678fb16b1e2"], 0x0) 4.260540319s ago: executing program 3 (id=1776): open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400100142603600e120800060000000401a80016000500014003001100036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e97", 0xd7}], 0x1}, 0x0) 4.14898296s ago: executing program 1 (id=1777): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8080}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo\x00') getdents64(r3, &(0x7f0000002f40)=""/4098, 0x1002) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x101ff, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000004c0), 0xc, 0x0}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) fsopen(&(0x7f00000000c0)='hugetlbfs\x00', 0x1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000180)={'ip6gre0\x00', 0x0, 0x4, 0x98, 0xa, 0x2, 0x20, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7, 0x7849, 0x6, 0x5}}) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={&(0x7f0000000080), 0xc, &(0x7f0000000240)={&(0x7f0000000640)=@delqdisc={0x230, 0x25, 0x8, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xfff2, 0x3}, {0x0, 0xffe0}, {0x3, 0xb}}, [@TCA_RATE={0x6, 0x5, {0x8, 0x37}}, @TCA_STAB={0x1c8, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xd5, 0x94, 0xe2, 0xaf9, 0x0, 0x8, 0x2, 0x7}}, {0x12, 0x2, [0x1, 0x3, 0xd7, 0xf, 0x2, 0x81, 0xcb]}}, {{0x1c, 0x1, {0x2, 0x9, 0x2, 0x400, 0x0, 0x7, 0x7, 0x6}}, {0x10, 0x2, [0xd8, 0xff4c, 0x4, 0xfffd, 0x2, 0x9]}}, {{0x1c, 0x1, {0x7, 0x6, 0x1, 0x6, 0x0, 0x1, 0xd99, 0x1}}, {0x6, 0x2, [0x8]}}, {{0x1c, 0x1, {0xf, 0x6, 0x5, 0x2, 0x1, 0x9, 0x2c, 0x9}}, {0x16, 0x2, [0x9, 0x119e, 0x9c, 0x1, 0x7, 0x5, 0x2, 0x1, 0x94fa]}}, {{0x1c, 0x1, {0x1, 0x9, 0x7f, 0x9, 0x2, 0x42f, 0x5, 0xa}}, {0x18, 0x2, [0x2, 0x7f, 0x9, 0x4, 0x40, 0xfffe, 0x0, 0x1, 0x3, 0x1]}}, {{0x1c, 0x1, {0x5, 0xff, 0x7, 0x400, 0x1, 0xfff, 0x7, 0x6}}, {0x10, 0x2, [0xf8a3, 0x8001, 0x9, 0xfbd3, 0x8, 0x3ff]}}, {{0x1c, 0x1, {0x5, 0xff, 0x4, 0xfffffff9, 0x1, 0x4, 0x3ff, 0x6}}, {0x10, 0x2, [0x7, 0x2, 0xfc63, 0x8, 0x9, 0x0]}}, {{0x1c, 0x1, {0x5, 0xf4, 0x2, 0xfffffffd, 0x2, 0x4, 0x6, 0x3}}, {0xa, 0x2, [0x5a6f, 0x3, 0x30]}}, {{0x1c, 0x1, {0x1, 0x81, 0x1a5, 0x2, 0x0, 0x3, 0xa, 0x9}}, {0x16, 0x2, [0x1, 0xe7, 0x80, 0x0, 0x1, 0x63d, 0x6, 0x4, 0x0]}}, {{0x1c, 0x1, {0x80, 0x10, 0x6, 0xb, 0x0, 0x1, 0x0, 0x4}}, {0xc, 0x2, [0x1, 0x100, 0x8, 0x0]}}]}, @qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x0, 0xdb}}}, @TCA_EGRESS_BLOCK={0x8}, @qdisc_kind_options=@q_pfifo={{0xa}, {0x8, 0x2, 0x2}}, @TCA_EGRESS_BLOCK={0x8}]}, 0x230}, 0x1, 0x0, 0x0, 0x40080c6}, 0x8) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r6 = socket(0x840000000002, 0x3, 0x104) connect$inet(r6, &(0x7f0000000900)={0x2, 0x0, @empty}, 0x10) sendmmsg$inet(r6, &(0x7f0000005240), 0x264e33, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaa97aaaaffffffff29ff86dd600a843500140600fe0000000000000000bbfe8000000000000000000000000000aa00"/58, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) syz_emit_ethernet(0xae, &(0x7f0000000000)=ANY=[@ANYRES64=r6], 0x0) 3.885128081s ago: executing program 1 (id=1778): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x354, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME={0x335, 0x33, @beacon={{{}, {}, @device_b, @device_b}, 0x0, @random, 0x0, @void, @val, @val={0x3, 0x1}, @void, @void, @val={0x5, 0x8c, {0x0, 0x0, 0x0, "9af6da3eccb31dfdb01e6e7177c98c64430a038b1a5dfa035ea7a9381b60d5573f7a471f2255656c6fda4f9fe2a1cefb7e307f95a05deb88da8d6767435855a59a04759977ef1cf00cf302f452d67e80c72e836d0cfcfd95ca366d0e284f1c03058e40a2283bb06b723df5c6eef98646cae544fd4eebdf5effc6f1ba5debee4b327b12000000000000"}}, @void, @void, @val={0x3c, 0x4}, @void, @void, @void, @val={0x76, 0x6}, [{0xdd, 0xb7, "31851c27f0515dccb7554d54162c7b9db37edff2415d5589b53027d4db2f9527a9858f2910b19c7737136d933c4cb8b186a2cb77d33dc186120309d0107aae1822ca939dc88880a147e71f89f5936e8d68041d7e8bcc0f1b2831ed25db982a9cd8fcd5160c5cdc0cbe25dce28dc9925779fc4799284de17406d9ac3b5e35515e37ca5568297e0d3e19d80a5d5addb3184fec9543e41f70eb1bcd9a87da2f4b39e15dca2e549f43749edc5d2150d9349f08894e39ac26f6"}, {0xdd, 0xba, "1cb11f4c9767b25df19d1cb86cc9f4059996ff0021375555251d74cf6f777d24ac2b13bbd9b9d6f27b608e3a58d27ba7b7e16a8e13f0d8f288fa3e9a5e6c9ba0bd7028c0866f7cec56d3e0ae5cb3c8963c4d6e991fbd1547b046152bed86b40dc529d6663ed96a2f54759ca9fd4841407c6fb63f588fed1344890b04c3914826eaa5b022f53aa9fb6bffaa0370be496fc201cd5b33db589eb87730dee906175a89a626342c521f0b18b5cb5ed9de356bf155e503ca39d841b335"}, {0xdd, 0x25, "523a4aa23e4123ca5c555c2b2bf412911511b4b39a758f6e3a496d64414c19f01ba62cf366"}, {0xdd, 0x12, "0941a0e096d40b7d3b60bec79aa8aaa3f566"}, {0xdd, 0x3f, "7b1f666daa2c5732ac642cd918aea5ee68d9287e589b7d5326dd3b2bfb9e3d1679ee7c57f9ddfe7cc6179e25076e5fbf36bd5882a567a92f5c2ba4e5d1fe2e"}, {0xdd, 0xb, "0da71e815422994325dfec"}, {0xdd, 0x64, "30d8ac98fdedffdf2ad390d8c532101bdebf905f4f96a12b5400578c02f802cac6cedd077c38a52b4fb790de3ab2c28eed8f45baef37217a654a07159fd6efe9fc5a4effdb0327c0802a3a873e92979e62ab34d31a748ae171a86d656075c5a8c88eaba1"}, {0xdd, 0x6, "4f3fef835ea8"}]}}]}, 0x354}}, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd, 0x0, 0x20000000, 0x8020, 0x0, 0x0, {0x2}}) r4 = memfd_secret(0x0) syz_io_uring_submit(0x0, 0x0, 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x0) r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r6 = fcntl$dupfd(r5, 0x0, r4) ioctl$SCSI_IOCTL_GET_PCI(r6, 0x5393, &(0x7f0000000000)) socket$caif_stream(0x25, 0x1, 0x1000004) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r7, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$tipc(0x1e, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) socket$inet6(0xa, 0x800, 0xfffffffb) socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r9, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$kcm(r7, &(0x7f0000000480)={&(0x7f00000002c0)=@pppoe={0x18, 0x0, {0x0, @random="22b7a92a69ce", 'wg0\x00'}}, 0x80, &(0x7f00000003c0), 0x0, &(0x7f0000001a40)=ANY=[@ANYBLOB="d0000000000000002001000007000000da6549b5de4971c1f4fcd2eb9cfa3ab52ed1fe6329fae4aee911455e449dfe20283d77238a75bd5f5fa840a61faf9f587c8bf90909ba75f22fa94c41ee0937f04429acb0271f97dbc683bf53728efd13778054968914b2a91435c00968d0709c41837fda9051f9b722896149001f2e9319a66e02c2ffc085feab48c680fc6a474512921290f0b1380d05a8e4db4403a58ee96e48299753393cb275934d125e7ec01f48193c9f81f436175393032e948e8f47689588a3e0ad57d1c00000000000c80000000000000013010000550000000852263366650c27d7398280597612a9757c20543f7671e0d77a5f462bf9bfbafdd5ffb1beccf5484a9faf66897e69a711ab7ffcc43ec6372a0887ad07291b5b28c83dade4f8761f7bdd264d34a25008b4cec43276b0f67dc917f01ca578064d3587e4b11253c546a0e05b4635a36ad5d0266f588c29080c9dec8ccdb7c03f91837433fcee2458e3496b701f82a15674ab801397bafff2ee80fca2390089421e11323f4da1aba46b85f0efff4ecf2819f9af1fec00000000101000000000000011010000010400001f1da4def05bbd84c17294e9efb4c86533a7c8c46bad0b5621596d2c1bb6badb05294ee938f6e451df0837a61d8c19c62e5edfc65f91e7d6cdfa39f7c7315bb1c18154b954c81735ef30a5b8ef9148f750655045725807e399f52d8924d98334611ea68a234a65b8e673bf5165cc8e0e406695cb069ce6c6e0439b7e87d2e7278707b4b9022dc0098e7a7aab2ad2b3a2dcca3a11d558f23adb4cb3597f06ea063b99775d2dac52793ad2ba095bb7bc48fe4d371541f3abc8b062c627664efce675a64050a901538567b28b00426699f678a08d4052b1df334892204f68f3634b717d6bb092f4b420c07e5fcc33e5372c2f569083eaa0cbcca8fc147a750b2f88c239553f9c2aeb033702ce04790648bdc66c5e93e8284c01ae6d23bc09878f8ee9f3fb3a5368c182d676f0f641ce60cf10c533b6b9a99325d55ee2c7f717433b508fa7dfe58d25017d3bfdfbf687b65a5c0947d4b5bf0f5c48814236a8a1ca56fdf94a2c8a76fe95cc073d56207712c0e6d6b1f49d81c826d82e8dfcf0e6c0c42593fa98fa9a2a760d48d824214abdccd2403f9668803ff848d1ed0574eced50a725fde50887bbf502fea076e27fca745ecd0cd091b060835ceeb6d49f8c29f49918e6031b72b91efefef6e1363cf66760c950a5cff50d92f4a2048e70387d8eef60932a5ec1c1bfb64e7138c8d05b106fe055f1b9fb171a35b0e26088727d37b19b054439326db41407a3d6b0e66cad04434a1ddfe0ffae3192e269a43688f0c4cf85c5b897cc32fa694cb7410b956c1f8ca55d60fc3b0ffc8ab5394557417f79aff18084ec71024f12d4625e141816c45e319720303cea707c32726b3a2ec578fa8e5285a4d67701e838307343d0cfdc6b32eb7106fefec5beb5d996cd20ef3934590ddb5317e934c0eaea82d2a82e0fd5ab880aadef230559592ae270f871463f9f557c1a41c04d0225b61caadb1df55f148e2e00d821464871f97ec518c0a1e8f1e553c6117e2ae611003958739db3eb7eb2912ab220b3c90593c8fc1c3903de51228df77d1547ada4324f79c6f8099a8a65dd009d8cf9c724c92b02aca8c3c85f5cdbc036b19193de8fb302ac4ff2bbf6bc018231bbec294996827996ce742ca9981ac656a5ef813be4bc299e3b7bc512eb5eae106cc03abbfe977454288d6ef598c1ab6db87aad1daaee6618bfde45e3d6b8b01bc893d3fd742d2bbd142a3fd33cc6a8f27540af185c5d6f7130937d73949b426b43d694d1617d75f23ef29874b97a00f0f1f900121e9b18a496e03075276dab63dd1deb7a937ea8a70710d7ccc2cb46fe7fcae43ee74fe3ee346e4236270cd7764a0822b7e4c579f35d602c08b65985fdd16b72d3e7f7139120fef80869f714ace8301e8492c95f30a12bb0dc6473564f451a4bc4a0be3e0a641227ffb9a2ccf0c5e635b2191e3cc96e1d068093ed99f6a08b9a3e0649f6760b75d098f10c3c43929f47687d1cdcf64668d8be122ebaa02fb9e20b7fd279e1f698c4d1798d28584a48f410ab1c3ab78d9b0eef70ad206ec6bb327383cff285c409e35faf94d9c6a3695d0da61c6c9dc95ae48a1d09256430d036aaae5a9ad8c157745cb31dc55724072318bd93e65f360018432c2c677565ad224c126d13e211ca98f6d4b6b50fec7caf3a5776dd971d46d1b0f913dfaeb3eff14dd8a896be6c65416eecf308316efcfc57aa217da9662efd94bbcce34e783340532b289649cfc8921779bd5783c390214c69b41703cb555706e4bc0ffee1a81b090665718d4076d638e6126279559e7476a611b6af51a4b17d7cd3e48d3dc70cebcfc4f95abfce3294af93c5ba3ce8fc94bccb62b618f367b5ecb71dba6d79b147a1d58f7aaa31e68b503ce0db54f9be75d37ceeb2e4d4e9e65f700a3ea0f8ed265f24e332c0282674cd714aad678ddffc9f867b9a488d693f3b70cb8a573647ecc1a8c9bc908551a08b9f3ae0505919cc2c27f1684ced010c7779736b47a64207d5e63122dbfc1304a2db3cd435a06921e386c13b7080c031b880236e8a99995928bd8e9c766329a768aa2fa74186ed667b0365aae9ab397e3495e67d711d1559b51993ae3ce3a2912ffe3727250d04a2d0a11ad43c683d4c927aad487cc4a240e78259aee3fbca7e739020ec1bcd22ae87ae0c789e174399042c10e2443add5bc589ffea1e94dbd98a534a2f95607ff0b149b757baebd6e8ee34919726afbbe38bcf5d83b511fcd1ac016405eb8cfd4410010530a55b0e4bffa78c26f5a0bd5f34128752c40cd4a3892c60d024d5ab06449cee5250c6a8ba626667ea3802cbe54595fd871019265a4c77b35d2a9f9ec4089d9f0f24694364cf46406a9a3365989fa608e70111bf7a9a9fd2beb33bb6ee240f9ebfbeeaec83b1c249038f6713ecf0d50b864554e070c59146c6d7e7a73f76955b57f75aed46b18e0f5f7777309bc115dc27025d08ec9cfaec0a859536d2ec9b79c9af5527cebe97749dd44759170fe4832c9fd45e1203478a9ac42cfefab6c41977f4b4abc491533ed3dc0d1bfa571d6c79dddf86308c0d5d7ede4191887c433265181c2896a56ea2c362d6b4ab184792861e4d0350a645b7552747fb2598a3d228d80c17e18ebbff45ae069603a9818f46a77b94f45e6221e2c56a166370eac2d8f7768a51776eb99e9831c17bcb3ef6ad20835b574e2721a4d3349687b1a84b157a77ce1312693221d7dbe6409a97174a410bf494a1b021946359a939158d58edbcebf71feba4dd72b6a061161307425ee7e55eb9f5fc6fb1906e63b2736b705413ae941be0901b9efd1fd469e83f51ecdd49fb79e6eb6f60b891445dc3b27e2915036a7f650f6533b0c89c0bb81dbe54c5c25ac9a9fb6ba93d3e683d9dd01ff4ac6005169226b614345e8527b8446190da1e5c146ec0fb7f59c97396fdbdc85625175ebac6728bcf9cf39a46a20ff26f49bbad5895dc96c7d06778844c331cceef5d9a95cb538d3419ca87e3a7f251b623a28b8b71aea81a12d0b51db1b6fa2d5deb1498216e44661ca2c5dced6fd5e16dd25015a4c19d4eff182172c48295b199f76c498bdfbf47548f1822570e2b002776487b14766f1eaed41ff7419fc8bda54f56f43b2ed7163521b8dd4b9ce01df9918f814b4b75024861a7a6b3015993258f9fc1205de7a8b35c54a94770f2806d3909e09394ee453d9ce4dc06874f765520aecbbf265609931e29e303cb9a803ad47d041f38ce186f67b6c01b56dc7c3eb1460b8bf3fefa11502b5813a95765488cd0cba8d9ed8efcdc9efcbc149c59ebc8650da27d2073f78a6535acdae4cab42d03fab5b27d1065d2c586e21bd9a1c570896cef0a796a0f2a7e8768d05fbca34e6f9ddd55ed526017c43da8c169466bcf671cdeaf8284272ecb0c3b1e30d80de31ca1a57fed22a7ad2b42201fd4eefd9569f5834684ff24b3c33aba5709b5ff9c48128f4235e78e4fb4b1c52a37030d3e57d63613bc1d2444d8c979d1e570383944b4565d109c814b8428c80e75d79484e206ef04ea0d3309dc72e5a9af7a1681e6ede94102badd4ae3065293866df73c4c1c4ac6b6c62124dc7e731ed190814ab54f7ce0bbb9623d573f715cb8576b31f368a9fdab84b9d17ecac85eb5c3629d6b3b07fba48e6975039ec483fe6a14dda8b15cc377eaadd045873b0d0079a3e6424bf911ded9043ce728e82b03face1ead690a1ae62ed901de7ea4a0709f641f3933675bb3b7a877671c5888c40c1ca86501c4936922b1e63e7d820a514465c7e3d6ddda2fdc4e9bc5c9ca047455ef6b9ee214304e891641f3ce51128f1ea9abeeffd2190e55679c38106ed625f8129a3213651d764eb116335ba317e05aa698c9c985df2dcfeeda628a7f73ff435b4dd265239ac32c3f462872979df0e2aae49987c78c53e926557ca1f47b5b487182cb72cda8885649f56c3b157d94ade440b76193b9e4649a411b1e1e3cdb77e0d83ef17e53f7f0da1b1aa3dc517ab2e9fbb33fb41e00f3e6607731cb22f1db53015e8c98eea458eabe1f4b0fb7036ca41dbd3c454b09b58692ad4c0e8b84559951b20172501a71f72e20ebf483ac3dce4c23cda1d833569590c2fad5811daf51aa2bc5276555c507d3d07ac6afee0d98ed740ddbb12266fe50e2fb911e633d0ccad58554fe4d2666b3d071a3afcf2883f36653959141b35cdbc8d5ea2bb4548f3318de094c841d7fe524a0e0cd93c84682380f685370d7667654db1c0c5e4b290db5a878076355fdbae79ea8af4b0d2778ef77e410bd6ada6a8848916c8bed7813d91dce4c8c789cea9036f8fd315be5b9945ab4029017a5fea732654c80a2ec3c17ee744fd709a8730a95f004ac14b0248d944e8eef783c5f43e3b151290e36cb01a3449e2c34fdc2d25ddb7a9c085d39ef48cd9ba981a3cec471df9625fba8f1390702fb112bd96310216ae01c059f4fa12ee22e097dae4e6d9147acdb176fc2b5cdcb4c5cec27145a8a588a447f4cbce633c1cbf4bf3b0b7295fec41a02ea419ed1d1529ccf3743d71e09929707244e15cf9632d752634edbb89da6a99d47305c706e7cbf1ab53b596c765aca1874c8677f39bd032d95e7027c29a5dab071ab83fca3d27521bda4f4d6e56e51c3130ce39382a8e4b1f0c283b1a21d053b79c55a03a8339ad3accd38da5b218b35996612ac37dca1f315d4fafe0d1ef644f517ccfa772b50422dd8594a4a46a6273ab5059dcda21fc6e40bfd8a09ef470862828ab12f11bb2ebf65d1db81a234d3f3cf53c830988752897a63c6d937c30e8a28acbcf056f1f3761009d9ef7343093c5f52cdc1e75fac6cf5812e5d4658fcdede401f82d91ee498c9f24ae3c15fc412220269ebcb40424d9f4526ad4a669780ab497e216524df7d5b56814d0231be1fa77de41cda072262e48fe6a98de73159d650881fb1a3ce818339d03c49e377e96afefe48a2d255aa77352fed93091bc39f8e8ee58f820b016661c82c18b3739de6b85eaec5387372a0a085f449ab5d8de9923791d0cf4a65c13426607146882edf19ef95eae7f7af74a3220510761a68b1451bf8bcfa21d93975dbcba0e73cc62d27354de702b7b982b47657a892d034f05d7ea431f81c80cba9a63a55fc6e8052fa6fc1ec7c959948ad63480c8face6cded2115bd10233d19b05cc40a92a8c81f8260bf816d96f11d426f256f162f45534dc71c98f1081f778a72330a5b08216c728eae71525b43dcaca49b0cd0969014c6460818ff3e051ffc21a14a52c3d170f31619cbe6c7ad42cc351772fddab059af80e02d06e0867205fac7c5938780fa0532b6292f521dee15817c1761523a9e38c94ba48ff96905028db9321256d8a9d24f5ad94ebe1674fb608d461a9db43cb78ab14a956fb749bea9188c50cfaca3b9296968223298417ad2cd090f8db98b4f886b55049d3209e11a7dd029eae2d0317ed9fbe98f08dbb69f81a65059e8492aca07c309c05bad5899e5a86ca5dd1883e02689e3e8df037c4bc33f907534db55a3a35cc02963d1220984d3422913f97924feb7b025f83717be7abb4e87c0951afa8c10c39b6f4b688db5cc9750e54bf01b693b5fd5131c0293617a12be8bac1da1a069a011c015b82d46cfdfc465e3ddf7de8f6b89b969e6d5586458ddeb7d2de46d0bbe5dd7b71bbba95b7c39390226706840da72d608a163411fc27265c01a870cd50ec81c0f38f843dcdb74753c0823948ce7dc98af2bafd820ca93012128f4b47eb9cc196df64962be053a453221d464b96cf75446306836ffbda9a6fd2cd9db0d37a3c800000000000000180100000800000089972a3daaaf146738cfad86ebec8a715e160d5c06ebf56aa3e3b73419ee3fa1a8d88f40367b60fc334de39106fa8f6f4f15b0f5d348aa142addbd09c8be544dcaea8d8a536f9e07f4281afaedaada581571e0f8d88a5f6d13e35e61f814b5e7ca68e28fc77c1e24c1c036479ccb4143c9954c6258dfa1bdc23ce85de99310861bdf8e1dfe395a6e78003ad67cc6915305f2b4eeb3a8a369c5abe0ea0d20fd6edeec65dba2af7b1a26412bbf8bc18d87ca43095a48f9ea0060000000000000000701000001000000c8f95e3151a4c8b4d40413726c883b83103c94cbecfc95d1ccf92ae39c03f53842c09a46660ee6a30dbb5f98b694f5b301026b9af36a5941f72eca873ea4ab2fe2020a5f5492cb538ece7d02bc973000d80000000000000006000000df400000965cc0b8ef5c1a1d60f1ca312ad1d1ce2af72b5a2225b0eec51fa54bd93360b39d4898b97ed3286c8a24e6f7e7cc978149a4d5363f922885797f2171f843e4d07a0bd7ee6dca87e065160c948aafbae05edfb1d12beb50232976bea769a2ed79e4c523f01e2f4b38e31e09867c79d31d6e662abe3b4f46620b7d78fdd37cff90bf0a7703a96514ace0bb283f662e72cdb517696bfc287711fae3a8db0ec210710d7ea2347f68305c16ecf4db4f805cb490fb7af0329970f2675df6faa4e4d7d850653261000000002411c7c4fc81ff6ada345b218e82fdf17c9977cd732c77fdd216e26fc75d2bcb5945a02644fbc21d4c5c8e6f3eb31c42e4bbb91c8deb02dd027bf157a9f80b9ebe3461bad7ba6ed1bb5ca448486a7be9300cb005632f3630"], 0x13a8}, 0xf376f9a8029ab7b6) sendmsg$NL80211_CMD_START_AP(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x8c, r9, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3c}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x4}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x10}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x6}], @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x8c}}, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) socket$packet(0x11, 0x2, 0x300) socket$nl_generic(0x10, 0x3, 0x10) 3.71056957s ago: executing program 2 (id=1779): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1d, 0x4, 0x8, 0x8}, 0x48) rseq(&(0x7f0000000200), 0x20, 0x0, 0x0) r1 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8) mkdir(&(0x7f0000000280)='./control\x00', 0x0) wait4(0xffffffffffffffff, 0x0, 0x1000000, &(0x7f0000000300)) close(r1) r2 = inotify_init1(0x0) fcntl$setstatus(r2, 0x4, 0x2c00) r3 = gettid() openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x541a, 0x0) sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100), 0x10, &(0x7f0000000240)={&(0x7f00000001c0)={0x1, 0x0, 0x0, {0x0, 0xea60}, {0x0, 0x2710}, {}, 0x2}, 0x48}}, 0x0) rt_sigprocmask(0x0, 0x0, 0x0, 0x0) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0x8604}, 0x10) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@mpls_getroute={0x1c, 0x1a, 0x0, 0x0, 0x0, {0x1c, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}}, 0x1c}}, 0x0) inotify_add_watch(r2, &(0x7f0000000040)='./control\x00', 0xa0000000) rmdir(&(0x7f0000000080)='./control\x00') socketpair(0x1e, 0x801, 0x0, &(0x7f0000000280)={0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f0000000840)=[{{&(0x7f0000000000)=@file={0xe8e6005ca50009c5, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x1}}, {{&(0x7f00000006c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x2a}}], 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x10) r6 = syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x0, 0x11100}, &(0x7f0000000000), &(0x7f0000000040)) io_uring_enter(r6, 0x2def, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYRES8=r0, @ANYBLOB="9f3078c68158a7e7f4a5127edd2999c400af7bb537c2775d2a4d34195a41f3ed87a0debf3c3348526e2e01958a198db10aa0d758744dc24c711ad701353514ad15fe08a44f2ea4d25765990a8051f89ec7a1f206875824ee97a4b63e", @ANYRES8, @ANYRES32=r6, @ANYRES16=r3, @ANYRES32, @ANYRES16=r0], 0x0}, 0x90) syz_usb_connect(0x0, 0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="130100009b23fd406d04c1088dee000000410902240001fa0000000904000000ff01000007240100002e000b24"], 0x0) 3.252326123s ago: executing program 3 (id=1780): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) bind$tipc(r0, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x3, 0x4}}, 0x10) bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}}}, 0x10) bind$tipc(r1, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10) bind$tipc(r0, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x3}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10) bind$tipc(r0, 0x0, 0x0) 2.913260759s ago: executing program 3 (id=1781): socket$inet(0x2, 0x4000000000000001, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$qrtr(0x2a, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x0) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x4048aec9, &(0x7f0000000080)={[{}, {}, {0x0, 0x2}]}) r1 = socket$key(0xf, 0x3, 0x2) fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f00000000c0)='nsdelegate', &(0x7f0000000140)='&)\x00', 0x0) pselect6(0x40, &(0x7f00000001c0)={0x94, 0x0, 0x400000000000000, 0x7}, 0x0, &(0x7f0000000080)={0x3ff, 0x3, 0xfffffffffffffffe}, &(0x7f0000000280), 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a"], 0x38}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000010200fd000005000500000000000a"], 0x70}}, 0x0) sendmmsg(r1, &(0x7f0000000180), 0x3ef, 0x0) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x38, 0x3, 0x8, 0x3, 0x0, 0x0, {}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @fccp=[@CTA_TIMEOUT_DCCP_REQUEST={0x8}, @CTA_TIMEOUT_DCCP_CLOSING={0x9}]}, @CTA_TIMEOUT_L3PROTO={0x6}]}, 0x38}}, 0x0) setsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000000), 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xe30209c9b53cb2d2, 0x10, 0xffffffffffffffff, 0x0) openat$vcsu(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) close(0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)) 2.415588393s ago: executing program 1 (id=1782): socket$alg(0x26, 0x5, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f0000000900)=ANY=[@ANYBLOB="20000000a234dece55b8f05e66db7c145183f0507fe985244380a2d0331567e39ab5af4be3246be00dbec30c08000000f67fa4e7edcfe046133d64d9c4f2a11d5c904954103fa6f58180b0d94b7005ee681d7dff234b0a6a03c4ce21dda745f5c2cb12813fa73ada4391ac5b11287d48b38972f4f3b1ea646f4c793fa6ae1af2fb6a527410adb3455175c8d452fcb59609dc2ad5c94bd3ebba73ebaeee4b9bf4dc8c76caacc6396ac00f04", @ANYRES16=r1, @ANYRES32, @ANYBLOB="da2112f059fc6884d6378069910918b568f35973c5e9b8dca5253bb108c18742b708437e3fa30b88e6cecec055c19da9342f69ad185ed8aa060ef69d655d45a27631092b27572573b97f993beec492da6dc501ad8dc8bbac185ee0ee476859af1141532a44a041bd6ac8c84dffbfe401a4211261757870636a054551a14c46569232c2b1c365cf9bc2fe807033b8f1db1ac977e2898ccc28a2cd5cd4610f8c664d461dd496f35f2c03b180a7d33ceb9f8fd98981"], 0x20}}, 0x20040000) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7) r2 = io_uring_setup(0x666, &(0x7f00000002c0)={0x0, 0x4cf, 0x40, 0x0, 0x2}) r3 = socket(0x40000000015, 0x5, 0x0) connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_procs(r4, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r5, &(0x7f0000000600), 0x12) r6 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) read$FUSE(r6, &(0x7f0000002a40)={0x2020}, 0x2020) setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00006dbffc), 0x4) bind$inet(r3, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000003c0)="fe", 0x1}, {&(0x7f0000001240)="1eac4d20f8509e2139d2842c8faedef008bcac1025cbc63d2bfe0c7bbe51c5bf73985d5106bf5b5e7e5761716e35b468ea79633c916c4a8026f9408d056b8977df67c0e6fd0b1b3da5de5d003382ac95eade5dadad870ce3749452d2c1c3651ffff244be3078fdbfeb97d093bba60131e733d91c4ad38e7b52aa7afa9cb8e2351bd3f8a7a2a0425b071f6790992b8c2a51d944b0161c5c97fcdc19c2ef7c66ccc23c77a28a34b216c429444343ea056f171399dc03d56a1131ba74d31fc1012d3deff0e43309fc9e3b88bec90a7680aa74ccd581e02eb436a0009fa62097513d0c9533256d81978fae39288edcb833739d2988ccf5a564bc00edd1ab0853b873cbab3ef227f11325d72dbe2f435351610d01d0f74e180df6eaa94651336e7713414e499586edd5693e587a186fcb68a973e823e61a072aaa4fb9e3a03ff4c17c9e343684255efba0d1b149b22c2d81f1ac5eaccaab01ab108178e97eb8a45d5d6cdeca0d6b9af9f88cfee58935be6902ac7c6915d60548367d164990b142d472b9b5700191b1f978fb36bcde646385dcf5cb7adf1ec70baef4061d2da93d2f5eefae1081374d58ab54532755c1b8bf303584296145e9aad2e3ccef93f30da9c102db5cfe346baba2fd3f157cb6e825e607365ff8c6187e216dc4072e582874ce63166405e21644015f99d5713165a377bfdc3143928e8469b4e312ce1f9dff83fe7c8d9fca791af2b46f1650e3937c9ab589d5f93fb578503aa64042c66571649844d93257489c1b658140e4c194c329a1a2c0117d123a45b213a118dd608bd6bdb2e0a6782f785321ff48eac4158ad9efb3737a6cfbb21d0dba732558493aa09dfa7fa41b4922e4e205a4792c9694661a18eff0d932d824f6987aa3dafa7ddc9b0acd70d43263c78dde88b7c665abbeec1cf1016ddc321f713cc3c149eeda6443b5b278eb3a05b08d510650b055d3193c4d5bbe084431cc40a626e81827d8bf2379435ada42a99569b35faa3af53f90f4dcf7a7d1c2e6fe4d7739b135981d40ba00de019909748640d554a159e552c6a7a7c77b213fad40dd785cc4ee983266b3377fbc7845a44992f82656b8240c169697599074348a4bac29423612e4c0ba89a66d08033b54b4d8f8704ab9470fe6316dc6ba610b7f3c1b0428607b13d2cfbed5c82d9214a1e97edaa27ed011d42800467fd54cddec7841f2aa513e7c8956842ea69b6b80208a4acbe9b678a9ab48a26df1cebd283f0d8e2956d8e8a4aad5b563ae75ddaf9b167d70b0e96f42a4f1c5bef1e777fedcb380707fc7ac87e249f322a01660687c04d1bbeeefeecadf86c3ef805d79964a862877cfbff40eb340f7065bc759013cbdcb25305ba6812a853b8d8e1960227826acb24311ed0e67f84565dd8858ca3be23409569e15ba75120c35dffdc8a4b7688d5d02fedf88434274b828fec979ea029405cd1e7cadc867ebdc98c4a523178715828c1a6361e60ff1f2968efc20d6888ac2a6f81e37cbc7f1e89f3421825cc278df26c8722e1672fc9672a8d0a60dded6f0765ac61f8a91acf0195abc177e56cc91a9c11ccf95d2a58de5494e66cfa1e758438ee4bb163ee05927e551e4d05b308a0eb01cea0e43", 0x480}], 0x2}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f00000001c0)={0x0, 0x3d, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000040)={0x0, {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x2, 0x4e21, @private=0xa010102}, {0x2, 0x4e23, @private=0xa010100}, 0x81, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000000)='macvtap0\x00', 0x2, 0x4, 0x7}) setsockopt$IPT_SO_SET_REPLACE(r7, 0x4000000000000, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x41, 0x3, 0x248, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b0, 0x1f0, 0x1f0, 0x1b0, 0x1f0, 0x3, 0x0, {[{{@ip={@dev, @broadcast, 0x0, 0x0, 'wlan1\x00', 'wg1\x00', {}, {}, 0x6}, 0x0, 0xb8, 0xe0, 0x0, {0x0, 0xffffffffa0028000}, [@common=@ttl={{0x28}}, @common=@socket0={{0x20}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ip={@dev, @multicast2, 0x0, 0x0, 'xfrm0\x00'}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2a8) close_range(r2, 0xffffffffffffffff, 0x0) 1.991939069s ago: executing program 1 (id=1783): accept(0xffffffffffffffff, &(0x7f00000000c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, &(0x7f0000000140)=0x80) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000180)="cba835929bf0023624ea69be5b2154ab", 0x10) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000000c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x5422) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f00000000c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, 0x0) unshare(0x6a040000) r3 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x11501}, &(0x7f0000000100), &(0x7f0000000280)) io_uring_enter(r3, 0x0, 0x0, 0xf, 0x0, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) r4 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xfffffffffffffed2, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03002a000b03d25a806c8c6f94f90624fc601000127a0a000600093582c137153e37080c188001ac0f000300", 0x33fe0}], 0x1}, 0x0) 1.920741025s ago: executing program 2 (id=1784): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) socket(0x1f, 0x1, 0x4000) timer_create(0x3, 0x0, &(0x7f0000001400)) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) timer_settime(0x0, 0x0, &(0x7f0000001300)={{0x0, 0x989680}}, 0x0) r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000080)={0x2, 0x2, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000140)=@multiplanar_mmap={0x0, 0x2, 0x4, 0xe7ffffff, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "68b9c381"}, 0x0, 0x1, {0x0}}) socket(0x10, 0x3, 0x0) r2 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, 0x0, 0x0) r3 = dup(0xffffffffffffffff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000500)=0x20000000005) preadv(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) syz_io_uring_setup(0x331, &(0x7f0000000540)={0x0, 0x0, 0x2, 0x2, 0x0, 0x0, r3}, &(0x7f0000000040)=0x0, &(0x7f0000000280)) syz_emit_ethernet(0xa2, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r5 = socket$packet(0x11, 0x3, 0x300) getpeername$packet(r5, 0x0, 0x0) add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xffffffffffffffff) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0x1}, 0x0, 0x0}, 0x20) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue1\x00'}) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) mount$fuse(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r7, &(0x7f000000c3c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r7, &(0x7f00000000c0)={0x50, 0xfffffffffffffffe, r8, {0x7, 0x1f, 0x0, 0x1}}, 0x50) 1.830611216s ago: executing program 3 (id=1785): openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IMADDTIMER(0xffffffffffffffff, 0x80044940, 0x0) creat(0x0, 0x14c) ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc028aa05, 0x0) fanotify_mark(0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$nl_route_sched(r0, 0x0, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0xf}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x3, 0x2, 0x4adeedf5, 0x3, 0x4, 0x3, 0x1ff, 0x9}}}}]}, 0x58}}, 0x8000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001840)=@newtfilter={0x3c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0xc}}, [@filter_kind_options=@f_matchall={{0xd}, {0x8, 0x2, [@TCA_MATCHALL_ACT={0x4}]}}]}, 0x3c}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.68837396s ago: executing program 4 (id=1786): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000003c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x51, 0x4, 0x0, 0x0, 0x144, 0x64, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x5, 0x4]}, @timestamp_prespec={0x44, 0x44, 0xc0, 0x3, 0x1, [{@private=0xa010100}, {@multicast1}, {@remote}, {@broadcast, 0x659}, {@broadcast, 0x7}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x8, [{@dev}, {@multicast1}, {@multicast2, 0x7f}, {@private=0xa010101}, {@multicast1}, {@multicast2}]}, @noop, @noop, @timestamp_addr={0x44, 0x3c, 0x3c, 0x1, 0x8, [{@loopback}, {@broadcast, 0xfffff7a9}, {@dev={0xac, 0x14, 0x14, 0xd}, 0x6}, {@multicast1, 0x200}, {@loopback, 0x5}, {@local, 0x10}, {@local, 0x8001}]}, @lsrr={0x83, 0x13, 0xd9, [@private=0xa010102, @rand_addr=0x64010102, @multicast1, @dev={0xac, 0x14, 0x14, 0x38}]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}, @noop, @cipso={0x86, 0x25, 0x1, [{0x5, 0x12, "4661a6d74ccdf8d07983f1f84c4423eb"}, {0x0, 0x8, "f61fa5dd1b18"}, {0x0, 0x5, "937130"}]}, @timestamp_addr={0x44, 0xc, 0x3a, 0x1, 0x4, [{@private=0xa010101, 0x4}]}, @generic={0x7, 0x3, "d3"}]}}}}}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, 0xffffffffffffffff, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) r5 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f00000005c0)={0x40, 0x0, 0x3}, 0x10) r6 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000080)={0x40}, 0x10) socket$tipc(0x1e, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x48) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r7 = timerfd_create(0x7, 0x0) timerfd_settime(r7, 0x0, &(0x7f00000002c0)={{}, {0x0, 0x989680}}, 0x0) timerfd_gettime(r7, 0x0) pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x2) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) userfaultfd(0x801) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) 1.038831283s ago: executing program 2 (id=1787): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8080}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo\x00') getdents64(r3, &(0x7f0000002f40)=""/4098, 0x1002) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x101ff, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f00000004c0), 0xc, 0x0}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) fsopen(&(0x7f00000000c0)='hugetlbfs\x00', 0x1) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000200)={'syztnl1\x00', &(0x7f0000000180)={'ip6gre0\x00', 0x0, 0x4, 0x98, 0xa, 0x2, 0x20, @mcast1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x7, 0x7849, 0x6, 0x5}}) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={&(0x7f0000000080), 0xc, &(0x7f0000000240)={&(0x7f0000000640)=@delqdisc={0x270, 0x25, 0x8, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0xfff2, 0x3}, {0x0, 0xffe0}, {0x3, 0xb}}, [@TCA_RATE={0x6, 0x5, {0x8, 0x37}}, @TCA_STAB={0x1c8, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0xd5, 0x94, 0xe2, 0xaf9, 0x0, 0x8, 0x2, 0x7}}, {0x12, 0x2, [0x1, 0x3, 0xd7, 0xf, 0x2, 0x81, 0xcb]}}, {{0x1c, 0x1, {0x2, 0x9, 0x2, 0x400, 0x0, 0x7, 0x7, 0x6}}, {0x10, 0x2, [0xd8, 0xff4c, 0x4, 0xfffd, 0x2, 0x9]}}, {{0x1c, 0x1, {0x7, 0x6, 0x1, 0x6, 0x0, 0x1, 0xd99, 0x1}}, {0x6, 0x2, [0x8]}}, {{0x1c, 0x1, {0xf, 0x6, 0x5, 0x2, 0x1, 0x9, 0x2c, 0x9}}, {0x16, 0x2, [0x9, 0x119e, 0x9c, 0x1, 0x7, 0x5, 0x2, 0x1, 0x94fa]}}, {{0x1c, 0x1, {0x1, 0x9, 0x7f, 0x9, 0x2, 0x42f, 0x5, 0xa}}, {0x18, 0x2, [0x2, 0x7f, 0x9, 0x4, 0x40, 0xfffe, 0x0, 0x1, 0x3, 0x1]}}, {{0x1c, 0x1, {0x5, 0xff, 0x7, 0x400, 0x1, 0xfff, 0x7, 0x6}}, {0x10, 0x2, [0xf8a3, 0x8001, 0x9, 0xfbd3, 0x8, 0x3ff]}}, {{0x1c, 0x1, {0x5, 0xff, 0x4, 0xfffffff9, 0x1, 0x4, 0x3ff, 0x6}}, {0x10, 0x2, [0x7, 0x2, 0xfc63, 0x8, 0x9, 0x0]}}, {{0x1c, 0x1, {0x5, 0xf4, 0x2, 0xfffffffd, 0x2, 0x4, 0x6, 0x3}}, {0xa, 0x2, [0x5a6f, 0x3, 0x30]}}, {{0x1c, 0x1, {0x1, 0x81, 0x1a5, 0x2, 0x0, 0x3, 0xa, 0x9}}, {0x16, 0x2, [0x1, 0xe7, 0x80, 0x0, 0x1, 0x63d, 0x6, 0x4, 0x0]}}, {{0x1c, 0x1, {0x80, 0x10, 0x6, 0xb, 0x0, 0x1, 0x0, 0x4}}, {0xc, 0x2, [0x1, 0x100, 0x8, 0x0]}}]}, @qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x0, 0xdb}}}, @TCA_EGRESS_BLOCK={0x8}, @qdisc_kind_options=@q_cake={{0x9}, {0x34, 0x2, [@TCA_CAKE_ATM={0x8, 0x4, 0x1}, @TCA_CAKE_MEMORY={0x8, 0xa, 0x56}, @TCA_CAKE_INGRESS={0x8, 0xf, 0x1}, @TCA_CAKE_FWMARK={0x8, 0x12, 0x3}, @TCA_CAKE_SPLIT_GSO={0x8, 0x11, 0x1}, @TCA_CAKE_RAW={0x8, 0xc, 0x1}]}}, @qdisc_kind_options=@q_pfifo={{0xa}, {0x8, 0x2, 0x2}}, @TCA_EGRESS_BLOCK={0x8}]}, 0x270}, 0x1, 0x0, 0x0, 0x40080c6}, 0x8) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r6 = socket(0x840000000002, 0x3, 0x104) connect$inet(r6, &(0x7f0000000900)={0x2, 0x0, @empty}, 0x10) sendmmsg$inet(r6, &(0x7f0000005240), 0x264e33, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaa97aaaaffffffff29ff86dd600a843500140600fe0000000000000000bbfe8000000000000000000000000000aa00"/58, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) syz_emit_ethernet(0xae, &(0x7f0000000000)=ANY=[@ANYRES64=r6], 0x0) 1.030627261s ago: executing program 4 (id=1788): socket$alg(0x26, 0x5, 0x0) r0 = fsopen(&(0x7f0000000040)='efs\x00', 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x8}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r1}, 0x0, &(0x7f00000003c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0}, 0x20) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000100)='c:::/', 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$xdp(0x2c, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x1e, 0x4, &(0x7f0000000680)=ANY=[], &(0x7f0000000640)='syzkaller\x00', 0x4, 0x98, &(0x7f0000000180)=""/152, 0x0, 0x0, '\x00', 0x0, 0x33}, 0x90) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xa, 0x0, 0x8, 0x1}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x4, 0xd, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002a000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r3}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r2}, &(0x7f0000000380), &(0x7f00000003c0)}, 0x20) unshare(0x22040400) r4 = syz_open_dev$evdev(&(0x7f0000000340), 0x48, 0x1) syz_usb_disconnect(r4) syz_usb_connect(0x4, 0x24, &(0x7f0000000100)=ANY=[], 0x0) ioctl$EVIOCRMFF(r4, 0x40085507, &(0x7f00000003c0)) syz_usb_connect(0x5, 0x0, 0x0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x4, [{0x0, 0x0}, {0x4, &(0x7f0000000540)=@lang_id={0x4, 0x3, 0x41a}}, {0xf7, &(0x7f0000000a40)=ANY=[@ANYRESHEX=r3]}, {0x0, 0x0}]}) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x6e, &(0x7f0000000780)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c200000086dd6002adf700383a00fe880000000000000000000000000001ff020000000000000000000000000001040090780000000060fd906300403a0000000000000000000000ffffac1414aa00000000000000000000ffffac1414aa1e520b4c951ee12e498924c7dc65397852a8bd76be1a00df5f4540f561c798c7f0f4f28b75c39889911933100fb81f82f2e91a7a837723a5046243b5dcfc97e4a53d55ac2cba9275598ff6a4c75332b80ea65dab548259352a0acbc97136c35f9e38ea80523c70452aaef90f6c245a4b5b85b18bbc5669df3961514bb36ffd7564f3208484de4ab809c678fb16b1e2"], 0x0) 607.76445ms ago: executing program 3 (id=1789): r0 = eventfd2(0x0, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = dup3(r1, r0, 0x0) ioctl$SIOCGSTAMPNS(r2, 0x8907, &(0x7f0000000080)) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) setsockopt$sock_void(0xffffffffffffffff, 0x1, 0x1b, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000240)={0x1d, r4, 0x100, {0x0, 0x0, 0x4}}, 0x18) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r6 = syz_io_uring_setup(0x24f8, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000080)=0x0) r9 = socket$inet6_dccp(0xa, 0x6, 0x0) bind$inet6(r9, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x1}, 0x1c) syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r9, 0x80, &(0x7f0000000200)=@in6={0xa, 0x0, 0x0, @dev}}) io_uring_enter(r6, 0x5b43, 0x0, 0x0, 0x0, 0x0) setsockopt$sock_int(r9, 0x1, 0x7, &(0x7f0000000740), 0x4) write$cgroup_int(r5, &(0x7f0000000200), 0xf000) getsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000100), &(0x7f0000000140)=0x4) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r3, &(0x7f0000001500)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[], 0x4c}}, 0x0) readv(r0, &(0x7f0000000200)=[{&(0x7f0000000280)=""/181, 0xb5}], 0x1) 357.040756ms ago: executing program 2 (id=1790): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f000000bdc0)={'wlan1\x00'}) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c340000000000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r2, &(0x7f00000001c0)={0x24, &(0x7f0000000dc0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io(r2, &(0x7f0000000240)={0x2c, &(0x7f0000000000)={0x0, 0x23, 0xbd, {0xbd, 0x9, "72a3468a83b65674ef7c8f704360f09c5ab92d78ed844fd52086f641e0f14d3dbed960563335b738155ad4c5d14a23f70bd2d2eeee3551b301bedb51cee68e23cc2281683e9261aee0f61ebaeea3f69339199a13ed83e7859451f0b29b5c02f9977f62b722e015f5da87f71dce6bac54cefc310be6d2b1a2b7a301f4be15f8b11f1b44aa5515cf000000000000000074362d220e1068267f56ce16aa85ce57c34840c92c08445323feabdd79a3a869919f095a94dba8ea8bb9de01"}}, &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1004}}, &(0x7f0000000140)={0x0, 0xf, 0x26, {0x5, 0xf, 0x26, 0x4, [@ssp_cap={0x14, 0x10, 0xa, 0x5, 0x2, 0x9, 0x1ef00, 0x200, [0x3f00, 0xffc000]}, @ptm_cap={0x3}, @ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x1a, 0x8, 0x9, 0x6}]}}, &(0x7f0000000180)={0x20, 0x29, 0xf, {0xf, 0x29, 0x74, 0x3, 0x0, 0x9, "23a7d238", "b9869171"}}, &(0x7f0000000200)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x1, 0x18, 0x90, 0x9b, 0x6, 0x335f, 0x2}}}, &(0x7f0000000700)={0x84, &(0x7f0000000280)={0x20, 0x1, 0x92, "000848b6bf532c3548f6f65be1043cb8ae782ced044228b6004ca4ae36a6d63daf2b5ea4d90ff809343f0c79980b25dd531702fae65c071e2e75f3cec00753d0ae8cc559049951ebadaffea8aeb9854285851fe3422a1a363824647de926262cb40144adae1685ba1b895b9d05c702c6688a571d809e179c9086f4c8d483cd87a1064a5931d20d963ed14d7c6bd1e5fb939a"}, &(0x7f0000000340)={0x0, 0xa, 0x1, 0x40}, &(0x7f0000000380)={0x0, 0x8, 0x1}, &(0x7f00000003c0)={0x20, 0x0, 0x4, {0x0, 0x1}}, &(0x7f0000000400)={0x20, 0x0, 0x4, {0x120, 0x8}}, &(0x7f0000000440)={0x40, 0x7, 0x2}, &(0x7f0000000480)={0x40, 0x9, 0x1}, &(0x7f00000004c0)={0x40, 0xb, 0x2, 'xJ'}, &(0x7f0000000500)={0x40, 0xf, 0x2, 0x7ff}, &(0x7f0000000540)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x28}}, &(0x7f0000000580)={0x40, 0x17, 0x6, @remote}, &(0x7f00000005c0)={0x40, 0x19, 0x2, "03a3"}, &(0x7f0000000600)={0x40, 0x1a, 0x2, 0x1611}, &(0x7f0000000640)={0x40, 0x1c, 0x1, 0xf}, &(0x7f0000000680)={0x40, 0x1e, 0x1, 0x4}, &(0x7f00000006c0)={0x40, 0x21, 0x1, 0x3}}) syz_usb_control_io(r2, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) getpid() r4 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r4, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000280)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0xfff9, 0x0, 0xffffffff, 0x8}, 0x9c) socket$nl_route(0x10, 0x3, 0x0) pipe(0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x3000003, 0x200000006c832, 0xffffffffffffffff, 0x0) r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000000)={@my=0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f0000000640)={{@my=0x1}, @hyper, 0x0, 0x2925, 0x0, 0x20000000, 0x4}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r5, 0x7a4, &(0x7f0000000040)={{@my=0x1}}) syz_usb_control_io$hid(r2, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 0s ago: executing program 4 (id=1792): socket$alg(0x26, 0x5, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000280)={&(0x7f0000000900)=ANY=[@ANYBLOB="20000000a234dece55b8f05e66db7c145183f0507fe985244380a2d0331567e39ab5af4be3246be00dbec30c08000000f67fa4e7edcfe046133d64d9c4f2a11d5c904954103fa6f58180b0d94b7005ee681d7dff234b0a6a03c4ce21dda745f5c2cb12813fa73ada4391ac5b11287d48b38972f4f3b1ea646f4c793fa6ae1af2fb6a527410adb3455175c8d452fcb59609dc2ad5c94bd3ebba73ebaeee4b9bf4dc8c76caacc6396ac00f04", @ANYRES16=r1, @ANYRES32, @ANYBLOB="da2112f059fc6884d6378069910918b568f35973c5e9b8dca5253bb108c18742b708437e3fa30b88e6cecec055c19da9342f69ad185ed8aa060ef69d655d45a27631092b27572573b97f993beec492da6dc501ad8dc8bbac185ee0ee476859af1141532a44a041bd6ac8c84dffbfe401a4211261757870636a054551a14c46569232c2b1c365cf9bc2fe807033b8f1db1ac977e2898ccc28a2cd5cd4610f8c664d461dd496f35f2c03b180a7d33ceb9f8fd98981"], 0x20}}, 0x20040000) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7) r2 = io_uring_setup(0x666, &(0x7f00000002c0)={0x0, 0x4cf, 0x40, 0x0, 0x2}) r3 = socket(0x40000000015, 0x5, 0x0) connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_procs(r4, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r5, &(0x7f0000000600), 0x12) r6 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) read$FUSE(r6, &(0x7f0000002a40)={0x2020}, 0x2020) setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f00006dbffc), 0x4) bind$inet(r3, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000003c0)="fe", 0x1}, {&(0x7f0000001240)="1eac4d20f8509e2139d2842c8faedef008bcac1025cbc63d2bfe0c7bbe51c5bf73985d5106bf5b5e7e5761716e35b468ea79633c916c4a8026f9408d056b8977df67c0e6fd0b1b3da5de5d003382ac95eade5dadad870ce3749452d2c1c3651ffff244be3078fdbfeb97d093bba60131e733d91c4ad38e7b52aa7afa9cb8e2351bd3f8a7a2a0425b071f6790992b8c2a51d944b0161c5c97fcdc19c2ef7c66ccc23c77a28a34b216c429444343ea056f171399dc03d56a1131ba74d31fc1012d3deff0e43309fc9e3b88bec90a7680aa74ccd581e02eb436a0009fa62097513d0c9533256d81978fae39288edcb833739d2988ccf5a564bc00edd1ab0853b873cbab3ef227f11325d72dbe2f435351610d01d0f74e180df6eaa94651336e7713414e499586edd5693e587a186fcb68a973e823e61a072aaa4fb9e3a03ff4c17c9e343684255efba0d1b149b22c2d81f1ac5eaccaab01ab108178e97eb8a45d5d6cdeca0d6b9af9f88cfee58935be6902ac7c6915d60548367d164990b142d472b9b5700191b1f978fb36bcde646385dcf5cb7adf1ec70baef4061d2da93d2f5eefae1081374d58ab54532755c1b8bf303584296145e9aad2e3ccef93f30da9c102db5cfe346baba2fd3f157cb6e825e607365ff8c6187e216dc4072e582874ce63166405e21644015f99d5713165a377bfdc3143928e8469b4e312ce1f9dff83fe7c8d9fca791af2b46f1650e3937c9ab589d5f93fb578503aa64042c66571649844d93257489c1b658140e4c194c329a1a2c0117d123a45b213a118dd608bd6bdb2e0a6782f785321ff48eac4158ad9efb3737a6cfbb21d0dba732558493aa09dfa7fa41b4922e4e205a4792c9694661a18eff0d932d824f6987aa3dafa7ddc9b0acd70d43263c78dde88b7c665abbeec1cf1016ddc321f713cc3c149eeda6443b5b278eb3a05b08d510650b055d3193c4d5bbe084431cc40a626e81827d8bf2379435ada42a99569b35faa3af53f90f4dcf7a7d1c2e6fe4d7739b135981d40ba00de019909748640d554a159e552c6a7a7c77b213fad40dd785cc4ee983266b3377fbc7845a44992f82656b8240c169697599074348a4bac29423612e4c0ba89a66d08033b54b4d8f8704ab9470fe6316dc6ba610b7f3c1b0428607b13d2cfbed5c82d9214a1e97edaa27ed011d42800467fd54cddec7841f2aa513e7c8956842ea69b6b80208a4acbe9b678a9ab48a26df1cebd283f0d8e2956d8e8a4aad5b563ae75ddaf9b167d70b0e96f42a4f1c5bef1e777fedcb380707fc7ac87e249f322a01660687c04d1bbeeefeecadf86c3ef805d79964a862877cfbff40eb340f7065bc759013cbdcb25305ba6812a853b8d8e1960227826acb24311ed0e67f84565dd8858ca3be23409569e15ba75120c35dffdc8a4b7688d5d02fedf88434274b828fec979ea029405cd1e7cadc867ebdc98c4a523178715828c1a6361e60ff1f2968efc20d6888ac2a6f81e37cbc7f1e89f3421825cc278df26c8722e1672fc9672a8d0a60dded6f0765ac61f8a91acf0195abc177e56cc91a9c11ccf95d2a58de5494e66cfa1e758438ee4bb163ee05927e551e4d05b308a0eb01cea0e43", 0x480}], 0x2}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f00000001c0)={0x0, 0x3d, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x0) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_inet_SIOCADDRT(r7, 0x890b, &(0x7f0000000040)={0x0, {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x2, 0x4e21, @private=0xa010102}, {0x2, 0x4e23, @private=0xa010100}, 0x81, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000000)='macvtap0\x00', 0x2, 0x4, 0x7}) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x41, 0x3, 0x248, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1b0, 0x1f0, 0x1f0, 0x1b0, 0x1f0, 0x3, 0x0, {[{{@ip={@dev, @broadcast, 0x0, 0x0, 'wlan1\x00', 'wg1\x00', {}, {}, 0x6}, 0x0, 0xb8, 0xe0, 0x0, {0x0, 0xffffffffa0028000}, [@common=@ttl={{0x28}}, @common=@socket0={{0x20}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ip={@dev, @multicast2, 0x0, 0x0, 'xfrm0\x00'}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2a8) close_range(r2, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): rintk_skb: 11 callbacks suppressed [ 368.975149][ T29] audit: type=1326 audit(1720374932.619:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11075 comm="syz.3.1349" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7d2e175bd9 code=0x0 [ 369.044128][T11054] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 369.057766][T11054] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 369.289353][ T5102] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 369.319152][ T5102] asix 5-1:0.0: probe with driver asix failed with error -71 [ 369.350328][ T5102] usb 5-1: USB disconnect, device number 37 [ 369.422812][T11084] netlink: 192 bytes leftover after parsing attributes in process `syz.0.1350'. [ 369.531491][T11086] netlink: 'syz.1.1352': attribute type 72 has an invalid length. [ 370.145011][T11096] FAULT_INJECTION: forcing a failure. [ 370.145011][T11096] name failslab, interval 1, probability 0, space 0, times 0 [ 370.169264][T11096] CPU: 1 PID: 11096 Comm: syz.4.1356 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 370.179480][T11096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 370.189536][T11096] Call Trace: [ 370.192804][T11096] [ 370.195718][T11096] dump_stack_lvl+0x241/0x360 [ 370.200389][T11096] ? __pfx_dump_stack_lvl+0x10/0x10 [ 370.205569][T11096] ? __pfx__printk+0x10/0x10 [ 370.210145][T11096] ? __pfx___might_resched+0x10/0x10 [ 370.215422][T11096] should_fail_ex+0x3b0/0x4e0 [ 370.220087][T11096] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 370.225785][T11096] should_failslab+0x9/0x20 [ 370.230292][T11096] __kmalloc_noprof+0xd8/0x400 [ 370.235090][T11096] ? kfree+0x4e/0x360 [ 370.239099][T11096] tomoyo_realpath_from_path+0xcf/0x5e0 [ 370.244674][T11096] tomoyo_path_number_perm+0x23a/0x880 [ 370.250158][T11096] ? tomoyo_path_number_perm+0x208/0x880 [ 370.255813][T11096] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 370.261853][T11096] ? __fget_files+0x29/0x470 [ 370.266466][T11096] ? __fget_files+0x3f6/0x470 [ 370.271156][T11096] ? __fget_files+0x29/0x470 [ 370.275769][T11096] security_file_ioctl+0x75/0xb0 [ 370.280734][T11096] __se_sys_ioctl+0x47/0x170 [ 370.285349][T11096] do_syscall_64+0xf3/0x230 [ 370.289877][T11096] ? clear_bhb_loop+0x35/0x90 [ 370.294575][T11096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.300489][T11096] RIP: 0033:0x7f6907375bd9 [ 370.304965][T11096] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 370.324564][T11096] RSP: 002b:00007f6908176048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 370.333071][T11096] RAX: ffffffffffffffda RBX: 00007f6907503f60 RCX: 00007f6907375bd9 [ 370.341062][T11096] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 370.349061][T11096] RBP: 00007f69081760a0 R08: 0000000000000000 R09: 0000000000000000 [ 370.357026][T11096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 370.365077][T11096] R13: 000000000000000b R14: 00007f6907503f60 R15: 00007f690762fa68 [ 370.373057][T11096] [ 370.457830][T11096] ERROR: Out of memory at tomoyo_realpath_from_path. [ 371.053667][T11123] fuse: Bad value for 'user_id' [ 371.093645][T11122] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1364'. [ 371.209189][T11131] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.1367'. [ 371.236774][ T5102] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 371.438371][ T5102] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 371.464186][ T5102] usb 5-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00 [ 371.474067][ T5102] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.485154][ T5102] usb 5-1: config 0 descriptor?? [ 371.509098][ T5102] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 371.726754][ T25] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 371.914820][T11150] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 371.926461][ T25] usb 4-1: Using ep0 maxpacket: 8 [ 371.942185][ T25] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 371.964283][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.993876][ T25] usb 4-1: config 0 descriptor?? [ 372.427981][ T53] Bluetooth: Unexpected start frame (len 12) [ 372.455522][T11163] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 372.466531][T11163] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 372.855994][T11170] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 373.209051][ T25] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 373.233516][ T25] asix 4-1:0.0: probe with driver asix failed with error -71 [ 373.250965][ T25] usb 4-1: USB disconnect, device number 34 [ 373.987754][T11183] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.1380'. [ 374.014150][ T5149] usb 5-1: USB disconnect, device number 38 [ 374.672277][T11197] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 374.678815][T11197] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 374.716772][T11197] vhci_hcd vhci_hcd.0: Device attached [ 374.750926][T11200] vhci_hcd: connection closed [ 374.751119][ T1057] vhci_hcd: stop threads [ 374.769245][ T1057] vhci_hcd: release socket [ 374.775207][ T1057] vhci_hcd: disconnect device [ 374.808749][ T5150] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 375.026753][ T5150] usb 4-1: Using ep0 maxpacket: 32 [ 375.082036][ T5150] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=49.6b [ 375.096737][ T5150] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 375.117930][ T5150] usb 4-1: config 0 descriptor?? [ 375.148222][ T5150] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 375.377896][T11224] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 375.393931][ T1095] usb 4-1: Failed to submit usb control message: -71 [ 375.410492][ T5150] usb 4-1: USB disconnect, device number 35 [ 375.413590][ T1095] usb 4-1: unable to send the bmi data to the device: -71 [ 375.449743][ T1095] usb 4-1: unable to get target info from device [ 375.493644][ T1095] usb 4-1: could not get target info (-71) [ 375.499892][ T1095] usb 4-1: could not probe fw (-71) [ 375.676735][ T25] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 375.896679][ T25] usb 2-1: Using ep0 maxpacket: 8 [ 375.913672][ T25] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 375.942396][ T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 375.962061][ T25] usb 2-1: config 0 descriptor?? [ 376.036748][ T5150] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 376.258999][ T5150] usb 3-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 376.295390][ T5150] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 376.318391][T11239] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 376.348264][ T5150] usb 3-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 376.369265][T11241] netlink: 1752 bytes leftover after parsing attributes in process `syz.3.1395'. [ 376.375689][T11239] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 376.389846][ T5150] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.433114][ T5150] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 376.633201][ T5150] gspca_sn9c2028: read1 error -32 [ 376.679199][ T5150] gspca_sn9c2028: read1 error -32 [ 377.064616][ T25] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 377.120240][ T25] asix 2-1:0.0: probe with driver asix failed with error -71 [ 377.156770][ T25] usb 2-1: USB disconnect, device number 38 [ 378.051920][T11262] FAULT_INJECTION: forcing a failure. [ 378.051920][T11262] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 378.073704][T11262] CPU: 0 PID: 11262 Comm: syz.1.1401 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 378.083894][T11262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 378.093950][T11262] Call Trace: [ 378.097228][T11262] [ 378.100151][T11262] dump_stack_lvl+0x241/0x360 [ 378.104835][T11262] ? __pfx_dump_stack_lvl+0x10/0x10 [ 378.110041][T11262] ? __pfx__printk+0x10/0x10 [ 378.114643][T11262] ? snprintf+0xda/0x120 [ 378.118904][T11262] should_fail_ex+0x3b0/0x4e0 [ 378.123600][T11262] _copy_to_user+0x2f/0xb0 [ 378.128036][T11262] simple_read_from_buffer+0xca/0x150 [ 378.133421][T11262] proc_fail_nth_read+0x1e9/0x250 [ 378.138439][T11262] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 378.143985][T11262] ? rw_verify_area+0x520/0x6b0 [ 378.148842][T11262] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 378.154375][T11262] vfs_read+0x204/0xbc0 [ 378.158548][T11262] ? __pfx_lock_release+0x10/0x10 [ 378.163580][T11262] ? do_sock_setsockopt+0x3e2/0x720 [ 378.168769][T11262] ? __pfx_vfs_read+0x10/0x10 [ 378.173432][T11262] ? __fget_files+0x29/0x470 [ 378.178009][T11262] ? __fget_files+0x3f6/0x470 [ 378.182677][T11262] ksys_read+0x1a0/0x2c0 [ 378.186906][T11262] ? __pfx_ksys_read+0x10/0x10 [ 378.191657][T11262] ? do_syscall_64+0x100/0x230 [ 378.196411][T11262] ? do_syscall_64+0xb6/0x230 [ 378.201174][T11262] do_syscall_64+0xf3/0x230 [ 378.205665][T11262] ? clear_bhb_loop+0x35/0x90 [ 378.210341][T11262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.216234][T11262] RIP: 0033:0x7f8244d746bc [ 378.220636][T11262] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 378.240240][T11262] RSP: 002b:00007f8245b1f040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 378.248639][T11262] RAX: ffffffffffffffda RBX: 00007f8244f04038 RCX: 00007f8244d746bc [ 378.256600][T11262] RDX: 000000000000000f RSI: 00007f8245b1f0b0 RDI: 0000000000000004 [ 378.264568][T11262] RBP: 00007f8245b1f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 378.272524][T11262] R10: 0000000020000240 R11: 0000000000000246 R12: 0000000000000001 [ 378.280502][T11262] R13: 000000000000006e R14: 00007f8244f04038 R15: 00007f824502fa68 [ 378.288468][T11262] [ 378.417742][T11270] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 378.649311][ T5150] usb 3-1: USB disconnect, device number 45 [ 378.769847][ T25] usb 4-1: new low-speed USB device number 36 using dummy_hcd [ 378.899610][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.906008][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.947436][ T25] usb 4-1: device descriptor read/64, error -71 [ 379.256892][ T25] usb 4-1: new low-speed USB device number 37 using dummy_hcd [ 379.406727][ T25] usb 4-1: device descriptor read/64, error -71 [ 379.527368][ T25] usb usb4-port1: attempt power cycle [ 379.674582][T11297] FAULT_INJECTION: forcing a failure. [ 379.674582][T11297] name failslab, interval 1, probability 0, space 0, times 0 [ 379.712040][T11297] CPU: 0 PID: 11297 Comm: syz.1.1414 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 379.722238][T11297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 379.732322][T11297] Call Trace: [ 379.735616][T11297] [ 379.738586][T11297] dump_stack_lvl+0x241/0x360 [ 379.743277][T11297] ? __pfx_dump_stack_lvl+0x10/0x10 [ 379.748478][T11297] ? __pfx__printk+0x10/0x10 [ 379.753094][T11297] ? ref_tracker_alloc+0x332/0x490 [ 379.758220][T11297] should_fail_ex+0x3b0/0x4e0 [ 379.762917][T11297] ? skb_clone+0x20c/0x390 [ 379.767343][T11297] should_failslab+0x9/0x20 [ 379.771848][T11297] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 379.777226][T11297] skb_clone+0x20c/0x390 [ 379.781472][T11297] __netlink_deliver_tap+0x3cc/0x7c0 [ 379.786763][T11297] ? netlink_deliver_tap+0x2e/0x1b0 [ 379.791958][T11297] netlink_deliver_tap+0x19d/0x1b0 [ 379.797155][T11297] netlink_unicast+0x7b8/0x980 [ 379.801920][T11297] ? __pfx_netlink_unicast+0x10/0x10 [ 379.807197][T11297] ? __virt_addr_valid+0x183/0x520 [ 379.812305][T11297] ? __check_object_size+0x49c/0x900 [ 379.817590][T11297] ? bpf_lsm_netlink_send+0x9/0x10 [ 379.822699][T11297] netlink_sendmsg+0x8db/0xcb0 [ 379.827466][T11297] ? __pfx_netlink_sendmsg+0x10/0x10 [ 379.832755][T11297] ? __import_iovec+0x536/0x820 [ 379.837594][T11297] ? aa_sock_msg_perm+0x91/0x160 [ 379.842528][T11297] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 379.847803][T11297] ? security_socket_sendmsg+0x87/0xb0 [ 379.853257][T11297] ? __pfx_netlink_sendmsg+0x10/0x10 [ 379.858537][T11297] __sock_sendmsg+0x221/0x270 [ 379.863213][T11297] ____sys_sendmsg+0x525/0x7d0 [ 379.867979][T11297] ? __pfx_____sys_sendmsg+0x10/0x10 [ 379.873340][T11297] __sys_sendmsg+0x2b0/0x3a0 [ 379.877926][T11297] ? __pfx___sys_sendmsg+0x10/0x10 [ 379.883027][T11297] ? vfs_write+0x7c4/0xc90 [ 379.887467][T11297] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 379.893810][T11297] ? do_syscall_64+0x100/0x230 [ 379.898587][T11297] ? do_syscall_64+0xb6/0x230 [ 379.903278][T11297] do_syscall_64+0xf3/0x230 [ 379.907796][T11297] ? clear_bhb_loop+0x35/0x90 [ 379.912479][T11297] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 379.918374][T11297] RIP: 0033:0x7f8244d75bd9 [ 379.922782][T11297] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 379.942387][T11297] RSP: 002b:00007f8245b40048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 379.950802][T11297] RAX: ffffffffffffffda RBX: 00007f8244f03f60 RCX: 00007f8244d75bd9 [ 379.958764][T11297] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 379.966725][T11297] RBP: 00007f8245b400a0 R08: 0000000000000000 R09: 0000000000000000 [ 379.974775][T11297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 379.982739][T11297] R13: 000000000000000b R14: 00007f8244f03f60 R15: 00007f824502fa68 [ 379.990716][T11297] [ 379.993892][ C0] vkms_vblank_simulate: vblank timer overrun [ 380.096727][ T25] usb 4-1: new low-speed USB device number 38 using dummy_hcd [ 380.128293][ T25] usb 4-1: device descriptor read/8, error -71 [ 380.185237][ T51] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.397240][ T25] usb 4-1: new low-speed USB device number 39 using dummy_hcd [ 380.413554][ T5096] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 380.433868][ T5096] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 380.446970][ T5096] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 380.461071][ T5096] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 380.468891][ T5096] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 380.476159][ T5096] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 380.537009][ T25] usb 4-1: device descriptor read/8, error -71 [ 380.604043][ T51] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.664716][ T25] usb usb4-port1: unable to enumerate USB device [ 380.719896][ T51] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.724951][T11312] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 380.926501][ T51] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.398117][ T51] bridge_slave_1: left allmulticast mode [ 381.404722][ T51] bridge_slave_1: left promiscuous mode [ 381.422497][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 381.452609][ T51] bridge_slave_0: left allmulticast mode [ 381.472068][ T51] bridge_slave_0: left promiscuous mode [ 381.489687][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 382.487574][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 382.545233][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 382.577142][ T53] Bluetooth: hci0: command tx timeout [ 382.640561][ T51] bond0 (unregistering): Released all slaves [ 382.872209][T11302] chnl_net:caif_netlink_parms(): no params data found [ 383.097180][T11352] netlink: 'syz.1.1430': attribute type 3 has an invalid length. [ 383.749483][ T51] hsr_slave_0: left promiscuous mode [ 383.762682][ T5096] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 383.776479][ T5096] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 383.785336][ T5096] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 383.804729][ T5096] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 383.813413][ T5096] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 383.827254][ T5096] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 383.872927][ T51] hsr_slave_1: left promiscuous mode [ 383.927591][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 383.946817][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 384.009882][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 384.045333][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 384.191610][ T51] veth1_macvtap: left promiscuous mode [ 384.217531][ T51] veth0_macvtap: left promiscuous mode [ 384.223281][ T51] veth1_vlan: left promiscuous mode [ 384.244536][ T51] veth0_vlan: left promiscuous mode [ 384.659254][ T5096] Bluetooth: hci0: command tx timeout [ 384.700865][ T53] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 384.729922][ T53] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 384.763816][ T53] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 384.781645][ T53] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 384.825851][ T53] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 384.838424][ T53] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 385.681114][ T51] team0 (unregistering): Port device team_slave_1 removed [ 385.735412][ T51] team0 (unregistering): Port device team_slave_0 removed [ 385.950432][ T5096] Bluetooth: hci4: command tx timeout [ 386.403791][T11302] bridge0: port 1(bridge_slave_0) entered blocking state [ 386.440037][T11302] bridge0: port 1(bridge_slave_0) entered disabled state [ 386.460251][T11302] bridge_slave_0: entered allmulticast mode [ 386.474238][T11302] bridge_slave_0: entered promiscuous mode [ 386.487231][T11302] bridge0: port 2(bridge_slave_1) entered blocking state [ 386.494465][T11302] bridge0: port 2(bridge_slave_1) entered disabled state [ 386.502275][T11302] bridge_slave_1: entered allmulticast mode [ 386.517858][T11302] bridge_slave_1: entered promiscuous mode [ 386.563888][T11423] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 386.646702][ T25] IPVS: starting estimator thread 0... [ 386.663652][T11420] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 386.696009][T11302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 386.736923][ T5096] Bluetooth: hci0: command tx timeout [ 386.736943][T11426] IPVS: using max 22 ests per chain, 52800 per kthread [ 386.759788][T11302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 386.896990][ T5096] Bluetooth: hci2: command tx timeout [ 386.938774][T11302] team0: Port device team_slave_0 added [ 386.999587][T11302] team0: Port device team_slave_1 added [ 387.036801][ T25] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 387.128352][T11302] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 387.136123][T11302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 387.177613][T11302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 387.251572][T11383] chnl_net:caif_netlink_parms(): no params data found [ 387.264013][T11302] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 387.271158][ T25] usb 4-1: Using ep0 maxpacket: 16 [ 387.286445][T11302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 387.287861][ T25] usb 4-1: config 0 has an invalid interface number: 107 but max is 0 [ 387.336793][T11302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 387.398481][ T25] usb 4-1: config 0 has no interface number 0 [ 387.404644][ T25] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 387.424821][ T25] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid maxpacket 25189, setting to 1024 [ 387.448239][ T25] usb 4-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60 [ 387.458563][ T25] usb 4-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3 [ 387.491833][ T25] usb 4-1: Product: syz [ 387.523049][ T25] usb 4-1: Manufacturer: syz [ 387.544011][ T25] usb 4-1: SerialNumber: syz [ 387.560559][ T25] usb 4-1: config 0 descriptor?? [ 387.568614][ T25] keyspan 4-1:0.107: Keyspan 4 port adapter converter detected [ 387.584649][ T25] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 81 [ 387.597618][ T25] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 1 [ 387.626150][ T25] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB0 [ 387.651456][ T25] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 2 [ 387.664879][ T25] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB1 [ 387.676410][ T25] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 4 [ 387.679741][T11302] hsr_slave_0: entered promiscuous mode [ 387.702727][T11302] hsr_slave_1: entered promiscuous mode [ 387.706903][ T25] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB2 [ 387.725600][T11302] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 387.734486][T11302] Cannot create hsr debugfs directory [ 387.738177][ T25] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 6 [ 387.764573][ T25] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB3 [ 387.833110][ T51] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 387.850940][ T5150] usb 4-1: USB disconnect, device number 40 [ 387.904615][ T5150] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0 [ 387.925257][ T5150] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1 [ 387.962883][T11400] chnl_net:caif_netlink_parms(): no params data found [ 387.970644][ T5150] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2 [ 388.017701][ T5096] Bluetooth: hci4: command tx timeout [ 388.024776][ T5150] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3 [ 388.035575][ T5150] keyspan 4-1:0.107: device disconnected [ 388.087940][ T51] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.212691][ T51] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.281886][T11383] bridge0: port 1(bridge_slave_0) entered blocking state [ 388.301370][T11383] bridge0: port 1(bridge_slave_0) entered disabled state [ 388.314631][T11383] bridge_slave_0: entered allmulticast mode [ 388.332711][T11383] bridge_slave_0: entered promiscuous mode [ 388.350140][T11383] bridge0: port 2(bridge_slave_1) entered blocking state [ 388.366237][T11383] bridge0: port 2(bridge_slave_1) entered disabled state [ 388.374509][T11383] bridge_slave_1: entered allmulticast mode [ 388.391492][T11383] bridge_slave_1: entered promiscuous mode [ 388.396721][ T25] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 388.517202][ T51] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 388.587456][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 388.607872][ T25] usb 3-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 388.620502][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 388.628710][ T25] usb 3-1: Product: syz [ 388.632897][ T25] usb 3-1: Manufacturer: syz [ 388.637602][ T25] usb 3-1: SerialNumber: syz [ 388.657085][ T25] usb 3-1: config 0 descriptor?? [ 388.680950][ T25] ssu100 3-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 388.785015][T11383] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 388.816795][ T5096] Bluetooth: hci0: command tx timeout [ 388.836219][T11400] bridge0: port 1(bridge_slave_0) entered blocking state [ 388.844961][T11400] bridge0: port 1(bridge_slave_0) entered disabled state [ 388.852746][T11400] bridge_slave_0: entered allmulticast mode [ 388.864796][T11400] bridge_slave_0: entered promiscuous mode [ 388.880750][T11383] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 388.919021][T11400] bridge0: port 2(bridge_slave_1) entered blocking state [ 388.928556][T11400] bridge0: port 2(bridge_slave_1) entered disabled state [ 388.939591][T11400] bridge_slave_1: entered allmulticast mode [ 388.954663][T11400] bridge_slave_1: entered promiscuous mode [ 388.987817][ T5096] Bluetooth: hci2: command tx timeout [ 388.993399][T11383] team0: Port device team_slave_0 added [ 389.051386][T11400] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 389.070089][T11383] team0: Port device team_slave_1 added [ 389.149921][T11400] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 389.382942][T11400] team0: Port device team_slave_0 added [ 389.405483][T11400] team0: Port device team_slave_1 added [ 389.421878][T11383] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 389.444054][T11383] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 389.471611][T11383] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 389.533761][ T51] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.689571][ T25] ssu100 3-1:0.0: probe with driver ssu100 failed with error -71 [ 389.709921][ T25] usb 3-1: USB disconnect, device number 46 [ 389.723108][T11383] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 389.735290][T11383] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 389.761390][T11383] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 389.810003][ T51] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 389.868623][T11400] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 389.875586][T11400] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 389.906501][T11400] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 389.921865][T11400] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 389.928978][T11400] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 389.956468][T11400] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 390.076538][ T51] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.096828][ T5096] Bluetooth: hci4: command tx timeout [ 390.335775][T11496] netlink: 172 bytes leftover after parsing attributes in process `syz.2.1463'. [ 390.473019][ T51] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 390.546106][T11400] hsr_slave_0: entered promiscuous mode [ 390.564496][T11400] hsr_slave_1: entered promiscuous mode [ 390.570895][T11400] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 390.586754][T11400] Cannot create hsr debugfs directory [ 390.623628][T11383] hsr_slave_0: entered promiscuous mode [ 390.674379][T11383] hsr_slave_1: entered promiscuous mode [ 390.680991][T11383] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 390.688954][T11383] Cannot create hsr debugfs directory [ 391.060536][ T5096] Bluetooth: hci2: command tx timeout [ 391.114003][T11509] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 391.125457][T11302] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 391.231242][T11302] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 391.253994][ T51] bridge_slave_1: left allmulticast mode [ 391.266795][ T51] bridge_slave_1: left promiscuous mode [ 391.276636][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 391.304547][ T51] bridge_slave_0: left allmulticast mode [ 391.322169][ T51] bridge_slave_0: left promiscuous mode [ 391.346195][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 391.370273][ T51] bridge_slave_1: left allmulticast mode [ 391.375969][ T51] bridge_slave_1: left promiscuous mode [ 391.403850][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 391.425155][ T51] bridge_slave_0: left allmulticast mode [ 391.433176][ T51] bridge_slave_0: left promiscuous mode [ 391.446849][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 391.479104][ T51] bridge_slave_1: left allmulticast mode [ 391.484808][ T51] bridge_slave_1: left promiscuous mode [ 391.491466][ T51] bridge0: port 2(bridge_slave_1) entered disabled state [ 391.502192][ T51] bridge_slave_0: left allmulticast mode [ 391.523206][ T51] bridge_slave_0: left promiscuous mode [ 391.535352][ T51] bridge0: port 1(bridge_slave_0) entered disabled state [ 391.546928][ T5149] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 391.746732][ T5149] usb 4-1: Using ep0 maxpacket: 16 [ 391.759390][ T5149] usb 4-1: config 0 has an invalid interface number: 107 but max is 0 [ 391.773772][ T5149] usb 4-1: config 0 has no interface number 0 [ 391.787351][ T5149] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 391.816948][ T5149] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid maxpacket 25189, setting to 1024 [ 391.834001][ T5149] usb 4-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60 [ 391.844218][ T5149] usb 4-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3 [ 391.852737][ T5149] usb 4-1: Product: syz [ 391.858054][ T5149] usb 4-1: Manufacturer: syz [ 391.863661][ T5149] usb 4-1: SerialNumber: syz [ 391.897762][ T5149] usb 4-1: config 0 descriptor?? [ 391.913751][ T5149] keyspan 4-1:0.107: Keyspan 4 port adapter converter detected [ 391.924227][ T5149] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 81 [ 391.946235][ T5149] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 1 [ 391.967567][ T5149] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB0 [ 391.984000][ T5149] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 2 [ 392.012985][ T5149] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB1 [ 392.033651][ T5149] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 4 [ 392.063478][ T5149] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB2 [ 392.075761][ T5149] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 6 [ 392.101250][ T5149] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB3 [ 392.177255][ T5096] Bluetooth: hci4: command tx timeout [ 392.300661][ T25] usb 4-1: USB disconnect, device number 41 [ 392.343282][ T25] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0 [ 392.379932][ T25] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1 [ 392.413890][ T25] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2 [ 392.443465][ T25] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3 [ 392.471709][ T25] keyspan 4-1:0.107: device disconnected [ 393.014420][T11539] netlink: 172 bytes leftover after parsing attributes in process `syz.3.1471'. [ 393.149205][ T5096] Bluetooth: hci2: command tx timeout [ 393.245821][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 393.260729][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 393.274836][ T51] bond0 (unregistering): Released all slaves [ 393.382612][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 393.393720][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 393.405008][ T51] bond0 (unregistering): Released all slaves [ 393.513013][ T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 393.525370][ T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 393.536257][ T51] bond0 (unregistering): Released all slaves [ 393.565069][T11302] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 393.586064][T11302] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 393.864010][T11544] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 394.400599][T11552] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 395.145621][T11302] 8021q: adding VLAN 0 to HW filter on device bond0 [ 395.362886][T11302] 8021q: adding VLAN 0 to HW filter on device team0 [ 395.482715][ T51] hsr_slave_0: left promiscuous mode [ 395.500867][ T51] hsr_slave_1: left promiscuous mode [ 395.526101][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 395.534061][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 395.566166][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 395.591663][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 395.608740][ T51] hsr_slave_0: left promiscuous mode [ 395.615305][ T51] hsr_slave_1: left promiscuous mode [ 395.623579][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 395.631464][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 395.640015][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 395.647960][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 395.670950][ T51] hsr_slave_0: left promiscuous mode [ 395.687731][ T51] hsr_slave_1: left promiscuous mode [ 395.697827][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 395.715842][ T51] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 395.734663][ T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 395.754084][ T51] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 395.863513][ T51] veth1_macvtap: left promiscuous mode [ 395.877021][ T51] veth0_macvtap: left promiscuous mode [ 395.888882][ T51] veth1_vlan: left promiscuous mode [ 395.894246][ T51] veth0_vlan: left promiscuous mode [ 395.915126][ T51] veth1_macvtap: left promiscuous mode [ 395.924880][ T51] veth0_macvtap: left promiscuous mode [ 395.931821][ T51] veth1_vlan: left promiscuous mode [ 395.947257][ T51] veth0_vlan: left promiscuous mode [ 395.961747][ T51] veth1_macvtap: left promiscuous mode [ 395.976202][ T51] veth0_macvtap: left promiscuous mode [ 395.997697][ T51] veth1_vlan: left promiscuous mode [ 396.003087][ T51] veth0_vlan: left promiscuous mode [ 396.380070][T11585] netlink: 172 bytes leftover after parsing attributes in process `syz.3.1480'. [ 396.886899][ T25] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 396.968054][ T51] team0 (unregistering): Port device team_slave_1 removed [ 397.012588][ T51] team0 (unregistering): Port device team_slave_0 removed [ 397.077919][ T25] usb 3-1: Using ep0 maxpacket: 32 [ 397.089110][ T25] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=49.6b [ 397.098539][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 397.112362][ T25] usb 3-1: config 0 descriptor?? [ 397.153178][ T25] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 397.352180][ T1100] usb 3-1: Failed to submit usb control message: -71 [ 397.361461][ T5149] usb 3-1: USB disconnect, device number 47 [ 397.371966][ T1100] usb 3-1: unable to send the bmi data to the device: -71 [ 397.382798][ T1100] usb 3-1: unable to get target info from device [ 397.391135][ T1100] usb 3-1: could not get target info (-71) [ 397.397194][ T1100] usb 3-1: could not probe fw (-71) [ 397.882722][ T51] team0 (unregistering): Port device team_slave_1 removed [ 397.924932][ T51] team0 (unregistering): Port device team_slave_0 removed [ 398.474118][T11597] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 399.135482][ T51] team0 (unregistering): Port device team_slave_1 removed [ 399.205366][ T51] team0 (unregistering): Port device team_slave_0 removed [ 399.808360][ T5150] bridge0: port 1(bridge_slave_0) entered blocking state [ 399.815538][ T5150] bridge0: port 1(bridge_slave_0) entered forwarding state [ 399.904178][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 399.911413][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 400.250262][T11302] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 400.304509][T11383] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 400.340829][T11383] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 400.367803][T11383] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 400.454942][T11383] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 400.630405][T11400] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 400.687337][T11302] veth0_vlan: entered promiscuous mode [ 400.735149][T11400] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 400.787001][T11400] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 400.839912][T11400] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 400.903886][T11302] veth1_vlan: entered promiscuous mode [ 401.106006][ T51] IPVS: stop unused estimator thread 0... [ 401.132891][T11302] veth0_macvtap: entered promiscuous mode [ 401.143309][T11628] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1489'. [ 401.177020][T11302] veth1_macvtap: entered promiscuous mode [ 401.316184][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 401.356754][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 401.393897][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 401.419587][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 401.446221][T11302] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 401.506456][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 401.554841][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 401.578594][T11302] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 401.590021][T11302] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 401.602704][T11302] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 401.660924][T11400] 8021q: adding VLAN 0 to HW filter on device bond0 [ 401.691807][T11302] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 401.711442][T11302] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 401.720482][T11302] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 401.735435][T11302] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 401.764970][T11383] 8021q: adding VLAN 0 to HW filter on device bond0 [ 401.786770][ T9] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 401.881311][T11383] 8021q: adding VLAN 0 to HW filter on device team0 [ 401.918949][T11400] 8021q: adding VLAN 0 to HW filter on device team0 [ 401.964547][T11647] bridge0: port 1(bridge_slave_0) entered blocking state [ 401.971751][T11647] bridge0: port 1(bridge_slave_0) entered forwarding state [ 401.992580][T11647] bridge0: port 2(bridge_slave_1) entered blocking state [ 401.999789][T11647] bridge0: port 2(bridge_slave_1) entered forwarding state [ 402.016235][ T9] usb 4-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 402.027401][ T9] usb 4-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 402.046095][ T9] usb 4-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 402.056997][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.081300][ T9] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 402.103698][T11647] bridge0: port 1(bridge_slave_0) entered blocking state [ 402.110839][T11647] bridge0: port 1(bridge_slave_0) entered forwarding state [ 402.134433][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 402.146748][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 402.180044][T11647] bridge0: port 2(bridge_slave_1) entered blocking state [ 402.187320][T11647] bridge0: port 2(bridge_slave_1) entered forwarding state [ 402.281829][ T9] gspca_sn9c2028: read1 error -32 [ 402.347763][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 402.366474][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 402.401974][T11383] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 402.531743][ T9] gspca_sn9c2028: read1 error -71 [ 402.565591][ T9] sn9c2028 4-1:220.0: probe with driver sn9c2028 failed with error -71 [ 402.596797][ T1736] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 402.602627][T11383] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 402.622948][ T9] usb 4-1: USB disconnect, device number 42 [ 402.639430][T11400] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 402.659360][T11660] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 402.804500][T11383] veth0_vlan: entered promiscuous mode [ 402.813373][ T1736] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 402.820597][T11400] veth0_vlan: entered promiscuous mode [ 402.846656][ T1736] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 402.863630][T11400] veth1_vlan: entered promiscuous mode [ 402.881096][ T1736] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 402.902131][T11383] veth1_vlan: entered promiscuous mode [ 402.930017][ T1736] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 402.953495][ T1736] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 402.963545][ T1736] usb 3-1: Manufacturer: syz [ 402.973993][ T1736] usb 3-1: config 0 descriptor?? [ 403.030858][T11400] veth0_macvtap: entered promiscuous mode [ 403.063181][T11383] veth0_macvtap: entered promiscuous mode [ 403.072785][T11400] veth1_macvtap: entered promiscuous mode [ 403.098537][T11383] veth1_macvtap: entered promiscuous mode [ 403.135740][T11400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 403.150031][T11400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.195647][T11400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 403.238777][T11400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.261960][T11400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 403.286011][ T5148] usb 3-1: USB disconnect, device number 48 [ 403.300655][T11400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.314968][T11400] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 403.333438][T11677] netlink: 172 bytes leftover after parsing attributes in process `syz.3.1494'. [ 403.335367][T11383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 403.355372][T11383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.372155][T11383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 403.394639][T11383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.416889][T11383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 403.427483][T11383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.439210][T11383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 403.449856][T11383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.464997][T11383] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 403.495824][T11400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 403.513471][T11400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.526104][T11400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 403.537915][T11400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.549734][T11400] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 403.561279][T11400] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.596179][T11400] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 403.631892][T11383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 403.663356][T11383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.674330][T11383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 403.685225][T11383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.695625][T11383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 403.708372][T11383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.723313][T11383] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 403.734204][T11383] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 403.759976][T11383] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 403.780819][T11400] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.793378][T11400] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.816701][T11400] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.825546][T11400] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.870875][T11383] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.880413][T11383] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.900828][T11383] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 403.924265][T11383] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 404.255966][ T1100] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 404.275910][ T1100] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 404.323697][ T1057] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 404.344898][ T1057] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 404.449345][ T1057] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 404.461958][ T1100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 404.470250][ T1736] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 404.472214][ T1100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 404.485243][ T1057] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 404.686773][ T1736] usb 5-1: Using ep0 maxpacket: 16 [ 404.723490][ T1736] usb 5-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 404.760304][T11716] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1442'. [ 404.766259][ T1736] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 404.800950][ T1736] usb 5-1: Product: syz [ 404.805201][ T1736] usb 5-1: Manufacturer: syz [ 404.813543][ T1736] usb 5-1: SerialNumber: syz [ 404.832075][ T1736] usb 5-1: config 0 descriptor?? [ 404.852429][ T1736] ssu100 5-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 405.346027][T11739] netlink: 172 bytes leftover after parsing attributes in process `syz.0.1503'. [ 405.456966][ T784] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 405.668133][ T784] usb 4-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 405.697759][ T784] usb 4-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 405.734645][ T784] usb 4-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 405.764305][ T784] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.809490][ T784] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 405.862460][ T1736] ssu100 5-1:0.0: probe with driver ssu100 failed with error -71 [ 405.899161][ T1736] usb 5-1: USB disconnect, device number 39 [ 406.003769][T11751] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 406.029777][ T784] gspca_sn9c2028: read1 error -32 [ 406.305786][ T784] gspca_sn9c2028: read1 error -71 [ 406.324696][ T784] sn9c2028 4-1:220.0: probe with driver sn9c2028 failed with error -71 [ 406.364081][ T784] usb 4-1: USB disconnect, device number 43 [ 407.106712][T11787] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1511'. [ 407.372282][T11805] netlink: 172 bytes leftover after parsing attributes in process `syz.3.1516'. [ 408.315934][T11823] netlink: 4093 bytes leftover after parsing attributes in process `syz.4.1522'. [ 408.396809][ T5150] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 408.450449][ T5148] IPVS: starting estimator thread 0... [ 408.468582][T11822] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 408.559987][T11828] IPVS: using max 32 ests per chain, 76800 per kthread [ 408.597621][ T5150] usb 4-1: Using ep0 maxpacket: 16 [ 408.624244][ T5150] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 408.646916][ T5150] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.673851][ T5150] usb 4-1: Product: syz [ 408.685527][ T5150] usb 4-1: Manufacturer: syz [ 408.704929][ T5150] usb 4-1: SerialNumber: syz [ 408.747666][ T5150] usb 4-1: config 0 descriptor?? [ 408.755121][T11835] netlink: 172 bytes leftover after parsing attributes in process `syz.4.1527'. [ 408.766954][T11837] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1528'. [ 408.768607][ T5150] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 409.101668][T11837] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 409.147707][ T784] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 409.354450][ T784] usb 3-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 409.396649][ T784] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 409.416728][ T784] usb 3-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 409.425852][ T784] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.482780][ T784] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 409.703325][ T784] gspca_sn9c2028: read1 error -32 [ 409.765740][ T5150] ssu100 4-1:0.0: probe with driver ssu100 failed with error -71 [ 409.798439][ T5150] usb 4-1: USB disconnect, device number 44 [ 409.971220][ T784] gspca_sn9c2028: read1 error -71 [ 409.982911][ T784] sn9c2028 3-1:220.0: probe with driver sn9c2028 failed with error -71 [ 410.027455][ T784] usb 3-1: USB disconnect, device number 49 [ 410.265261][T11864] netlink: 4093 bytes leftover after parsing attributes in process `syz.1.1536'. [ 410.522295][ T784] IPVS: starting estimator thread 0... [ 410.544615][T11868] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 410.555527][T11874] netlink: 172 bytes leftover after parsing attributes in process `syz.1.1540'. [ 410.666881][T11872] IPVS: using max 21 ests per chain, 50400 per kthread [ 410.859161][T11881] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 411.060740][T11892] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 411.100980][T11894] netlink: 4093 bytes leftover after parsing attributes in process `syz.3.1547'. [ 411.113023][T11895] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 411.286884][ T5179] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 411.436835][ T784] usb 1-1: new high-speed USB device number 57 using dummy_hcd [ 411.476805][ T5148] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 411.486779][ T5179] usb 5-1: Using ep0 maxpacket: 32 [ 411.499795][ T5179] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=49.6b [ 411.516709][ T5179] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 411.532182][ T5179] usb 5-1: config 0 descriptor?? [ 411.558608][ T5179] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 411.617236][ T784] usb 1-1: Using ep0 maxpacket: 16 [ 411.646516][ T784] usb 1-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 411.664666][ T784] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 411.673733][ T784] usb 1-1: Product: syz [ 411.681832][ T784] usb 1-1: Manufacturer: syz [ 411.686729][ T784] usb 1-1: SerialNumber: syz [ 411.697042][ T5148] usb 3-1: Using ep0 maxpacket: 16 [ 411.706706][ T5148] usb 3-1: config 0 has an invalid interface number: 107 but max is 0 [ 411.717286][ T784] usb 1-1: config 0 descriptor?? [ 411.722359][ T5148] usb 3-1: config 0 has no interface number 0 [ 411.739939][ T784] ssu100 1-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 411.748833][ T5148] usb 3-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 411.766029][ T5148] usb 3-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid maxpacket 25189, setting to 1024 [ 411.797316][ T5148] usb 3-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60 [ 411.806936][ T5148] usb 3-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3 [ 411.815347][ T5148] usb 3-1: Product: syz [ 411.820398][ T5148] usb 3-1: Manufacturer: syz [ 411.825223][ T5148] usb 3-1: SerialNumber: syz [ 411.860787][ T1736] usb 5-1: USB disconnect, device number 40 [ 411.862354][ T5148] usb 3-1: config 0 descriptor?? [ 411.875592][ T1100] usb 5-1: Failed to submit usb control message: -71 [ 411.895783][ T1100] usb 5-1: unable to send the bmi data to the device: -71 [ 411.908682][ T5148] keyspan 3-1:0.107: Keyspan 4 port adapter converter detected [ 411.929187][ T1100] usb 5-1: unable to get target info from device [ 411.945772][ T1100] usb 5-1: could not get target info (-71) [ 411.948118][ T5148] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 81 [ 411.980451][ T5148] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 1 [ 411.985384][ T1100] usb 5-1: could not probe fw (-71) [ 412.012511][ C0] hrtimer: interrupt took 155945 ns [ 412.019758][ T5148] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB0 [ 412.030296][ T5148] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 2 [ 412.058480][ T5148] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB1 [ 412.089126][ T5148] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 4 [ 412.142399][ T5148] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB2 [ 412.188006][ T5148] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 6 [ 412.209964][ T5148] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB3 [ 412.239832][ T5148] usb 3-1: USB disconnect, device number 50 [ 412.281724][ T5148] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0 [ 412.349238][T11913] netlink: 172 bytes leftover after parsing attributes in process `syz.3.1553'. [ 412.374621][ T5148] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1 [ 412.401365][ T5148] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2 [ 412.436353][ T5148] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3 [ 412.459052][ T5148] keyspan 3-1:0.107: device disconnected [ 412.530647][ T5179] IPVS: starting estimator thread 0... [ 412.559417][T11915] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 412.686758][T11917] IPVS: using max 19 ests per chain, 45600 per kthread [ 412.763915][ T784] ssu100 1-1:0.0: probe with driver ssu100 failed with error -71 [ 412.828292][ T784] usb 1-1: USB disconnect, device number 57 [ 413.277165][T11939] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 413.405679][ T1736] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 413.523599][T11946] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1564'. [ 413.608855][ T1736] usb 3-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 413.627583][T11949] netlink: 172 bytes leftover after parsing attributes in process `syz.3.1565'. [ 413.636359][ T1736] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 413.658464][ T1736] usb 3-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 413.678423][ T1736] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.708351][T11946] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 413.711048][ T1736] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 413.915408][ T1736] gspca_sn9c2028: read1 error -32 [ 413.920925][ T5096] Bluetooth: Unexpected start frame (len 18) [ 414.190116][ T1736] gspca_sn9c2028: read1 error -71 [ 414.212097][ T1736] sn9c2028 3-1:220.0: probe with driver sn9c2028 failed with error -71 [ 414.267371][ T1736] usb 3-1: USB disconnect, device number 51 [ 414.324756][T11959] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 414.660681][ T1736] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 414.877219][ T1736] usb 4-1: Using ep0 maxpacket: 32 [ 414.898777][ T1736] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=49.6b [ 414.936812][ T1736] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.002419][ T1736] usb 4-1: config 0 descriptor?? [ 415.067003][ T1736] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 415.295767][ T5179] usb 4-1: USB disconnect, device number 45 [ 415.302137][ T1100] usb 4-1: Failed to submit usb control message: -71 [ 415.311570][ T1100] usb 4-1: unable to send the bmi data to the device: -71 [ 415.343654][ T1100] usb 4-1: unable to get target info from device [ 415.362757][ T1100] usb 4-1: could not get target info (-71) [ 415.382462][ T1100] usb 4-1: could not probe fw (-71) [ 415.745240][ T1736] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 415.976787][ T1736] usb 5-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 416.002724][ T1736] usb 5-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 416.038515][ T1736] usb 5-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 416.057340][ T1736] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 416.082979][ T1736] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 416.240796][T12002] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 416.283212][ T1736] gspca_sn9c2028: read1 error -32 [ 416.599964][ T1736] gspca_sn9c2028: read1 error -71 [ 416.624230][ T1736] sn9c2028 5-1:220.0: probe with driver sn9c2028 failed with error -71 [ 416.661957][ T1736] usb 5-1: USB disconnect, device number 41 [ 417.079947][T12023] FAULT_INJECTION: forcing a failure. [ 417.079947][T12023] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 417.117545][T12023] CPU: 0 PID: 12023 Comm: syz.3.1588 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 417.127773][T12023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 417.137858][T12023] Call Trace: [ 417.141166][T12023] [ 417.144128][T12023] dump_stack_lvl+0x241/0x360 [ 417.148841][T12023] ? __pfx_dump_stack_lvl+0x10/0x10 [ 417.154076][T12023] ? __pfx__printk+0x10/0x10 [ 417.156728][ T5102] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 417.158676][T12023] ? __pfx_lock_release+0x10/0x10 [ 417.158710][T12023] should_fail_ex+0x3b0/0x4e0 [ 417.158739][T12023] _copy_to_iter+0x43a/0x1960 [ 417.158766][T12023] ? __virt_addr_valid+0x183/0x520 [ 417.158801][T12023] ? __pfx__copy_to_iter+0x10/0x10 [ 417.158829][T12023] ? __virt_addr_valid+0x183/0x520 [ 417.158853][T12023] ? __virt_addr_valid+0x183/0x520 [ 417.158875][T12023] ? __virt_addr_valid+0x44e/0x520 [ 417.158901][T12023] ? __check_object_size+0x49c/0x900 [ 417.158932][T12023] __skb_datagram_iter+0x110/0x8c0 [ 417.158958][T12023] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 417.158992][T12023] skb_copy_datagram_iter+0xd1/0x250 [ 417.159021][T12023] netlink_recvmsg+0x2d0/0x11d0 [ 417.159055][T12023] ? __pfx_netlink_recvmsg+0x10/0x10 [ 417.159087][T12023] ? __pfx_aa_sk_perm+0x10/0x10 [ 417.159111][T12023] ? __pfx___might_resched+0x10/0x10 [ 417.159132][T12023] ? aa_sock_msg_perm+0x91/0x160 [ 417.159158][T12023] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 417.159175][T12023] ? security_socket_recvmsg+0x90/0xb0 [ 417.159195][T12023] ? __pfx_netlink_recvmsg+0x10/0x10 [ 417.159221][T12023] sock_recvmsg+0x22f/0x280 [ 417.159248][T12023] ____sys_recvmsg+0x1db/0x470 [ 417.159277][T12023] ? __pfx_____sys_recvmsg+0x10/0x10 [ 417.159321][T12023] __sys_recvmsg+0x2f0/0x3e0 [ 417.159350][T12023] ? __pfx___sys_recvmsg+0x10/0x10 [ 417.159402][T12023] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 417.159423][T12023] ? do_syscall_64+0x100/0x230 [ 417.304750][T12023] ? do_syscall_64+0xb6/0x230 [ 417.309461][T12023] do_syscall_64+0xf3/0x230 [ 417.313993][T12023] ? clear_bhb_loop+0x35/0x90 [ 417.318780][T12023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.324707][T12023] RIP: 0033:0x7f7d2e175bd9 [ 417.329249][T12023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 417.348883][T12023] RSP: 002b:00007f7d2efb2048 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 417.357337][T12023] RAX: ffffffffffffffda RBX: 00007f7d2e303f60 RCX: 00007f7d2e175bd9 [ 417.365339][T12023] RDX: 0000000000000000 RSI: 00000000200030c0 RDI: 0000000000000003 [ 417.373344][T12023] RBP: 00007f7d2efb20a0 R08: 0000000000000000 R09: 0000000000000000 [ 417.381355][T12023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 417.389350][T12023] R13: 000000000000000b R14: 00007f7d2e303f60 R15: 00007f7d2e42fa68 [ 417.392935][ T5102] usb 2-1: too many configurations: 65, using maximum allowed: 8 [ 417.397337][T12023] [ 417.429680][ T5102] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 417.441192][ T5102] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 417.492629][ T5102] usb 2-1: Found UVC 0.00 device (046d:08c1) [ 417.512164][T12030] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 417.517303][ T5102] usb 2-1: No valid video chain found. [ 417.583155][T12033] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 417.697973][ T5102] usb 2-1: USB disconnect, device number 39 [ 417.721312][T12029] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 417.853400][ T5096] Bluetooth: Unexpected start frame (len 18) [ 417.902419][ T5179] IPVS: starting estimator thread 0... [ 417.954773][T12042] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 418.006718][T12044] IPVS: using max 22 ests per chain, 52800 per kthread [ 418.051028][ T5150] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 418.236724][ T5150] usb 4-1: Using ep0 maxpacket: 16 [ 418.244719][ T5150] usb 4-1: config 0 has an invalid interface number: 107 but max is 0 [ 418.254609][ T5150] usb 4-1: config 0 has no interface number 0 [ 418.286666][ T5150] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 418.324453][ T5150] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid maxpacket 25189, setting to 1024 [ 418.346418][ T5150] usb 4-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60 [ 418.360404][ T5150] usb 4-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3 [ 418.393864][ T5150] usb 4-1: Product: syz [ 418.402721][ T5150] usb 4-1: Manufacturer: syz [ 418.406842][ T5179] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 418.421455][ T5150] usb 4-1: SerialNumber: syz [ 418.448698][ T5150] usb 4-1: config 0 descriptor?? [ 418.471665][ T5150] keyspan 4-1:0.107: Keyspan 4 port adapter converter detected [ 418.493033][ T5150] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 81 [ 418.522330][ T5150] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 1 [ 418.549097][ T5150] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB0 [ 418.573414][ T5150] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 2 [ 418.598026][ T5179] usb 3-1: Using ep0 maxpacket: 32 [ 418.610891][ T5150] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB1 [ 418.626461][ T5179] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=49.6b [ 418.632270][ T5150] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 4 [ 418.668496][ T5179] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.686209][ T5150] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB2 [ 418.698702][ T5179] usb 3-1: config 0 descriptor?? [ 418.720965][ T5150] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 6 [ 418.761653][ T5150] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB3 [ 418.801831][ T5179] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 418.806475][ T5150] usb 4-1: USB disconnect, device number 46 [ 418.865687][ T5150] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0 [ 418.940274][ T5150] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1 [ 418.988917][ T784] usb 3-1: USB disconnect, device number 52 [ 418.998580][ T1057] usb 3-1: Failed to submit usb control message: -71 [ 419.015230][ T1057] usb 3-1: unable to send the bmi data to the device: -71 [ 419.035667][ T5150] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2 [ 419.036796][ T1057] usb 3-1: unable to get target info from device [ 419.065069][ T5150] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3 [ 419.092711][ T1057] usb 3-1: could not get target info (-71) [ 419.093270][ T5150] keyspan 4-1:0.107: device disconnected [ 419.111504][ T1057] usb 3-1: could not probe fw (-71) [ 419.148352][T12066] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 419.413703][T12072] tipc: Started in network mode [ 419.439752][T12072] tipc: Node identity ac14142a, cluster identity 4711 [ 419.479399][T12072] tipc: Enabled bearer , priority 10 [ 419.769905][T12083] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 419.888321][T12082] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 420.159849][ T29] audit: type=1326 audit(1720374983.809:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12094 comm="syz.1.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b6175bd9 code=0x7ffc0000 [ 420.182233][ C1] vkms_vblank_simulate: vblank timer overrun [ 420.201616][T12102] macvlan0: entered promiscuous mode [ 420.213099][T12103] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1615'. [ 420.224484][T12102] macvlan0: left promiscuous mode [ 420.274191][ T29] audit: type=1326 audit(1720374983.809:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12094 comm="syz.1.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b6175bd9 code=0x7ffc0000 [ 420.349455][ T29] audit: type=1326 audit(1720374983.809:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12094 comm="syz.1.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f48b6175bd9 code=0x7ffc0000 [ 420.407998][ T29] audit: type=1326 audit(1720374983.809:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12094 comm="syz.1.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b6175bd9 code=0x7ffc0000 [ 420.451008][ T29] audit: type=1326 audit(1720374983.809:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12094 comm="syz.1.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b6175bd9 code=0x7ffc0000 [ 420.480203][ T5148] tipc: Node number set to 2886997034 [ 420.506048][ T29] audit: type=1326 audit(1720374983.809:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12094 comm="syz.1.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f48b6175bd9 code=0x7ffc0000 [ 420.546683][ T5150] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 420.567662][ T29] audit: type=1326 audit(1720374983.809:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12094 comm="syz.1.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b6175bd9 code=0x7ffc0000 [ 420.596531][ T29] audit: type=1326 audit(1720374983.809:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12094 comm="syz.1.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7f48b6175bd9 code=0x7ffc0000 [ 420.632448][ T29] audit: type=1326 audit(1720374983.809:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12094 comm="syz.1.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b6175bd9 code=0x7ffc0000 [ 420.681634][ T29] audit: type=1326 audit(1720374983.809:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12094 comm="syz.1.1613" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7f48b6175bd9 code=0x7ffc0000 [ 420.890748][ T5096] Bluetooth: Unexpected start frame (len 18) [ 420.897658][ T5150] usb 2-1: Using ep0 maxpacket: 8 [ 420.906179][ T5150] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 420.917298][ T5150] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 420.932438][ T5150] usb 2-1: New USB device found, idVendor=044f, idProduct=a01c, bcdDevice=bb.13 [ 420.942283][ T5150] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.950806][ T5150] usb 2-1: Product: syz [ 420.957616][ T5150] usb 2-1: Manufacturer: syz [ 420.962253][ T5150] usb 2-1: SerialNumber: syz [ 420.987578][ T5150] usb 2-1: config 0 descriptor?? [ 421.105755][T12127] tipc: Enabling of bearer rejected, already enabled [ 421.277557][ T5148] usb 1-1: new high-speed USB device number 58 using dummy_hcd [ 421.340462][T12132] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 421.467867][ T5179] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 421.491582][ T5148] usb 1-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 421.506017][ T5148] usb 1-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 421.530559][ T5148] usb 1-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 421.563464][ T5148] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 421.578047][ T5148] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 421.656926][ T5179] usb 4-1: Using ep0 maxpacket: 32 [ 421.671211][ T5179] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=49.6b [ 421.689444][ T5179] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 421.710481][ T5179] usb 4-1: config 0 descriptor?? [ 421.728085][ T5179] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 421.790014][ T5148] gspca_sn9c2028: read1 error -32 [ 422.024313][ T5148] gspca_sn9c2028: read1 error -71 [ 422.049105][ T5148] sn9c2028 1-1:220.0: probe with driver sn9c2028 failed with error -71 [ 422.094567][ T5148] usb 1-1: USB disconnect, device number 58 [ 422.138796][ T5150] usb 4-1: USB disconnect, device number 47 [ 422.138863][ T2909] usb 4-1: Failed to submit usb control message: -71 [ 422.185660][ T2909] usb 4-1: unable to send the bmi data to the device: -71 [ 422.205487][ T2909] usb 4-1: unable to get target info from device [ 422.234305][ T2909] usb 4-1: could not get target info (-71) [ 422.258806][ T2909] usb 4-1: could not probe fw (-71) [ 422.804074][T12153] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 423.140925][ T1736] usb 2-1: USB disconnect, device number 40 [ 423.269516][T12162] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1632'. [ 423.447064][T12164] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 423.464724][ C1] vkms_vblank_simulate: vblank timer overrun [ 424.254956][T12189] netlink: 558 bytes leftover after parsing attributes in process `syz.2.1644'. [ 424.276800][ T5102] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 424.416204][T12190] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1644'. [ 424.469927][ T5102] usb 2-1: Using ep0 maxpacket: 32 [ 424.485911][ T5102] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 424.498474][ T5179] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 424.524294][ T5102] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 424.537388][ T5102] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 424.547384][ T5102] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 424.562584][ T5102] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 424.583789][ T5102] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 424.601029][ T5102] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 424.616929][ T5102] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 424.626210][ T5102] usb 2-1: Product: syz [ 424.631956][ T5102] usb 2-1: Manufacturer: syz [ 424.637361][ T5102] usb 2-1: SerialNumber: syz [ 424.707178][ T5179] usb 4-1: Using ep0 maxpacket: 8 [ 424.721865][ T5179] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 424.735056][ T5179] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 424.747700][ T5179] usb 4-1: New USB device found, idVendor=17ef, idProduct=60ee, bcdDevice= 0.91 [ 424.758166][ T5179] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 424.773852][ T5179] usb 4-1: config 0 descriptor?? [ 424.869912][ T5102] cdc_ncm 2-1:1.0: bind() failure [ 424.882305][T12196] macvlan0: entered promiscuous mode [ 424.893162][T12196] macvlan0: left promiscuous mode [ 424.908199][ T5102] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 424.942803][ T5102] cdc_ncm 2-1:1.1: bind() failure [ 424.966062][ T5102] usb 2-1: USB disconnect, device number 41 [ 425.196918][ T5148] usb 1-1: new high-speed USB device number 59 using dummy_hcd [ 425.248573][ T5179] lenovo 0003:17EF:60EE.0003: hidraw0: USB HID v0.00 Device [HID 17ef:60ee] on usb-dummy_hcd.3-1/input0 [ 425.350098][T12206] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 425.407110][ T5148] usb 1-1: Using ep0 maxpacket: 8 [ 425.414645][ T5148] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 425.425816][ T5148] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 425.445336][ T5148] usb 1-1: New USB device found, idVendor=044f, idProduct=a01c, bcdDevice=bb.13 [ 425.456995][ T5148] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 425.466685][ T5148] usb 1-1: Product: syz [ 425.470937][ T5148] usb 1-1: Manufacturer: syz [ 425.475938][T12188] netlink: 'syz.3.1645': attribute type 10 has an invalid length. [ 425.498916][ T5148] usb 1-1: SerialNumber: syz [ 425.512925][ T5148] usb 1-1: config 0 descriptor?? [ 425.679155][ T5148] usb 4-1: USB disconnect, device number 48 [ 425.779329][ T29] kauditd_printk_skb: 56 callbacks suppressed [ 425.779346][ T29] audit: type=1326 audit(1720374989.429:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12193 comm="syz.0.1646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f38e7175bd9 code=0x7ffc0000 [ 425.866374][ T29] audit: type=1326 audit(1720374989.459:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12193 comm="syz.0.1646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38e7175bd9 code=0x7ffc0000 [ 425.931702][ T29] audit: type=1326 audit(1720374989.469:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12193 comm="syz.0.1646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f38e7175bd9 code=0x7ffc0000 [ 425.991110][ T29] audit: type=1326 audit(1720374989.469:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12193 comm="syz.0.1646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38e7175bd9 code=0x7ffc0000 [ 426.053673][ T29] audit: type=1326 audit(1720374989.469:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12193 comm="syz.0.1646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38e7175bd9 code=0x7ffc0000 [ 426.109614][ T29] audit: type=1326 audit(1720374989.509:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12193 comm="syz.0.1646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f38e7175bd9 code=0x7ffc0000 [ 426.131870][ C1] vkms_vblank_simulate: vblank timer overrun [ 426.176479][ T29] audit: type=1326 audit(1720374989.509:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12193 comm="syz.0.1646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38e7175bd9 code=0x7ffc0000 [ 426.198944][ C1] vkms_vblank_simulate: vblank timer overrun [ 426.215654][ T29] audit: type=1326 audit(1720374989.509:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12193 comm="syz.0.1646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38e7175bd9 code=0x7ffc0000 [ 426.252386][ T29] audit: type=1326 audit(1720374989.579:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12193 comm="syz.0.1646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7f38e7175bd9 code=0x7ffc0000 [ 426.278370][ T29] audit: type=1326 audit(1720374989.579:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12193 comm="syz.0.1646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f38e7175bd9 code=0x7ffc0000 [ 426.300807][ C1] vkms_vblank_simulate: vblank timer overrun [ 426.714055][ T2909] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.829882][ T2909] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 426.896797][ T1736] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 426.962661][ T2909] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 427.048264][ T2909] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 427.101691][ T1736] usb 2-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 427.121265][ T1736] usb 2-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 427.135168][ T1736] usb 2-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 427.160390][ T1736] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 427.209090][ T53] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 427.225890][ T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 427.235459][ T53] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 427.244322][ T53] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 427.252192][ T53] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 427.269575][ T53] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 427.274934][ T1736] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 427.404633][ T2909] bridge_slave_1: left allmulticast mode [ 427.439151][ T2909] bridge_slave_1: left promiscuous mode [ 427.461656][ T2909] bridge0: port 2(bridge_slave_1) entered disabled state [ 427.489039][ T1736] gspca_sn9c2028: read1 error -32 [ 427.503413][ T1736] gspca_sn9c2028: read1 error -32 [ 427.510067][ T2909] bridge_slave_0: left allmulticast mode [ 427.521883][ T2909] bridge_slave_0: left promiscuous mode [ 427.545531][ T2909] bridge0: port 1(bridge_slave_0) entered disabled state [ 427.841311][ T1736] usb 1-1: USB disconnect, device number 59 [ 428.273328][T12250] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 428.854464][ T2909] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 428.879340][ T2909] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 428.895169][ T2909] bond0 (unregistering): Released all slaves [ 429.377353][ T53] Bluetooth: hci3: command tx timeout [ 429.453604][ T2909] hsr_slave_0: left promiscuous mode [ 429.475580][ T2909] hsr_slave_1: left promiscuous mode [ 429.485985][ T2909] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 429.494449][ T2909] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 429.529537][ T2909] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 429.558333][ T784] usb 2-1: USB disconnect, device number 42 [ 429.582606][ T2909] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 429.689205][ T2909] veth1_macvtap: left promiscuous mode [ 429.695056][ T2909] veth0_macvtap: left promiscuous mode [ 429.707709][ T2909] veth1_vlan: left promiscuous mode [ 429.714143][ T2909] veth0_vlan: left promiscuous mode [ 429.737817][T12291] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1667'. [ 430.018418][T12309] x_tables: ip_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 430.149967][ T784] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 430.361173][ T784] usb 2-1: too many configurations: 65, using maximum allowed: 8 [ 430.371487][ T784] usb 2-1: config 0 has no interfaces? [ 430.379073][ T784] usb 2-1: config 0 has no interfaces? [ 430.385904][ T784] usb 2-1: config 0 has no interfaces? [ 430.393375][ T784] usb 2-1: config 0 has no interfaces? [ 430.401471][ T784] usb 2-1: config 0 has no interfaces? [ 430.408685][ T784] usb 2-1: config 0 has no interfaces? [ 430.415489][ T784] usb 2-1: config 0 has no interfaces? [ 430.422865][ T784] usb 2-1: config 0 has no interfaces? [ 430.428952][ T784] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 430.439121][ T784] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 430.450695][ T784] usb 2-1: config 0 descriptor?? [ 430.466740][ T5148] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 430.507098][T11647] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 430.620165][ T2909] team0 (unregistering): Port device team_slave_1 removed [ 430.662786][ T2909] team0 (unregistering): Port device team_slave_0 removed [ 430.678597][ T5148] usb 3-1: Using ep0 maxpacket: 16 [ 430.686287][ T5148] usb 3-1: config 0 has an invalid interface number: 107 but max is 0 [ 430.695565][ T5148] usb 3-1: config 0 has no interface number 0 [ 430.701892][ T5148] usb 3-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 430.713367][T11647] usb 5-1: Using ep0 maxpacket: 8 [ 430.718913][ T5148] usb 3-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid maxpacket 25189, setting to 1024 [ 430.731761][T12321] FAULT_INJECTION: forcing a failure. [ 430.731761][T12321] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 430.749500][T12321] CPU: 0 PID: 12321 Comm: syz.1.1670 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 430.759705][T12321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 430.769882][T12321] Call Trace: [ 430.773503][T12321] [ 430.776422][T12321] dump_stack_lvl+0x241/0x360 [ 430.781100][T12321] ? __pfx_dump_stack_lvl+0x10/0x10 [ 430.786376][T12321] ? __pfx__printk+0x10/0x10 [ 430.790964][T12321] ? __pfx_lock_release+0x10/0x10 [ 430.795986][T12321] should_fail_ex+0x3b0/0x4e0 [ 430.800661][T12321] _copy_from_user+0x2f/0xe0 [ 430.805248][T12321] input_event_from_user+0x1e2/0x4a0 [ 430.810527][T12321] ? __pfx_input_event_from_user+0x10/0x10 [ 430.816322][T12321] ? input_inject_event+0xd6/0x340 [ 430.821425][T12321] evdev_write+0x4f2/0x7c0 [ 430.825847][T12321] ? __pfx_evdev_write+0x10/0x10 [ 430.830775][T12321] ? bpf_lsm_file_permission+0x9/0x10 [ 430.836136][T12321] ? security_file_permission+0x7f/0xa0 [ 430.841678][T12321] ? rw_verify_area+0x1d2/0x6b0 [ 430.846551][T12321] ? __pfx_evdev_write+0x10/0x10 [ 430.851493][T12321] vfs_write+0x2a2/0xc90 [ 430.855731][T12321] ? __pfx_vfs_write+0x10/0x10 [ 430.860489][T12321] ? __fget_files+0x29/0x470 [ 430.865073][T12321] ? __fget_files+0x3f6/0x470 [ 430.869737][T12321] ? __fget_files+0x29/0x470 [ 430.874336][T12321] ksys_write+0x1a0/0x2c0 [ 430.878690][T12321] ? __pfx_ksys_write+0x10/0x10 [ 430.883548][T12321] ? do_syscall_64+0x100/0x230 [ 430.888321][T12321] ? do_syscall_64+0xb6/0x230 [ 430.893023][T12321] do_syscall_64+0xf3/0x230 [ 430.897547][T12321] ? clear_bhb_loop+0x35/0x90 [ 430.902240][T12321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 430.908147][T12321] RIP: 0033:0x7f48b6175bd9 [ 430.912578][T12321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 430.932443][T12321] RSP: 002b:00007f48b6e60048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 430.940872][T12321] RAX: ffffffffffffffda RBX: 00007f48b6304038 RCX: 00007f48b6175bd9 [ 430.948874][T12321] RDX: 00000000000012d8 RSI: 0000000020000040 RDI: 0000000000000004 [ 430.956868][T12321] RBP: 00007f48b6e600a0 R08: 0000000000000000 R09: 0000000000000000 [ 430.964848][T12321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 430.972826][T12321] R13: 000000000000006e R14: 00007f48b6304038 R15: 00007f48b642fa68 [ 430.980818][T12321] [ 430.984075][ C0] vkms_vblank_simulate: vblank timer overrun [ 430.993854][T11647] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 431.003809][T11647] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 431.017067][T11647] usb 5-1: New USB device found, idVendor=044f, idProduct=a01c, bcdDevice=bb.13 [ 431.026415][T11647] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 431.035180][ T5148] usb 3-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60 [ 431.044311][ T5148] usb 3-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3 [ 431.052753][T11647] usb 5-1: Product: syz [ 431.064667][T11647] usb 5-1: Manufacturer: syz [ 431.073222][ T5148] usb 3-1: Product: syz [ 431.078684][T11647] usb 5-1: SerialNumber: syz [ 431.083729][ T5148] usb 3-1: Manufacturer: syz [ 431.099183][T11647] usb 5-1: config 0 descriptor?? [ 431.105468][ T5148] usb 3-1: SerialNumber: syz [ 431.121050][ T5148] usb 3-1: config 0 descriptor?? [ 431.132067][ T5148] keyspan 3-1:0.107: Keyspan 4 port adapter converter detected [ 431.165406][ T5148] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 81 [ 431.180836][ T5148] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 1 [ 431.193638][ T5148] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB0 [ 431.208148][ T5148] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 2 [ 431.232480][ T5148] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB1 [ 431.250449][ T5148] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 4 [ 431.265155][ T5148] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB2 [ 431.283561][ T5148] keyspan 3-1:0.107: found no endpoint descriptor for endpoint 6 [ 431.294953][ T5148] usb 3-1: Keyspan 4 port adapter converter now attached to ttyUSB3 [ 431.466777][ T53] Bluetooth: hci3: command tx timeout [ 431.561569][ T45] usb 3-1: USB disconnect, device number 53 [ 431.593129][ T45] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0 [ 431.630576][ T45] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1 [ 431.653679][ T45] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2 [ 431.682594][ T45] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3 [ 431.704404][ T45] keyspan 3-1:0.107: device disconnected [ 431.868903][T12315] macvlan0: entered promiscuous mode [ 431.875424][T12315] macvlan0: left promiscuous mode [ 431.937144][ T29] kauditd_printk_skb: 34 callbacks suppressed [ 431.937165][ T29] audit: type=1326 audit(1720374995.579:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12307 comm="syz.4.1673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87b8d75bd9 code=0x7ffc0000 [ 431.965658][ C0] vkms_vblank_simulate: vblank timer overrun [ 432.012224][T12236] chnl_net:caif_netlink_parms(): no params data found [ 432.034620][ T29] audit: type=1326 audit(1720374995.579:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12307 comm="syz.4.1673" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f87b8d75bd9 code=0x7ffc0000 [ 432.270126][T12236] bridge0: port 1(bridge_slave_0) entered blocking state [ 432.288157][T12236] bridge0: port 1(bridge_slave_0) entered disabled state [ 432.303179][T12236] bridge_slave_0: entered allmulticast mode [ 432.317788][T12236] bridge_slave_0: entered promiscuous mode [ 432.360588][T12236] bridge0: port 2(bridge_slave_1) entered blocking state [ 432.378921][T12236] bridge0: port 2(bridge_slave_1) entered disabled state [ 432.396173][T12236] bridge_slave_1: entered allmulticast mode [ 432.406487][T12236] bridge_slave_1: entered promiscuous mode [ 432.460350][ T2909] IPVS: stop unused estimator thread 0... [ 432.470345][T12236] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 432.490551][T12236] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 432.568485][T12236] team0: Port device team_slave_0 added [ 432.589502][T12236] team0: Port device team_slave_1 added [ 432.628176][T12236] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 432.646034][T12236] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 432.679852][ T1736] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 432.689259][T12236] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 432.704601][T12236] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 432.711727][T12236] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 432.748474][T12236] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 432.782089][ T5148] usb 2-1: USB disconnect, device number 43 [ 432.869039][ T1736] usb 3-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 432.884414][T12236] hsr_slave_0: entered promiscuous mode [ 432.890117][ T1736] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 432.901600][T12236] hsr_slave_1: entered promiscuous mode [ 432.902076][ T1736] usb 3-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 432.924744][ T1736] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 432.935072][T12355] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1680'. [ 432.954350][ T1736] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 433.165124][ T5179] usb 5-1: USB disconnect, device number 42 [ 433.184473][ T1736] gspca_sn9c2028: read1 error -32 [ 433.206475][ T1736] gspca_sn9c2028: read1 error -32 [ 433.536985][ T53] Bluetooth: hci3: command tx timeout [ 434.056852][T12380] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 434.183159][T12236] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 434.242770][T12236] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 434.291854][T12236] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 434.338688][T12236] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 434.570753][T12236] 8021q: adding VLAN 0 to HW filter on device bond0 [ 434.628783][T12236] 8021q: adding VLAN 0 to HW filter on device team0 [ 434.651728][ T784] bridge0: port 1(bridge_slave_0) entered blocking state [ 434.658870][ T784] bridge0: port 1(bridge_slave_0) entered forwarding state [ 434.693835][T11647] bridge0: port 2(bridge_slave_1) entered blocking state [ 434.701033][T11647] bridge0: port 2(bridge_slave_1) entered forwarding state [ 434.834602][T12236] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 434.963920][T12236] veth0_vlan: entered promiscuous mode [ 435.001740][T12236] veth1_vlan: entered promiscuous mode [ 435.064642][T12236] veth0_macvtap: entered promiscuous mode [ 435.084545][T12236] veth1_macvtap: entered promiscuous mode [ 435.124711][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 435.156328][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.182831][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 435.246418][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.272595][ T45] usb 3-1: USB disconnect, device number 54 [ 435.281900][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 435.326127][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.350745][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 435.364072][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.394935][T12236] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 435.455228][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 435.472876][T12417] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1695'. [ 435.486343][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.505604][ T29] audit: type=1326 audit(1720374999.149:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12416 comm="syz.2.1695" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc19e175bd9 code=0x0 [ 435.511362][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 435.559820][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.600900][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 435.616931][ T53] Bluetooth: hci3: command tx timeout [ 435.624106][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.636438][T12236] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 435.654746][T12236] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 435.670027][T12236] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 435.688931][T12429] warning: `syz.1.1696' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 435.728702][T12236] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 435.755543][T12236] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 435.787031][T12236] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 435.816785][T12236] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 436.060824][ T1100] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 436.081662][ T1100] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 436.208616][ T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 436.228517][T12443] FAULT_INJECTION: forcing a failure. [ 436.228517][T12443] name failslab, interval 1, probability 0, space 0, times 0 [ 436.230163][ T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 436.264348][T12443] CPU: 0 PID: 12443 Comm: syz.4.1700 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 436.274561][T12443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 436.284637][T12443] Call Trace: [ 436.287937][T12443] [ 436.290885][T12443] dump_stack_lvl+0x241/0x360 [ 436.295594][T12443] ? __pfx_dump_stack_lvl+0x10/0x10 [ 436.300826][T12443] ? __pfx__printk+0x10/0x10 [ 436.305454][T12443] ? __pfx___might_resched+0x10/0x10 [ 436.310772][T12443] should_fail_ex+0x3b0/0x4e0 [ 436.315481][T12443] ? create_io_worker+0xbf/0x540 [ 436.320449][T12443] should_failslab+0x9/0x20 [ 436.324980][T12443] kmalloc_trace_noprof+0x6c/0x2c0 [ 436.330122][T12443] create_io_worker+0xbf/0x540 [ 436.334918][T12443] io_wq_enqueue+0x8a0/0xb00 [ 436.339574][T12443] ? __pfx_io_wq_enqueue+0x10/0x10 [ 436.344685][T12443] ? __pfx_io_wq_work_match_item+0x10/0x10 [ 436.350489][T12443] ? io_prep_async_work+0x48f/0x7c0 [ 436.355684][T12443] io_queue_iowq+0x352/0x560 [ 436.360280][T12443] io_queue_async+0x3f9/0x4e0 [ 436.364953][T12443] io_submit_sqes+0xe67/0x1bf0 [ 436.369731][T12443] __se_sys_io_uring_enter+0x2d4/0x2670 [ 436.375270][T12443] ? vfs_write+0x7c4/0xc90 [ 436.379685][T12443] ? __pfx_vfs_write+0x10/0x10 [ 436.384447][T12443] ? __pfx___se_sys_io_uring_enter+0x10/0x10 [ 436.390422][T12443] ? __fget_files+0x3f6/0x470 [ 436.395105][T12443] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 436.401080][T12443] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 436.407399][T12443] ? do_syscall_64+0x100/0x230 [ 436.412168][T12443] ? __x64_sys_io_uring_enter+0x21/0xf0 [ 436.417710][T12443] do_syscall_64+0xf3/0x230 [ 436.422215][T12443] ? clear_bhb_loop+0x35/0x90 [ 436.426885][T12443] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 436.432775][T12443] RIP: 0033:0x7f87b8d75bd9 [ 436.437241][T12443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 436.456840][T12443] RSP: 002b:00007f87b9af6048 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 436.465250][T12443] RAX: ffffffffffffffda RBX: 00007f87b8f03f60 RCX: 00007f87b8d75bd9 [ 436.473217][T12443] RDX: 0000000000000000 RSI: 00000000000047ba RDI: 0000000000000005 [ 436.481179][T12443] RBP: 00007f87b9af60a0 R08: 0000000000000000 R09: 0000000000000000 [ 436.489140][T12443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 436.497112][T12443] R13: 000000000000000b R14: 00007f87b8f03f60 R15: 00007f87b902fa68 [ 436.505103][T12443] [ 436.547116][T11647] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 436.608620][ T53] Bluetooth: hci1: unexpected cc 0x0402 length: 65 > 1 [ 436.617147][ T53] Bluetooth: hci1: unexpected event for opcode 0x0402 [ 436.766685][T11647] usb 2-1: Using ep0 maxpacket: 32 [ 436.773490][T11647] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 436.832069][T11647] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 436.886937][T11647] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 436.941037][T11647] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 436.985349][T11647] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 437.014551][T11647] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 437.057060][T11647] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 437.091967][T11647] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 437.121884][T11647] usb 2-1: Product: syz [ 437.139758][T11647] usb 2-1: Manufacturer: syz [ 437.166121][T11647] usb 2-1: SerialNumber: syz [ 437.430245][T11647] cdc_ncm 2-1:1.0: bind() failure [ 437.454864][T11647] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 437.502187][T11647] cdc_ncm 2-1:1.1: bind() failure [ 437.532819][T11647] usb 2-1: USB disconnect, device number 44 [ 437.566803][ T784] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 437.749109][ T784] usb 3-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 437.766464][ T784] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 437.794203][ T784] usb 3-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 437.846166][ T784] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 437.906731][ T784] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 438.112911][ T784] gspca_sn9c2028: read1 error -32 [ 438.129389][ T784] gspca_sn9c2028: read1 error -32 [ 438.826773][T11647] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 439.048803][T11647] usb 2-1: config index 0 descriptor too short (expected 4114, got 18) [ 439.080774][T12529] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1717'. [ 439.099484][T11647] usb 2-1: New USB device found, idVendor=066b, idProduct=20f9, bcdDevice=ff.94 [ 439.119370][T11647] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 439.160833][ T29] audit: type=1326 audit(1720375002.809:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12528 comm="syz.4.1717" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f87b8d75bd9 code=0x0 [ 439.188372][T11647] usb 2-1: Product: syz [ 439.192578][T11647] usb 2-1: Manufacturer: syz [ 439.226596][T11647] usb 2-1: SerialNumber: syz [ 439.249408][T11647] usb 2-1: config 0 descriptor?? [ 439.485981][T12519] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 439.514038][T12519] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 439.547243][ T29] audit: type=1326 audit(1720375003.189:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12518 comm="syz.1.1715" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f48b6175bd9 code=0x0 [ 439.662739][T12554] input: syz0 as /devices/virtual/input/input11 [ 439.866707][ T1736] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 440.077441][ T1736] usb 4-1: too many configurations: 65, using maximum allowed: 8 [ 440.109310][ T1736] usb 4-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 440.131049][ T1736] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 440.184111][ T1736] usb 4-1: Found UVC 0.00 device (046d:08c1) [ 440.216646][ T5179] usb 3-1: USB disconnect, device number 55 [ 440.243326][ T1736] usb 4-1: No valid video chain found. [ 440.339056][ T1244] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.345466][ T1244] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.466229][ T5179] usb 4-1: USB disconnect, device number 49 [ 440.634312][ T29] audit: type=1326 audit(1720375004.279:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12576 comm="syz.2.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19e175bd9 code=0x7ffc0000 [ 440.669088][ T5096] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 440.677726][ T5096] Bluetooth: hci1: Injecting HCI hardware error event [ 440.686121][ T53] Bluetooth: hci1: hardware error 0x00 [ 440.877178][ T29] audit: type=1326 audit(1720375004.279:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12576 comm="syz.2.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19e175bd9 code=0x7ffc0000 [ 440.899541][ C1] vkms_vblank_simulate: vblank timer overrun [ 440.964492][T12581] macvlan0: entered promiscuous mode [ 440.996517][ T29] audit: type=1326 audit(1720375004.279:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12576 comm="syz.2.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7fc19e175bd9 code=0x7ffc0000 [ 441.020492][T12581] macvlan0: left promiscuous mode [ 441.044376][ T29] audit: type=1326 audit(1720375004.279:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12576 comm="syz.2.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19e175bd9 code=0x7ffc0000 [ 441.066771][ C1] vkms_vblank_simulate: vblank timer overrun [ 441.131900][ T29] audit: type=1326 audit(1720375004.309:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12576 comm="syz.2.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19e175bd9 code=0x7ffc0000 [ 441.185932][ T29] audit: type=1326 audit(1720375004.309:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12576 comm="syz.2.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc19e175bd9 code=0x7ffc0000 [ 441.233038][ T29] audit: type=1326 audit(1720375004.309:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12576 comm="syz.2.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19e175bd9 code=0x7ffc0000 [ 441.257517][ T1736] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 441.268995][ T29] audit: type=1326 audit(1720375004.309:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12576 comm="syz.2.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc19e175bd9 code=0x7ffc0000 [ 441.449776][ T1736] usb 3-1: Using ep0 maxpacket: 8 [ 441.469617][ T1736] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 441.501499][ T1736] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 441.519976][ T1736] usb 3-1: New USB device found, idVendor=044f, idProduct=a01c, bcdDevice=bb.13 [ 441.534345][ T1736] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 441.586065][ T1736] usb 3-1: Product: syz [ 441.608431][ T1736] usb 3-1: Manufacturer: syz [ 441.634394][ T1736] usb 3-1: SerialNumber: syz [ 441.646060][ T1736] usb 3-1: config 0 descriptor?? [ 441.659816][T11647] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 441.727317][T11647] asix 2-1:0.0: probe with driver asix failed with error -71 [ 441.766054][T11647] usb 2-1: USB disconnect, device number 45 [ 441.767913][T12595] netlink: 1068 bytes leftover after parsing attributes in process `syz.4.1727'. [ 442.216740][T11647] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 442.420824][T11647] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 442.458492][T11647] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 442.471081][T11647] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 442.481575][T11647] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 442.530005][T11647] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 442.545159][T11647] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 442.555155][T11647] usb 2-1: Manufacturer: syz [ 442.598681][T11647] usb 2-1: config 0 descriptor?? [ 442.897000][ T53] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 443.051733][T11647] appleir 0003:05AC:8243.0004: unknown main item tag 0x0 [ 443.099060][T11647] appleir 0003:05AC:8243.0004: No inputs registered, leaving [ 443.137059][ T5150] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 443.149664][T11647] appleir 0003:05AC:8243.0004: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 443.346796][ T5150] usb 5-1: Using ep0 maxpacket: 8 [ 443.366414][ T5150] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 443.399947][ T5150] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 443.433996][ T5150] usb 5-1: config 0 descriptor?? [ 443.640627][T11647] usb 3-1: USB disconnect, device number 56 [ 444.074454][ T5150] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 444.093841][ T5150] asix 5-1:0.0: probe with driver asix failed with error -32 [ 445.100621][ T5102] usb 2-1: USB disconnect, device number 46 [ 445.505817][T12665] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 445.988296][ T29] kauditd_printk_skb: 31 callbacks suppressed [ 445.988310][ T29] audit: type=1326 audit(1720375009.639:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc907d75bd9 code=0x7ffc0000 [ 446.047426][ T29] audit: type=1326 audit(1720375009.669:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc907d75bd9 code=0x7ffc0000 [ 446.072671][T12679] macvlan0: entered promiscuous mode [ 446.087774][T12679] macvlan0: left promiscuous mode [ 446.124716][ T29] audit: type=1326 audit(1720375009.669:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7fc907d75bd9 code=0x7ffc0000 [ 446.178348][ T29] audit: type=1326 audit(1720375009.669:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc907d75bd9 code=0x7ffc0000 [ 446.250324][ T5148] usb 5-1: USB disconnect, device number 43 [ 446.280691][ T29] audit: type=1326 audit(1720375009.669:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc907d75bd9 code=0x7ffc0000 [ 446.387534][ T5150] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 446.407001][ T29] audit: type=1326 audit(1720375009.669:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc907d75bd9 code=0x7ffc0000 [ 446.518711][ T29] audit: type=1326 audit(1720375009.669:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc907d75bd9 code=0x7ffc0000 [ 446.598818][ T29] audit: type=1326 audit(1720375009.669:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7fc907d75bd9 code=0x7ffc0000 [ 446.600284][ T1100] bond0: (slave bond_slave_0): interface is now down [ 446.656710][ T5150] usb 4-1: Using ep0 maxpacket: 8 [ 446.668790][ T5150] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 446.683768][ T29] audit: type=1326 audit(1720375009.669:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc907d75bd9 code=0x7ffc0000 [ 446.687720][ T5150] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid wMaxPacketSize 0 [ 446.716649][ T1100] bond0: (slave bond_slave_1): interface is now down [ 446.768610][ T5150] usb 4-1: New USB device found, idVendor=044f, idProduct=a01c, bcdDevice=bb.13 [ 446.772015][ T1100] bond0: now running without any active interface! [ 446.786645][ T5150] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 446.795920][ T29] audit: type=1326 audit(1720375009.669:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12671 comm="syz.3.1748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7fc907d75bd9 code=0x7ffc0000 [ 446.809277][ T5150] usb 4-1: Product: syz [ 446.836708][ T5150] usb 4-1: Manufacturer: syz [ 446.841370][ T5150] usb 4-1: SerialNumber: syz [ 446.891810][ T5150] usb 4-1: config 0 descriptor?? [ 447.315426][T12697] input: syz0 as /devices/virtual/input/input12 [ 447.363872][T12707] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1760'. [ 447.421751][T11647] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 447.621493][T11647] usb 5-1: too many configurations: 65, using maximum allowed: 8 [ 447.645383][T11647] usb 5-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 447.682818][T11647] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.697589][T11647] usb 5-1: Found UVC 0.00 device (046d:08c1) [ 447.705224][T11647] usb 5-1: No valid video chain found. [ 447.884053][ T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 447.901204][T11647] usb 5-1: USB disconnect, device number 44 [ 448.070243][ T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 448.163487][ T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 448.203290][T12716] FAULT_INJECTION: forcing a failure. [ 448.203290][T12716] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 448.217045][T12716] CPU: 0 PID: 12716 Comm: syz.1.1766 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 448.227316][T12716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 448.237379][T12716] Call Trace: [ 448.240651][T12716] [ 448.243570][T12716] dump_stack_lvl+0x241/0x360 [ 448.248246][T12716] ? __pfx_dump_stack_lvl+0x10/0x10 [ 448.253463][T12716] ? __pfx__printk+0x10/0x10 [ 448.258046][T12716] ? __pfx_lock_release+0x10/0x10 [ 448.263061][T12716] should_fail_ex+0x3b0/0x4e0 [ 448.267741][T12716] _copy_to_iter+0x1f6/0x1960 [ 448.272417][T12716] ? __virt_addr_valid+0x183/0x520 [ 448.277518][T12716] ? __pfx_lock_release+0x10/0x10 [ 448.282533][T12716] ? __pfx__copy_to_iter+0x10/0x10 [ 448.287635][T12716] ? __virt_addr_valid+0x183/0x520 [ 448.293868][T12716] ? __virt_addr_valid+0x183/0x520 [ 448.298973][T12716] ? __virt_addr_valid+0x44e/0x520 [ 448.304079][T12716] ? __check_object_size+0x49c/0x900 [ 448.309366][T12716] __skb_datagram_iter+0x110/0x8c0 [ 448.314470][T12716] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 448.320138][T12716] skb_copy_datagram_iter+0xd1/0x250 [ 448.325423][T12716] netlink_recvmsg+0x2d0/0x11d0 [ 448.330292][T12716] ? __pfx_netlink_recvmsg+0x10/0x10 [ 448.335577][T12716] ? __pfx_aa_sk_perm+0x10/0x10 [ 448.340439][T12716] ? __fget_files+0x29/0x470 [ 448.345017][T12716] ? aa_sock_msg_perm+0x91/0x160 [ 448.349949][T12716] ? bpf_lsm_socket_recvmsg+0x9/0x10 [ 448.355225][T12716] ? security_socket_recvmsg+0x90/0xb0 [ 448.360674][T12716] ? __pfx_netlink_recvmsg+0x10/0x10 [ 448.365999][T12716] sock_recvmsg+0x22f/0x280 [ 448.370499][T12716] __sys_recvfrom+0x256/0x3e0 [ 448.375169][T12716] ? __pfx___sys_recvfrom+0x10/0x10 [ 448.380369][T12716] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 448.386348][T12716] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 448.392760][T12716] __x64_sys_recvfrom+0xde/0x100 [ 448.397707][T12716] do_syscall_64+0xf3/0x230 [ 448.402211][T12716] ? clear_bhb_loop+0x35/0x90 [ 448.406868][T12716] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 448.412745][T12716] RIP: 0033:0x7f48b61778a4 [ 448.417142][T12716] Code: 89 4c 24 1c e8 ed 5a 02 00 44 8b 54 24 1c 8b 3c 24 45 31 c9 89 c5 48 8b 54 24 10 48 8b 74 24 08 45 31 c0 b8 2d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 04 24 e8 39 5b 02 00 48 8b 04 [ 448.436816][T12716] RSP: 002b:00007f48b6e7fe80 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 448.445210][T12716] RAX: ffffffffffffffda RBX: 00007f48b6e7ffb0 RCX: 00007f48b61778a4 [ 448.453161][T12716] RDX: 0000000000001000 RSI: 00007f48b6e80000 RDI: 0000000000000005 [ 448.461117][T12716] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 448.469107][T12716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 448.477056][T12716] R13: 00007f48b6e7ff18 R14: 00007f48b6e80000 R15: 0000000000000000 [ 448.485046][T12716] [ 448.610662][ T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 448.891581][ T35] bridge_slave_1: left allmulticast mode [ 448.924978][ T35] bridge_slave_1: left promiscuous mode [ 448.933507][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 448.969701][ T35] bridge_slave_0: left allmulticast mode [ 448.972786][ T1736] usb 4-1: USB disconnect, device number 50 [ 448.975463][ T35] bridge_slave_0: left promiscuous mode [ 448.975663][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 449.043426][T12727] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1771'. [ 449.075282][ T5096] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 449.096796][ T5096] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 449.106116][ T5096] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 449.115475][ T5096] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 449.124129][ T5096] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 449.131539][ T5096] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 449.446659][ T5179] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 449.512965][T12737] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer. [ 449.646896][ T5179] usb 5-1: Using ep0 maxpacket: 32 [ 449.684720][ T5179] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 449.722000][ T5179] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 449.780820][ T5179] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 449.807503][ T5179] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.817736][ T5179] usb 5-1: Product: syz [ 449.826313][ T5179] usb 5-1: Manufacturer: syz [ 449.831560][ T5179] usb 5-1: SerialNumber: syz [ 450.075638][ T5179] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 45 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 450.094607][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 450.128825][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 450.159748][ T35] bond0 (unregistering): Released all slaves [ 450.646888][ T5148] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 450.869774][ T35] hsr_slave_0: left promiscuous mode [ 450.876034][ T35] hsr_slave_1: left promiscuous mode [ 450.927209][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 450.962722][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 450.971501][ T5148] usb 3-1: too many configurations: 65, using maximum allowed: 8 [ 451.000336][ T5148] usb 3-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 451.010254][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 451.027903][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 451.035068][ T5148] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.092513][ T35] veth1_macvtap: left promiscuous mode [ 451.152445][ T35] veth0_macvtap: left promiscuous mode [ 451.168243][ T35] veth1_vlan: left promiscuous mode [ 451.181451][ T35] veth0_vlan: left promiscuous mode [ 451.217657][ T53] Bluetooth: hci4: command tx timeout [ 451.251236][ T5148] usb 3-1: Found UVC 0.00 device (046d:08c1) [ 451.333279][ T5148] usb 3-1: No valid video chain found. [ 451.407027][ T5148] usb 3-1: USB disconnect, device number 57 [ 451.417641][T12770] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1781'. [ 451.736922][T12776] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 452.013288][ T29] kauditd_printk_skb: 29 callbacks suppressed [ 452.013306][ T29] audit: type=1326 audit(1720375015.659:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12778 comm="syz.2.1784" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc19e175bd9 code=0x0 [ 452.179511][ T1736] usb 5-1: USB disconnect, device number 45 [ 452.188304][ T1736] usblp0: removed [ 452.613109][ T35] team0 (unregistering): Port device team_slave_1 removed [ 452.683863][ T35] team0 (unregistering): Port device team_slave_0 removed [ 453.296887][ T53] Bluetooth: hci4: command tx timeout [ 453.395601][T12795] vcan0: tx drop: invalid sa for name 0x0000000000000100 [ 453.404635][T12733] chnl_net:caif_netlink_parms(): no params data found [ 453.747604][T12733] bridge0: port 1(bridge_slave_0) entered blocking state [ 453.781926][ T35] IPVS: stop unused estimator thread 0... [ 453.806486][T12733] bridge0: port 1(bridge_slave_0) entered disabled state [ 453.844704][T12733] bridge_slave_0: entered allmulticast mode [ 453.875457][T12733] bridge_slave_0: entered promiscuous mode [ 453.913692][T12733] bridge0: port 2(bridge_slave_1) entered blocking state [ 453.925018][T12733] bridge0: port 2(bridge_slave_1) entered disabled state [ 453.935637][T12733] bridge_slave_1: entered allmulticast mode [ 453.943578][T12733] bridge_slave_1: entered promiscuous mode [ 453.962923][T12779] ------------[ cut here ]------------ [ 453.963314][ T35] ------------[ cut here ]------------ [ 453.968766][T12779] refcount_t: decrement hit 0; leaking memory. [ 453.974244][ T35] WARNING: CPU: 0 PID: 35 at net/ipv4/tcp_ipv4.c:3521 tcp_sk_exit_batch+0xc1/0x130 [ 453.980709][T12779] WARNING: CPU: 1 PID: 12779 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0 [ 453.990105][ T35] Modules linked in: [ 453.999402][T12779] Modules linked in: [ 453.999421][T12779] CPU: 1 PID: 12779 Comm: syz.1.1783 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 454.003280][ T35] [ 454.003291][ T35] CPU: 0 PID: 35 Comm: kworker/u8:2 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 454.007185][T12779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 454.017426][ T35] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 454.019633][T12779] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 454.029846][ T35] Workqueue: netns cleanup_net [ 454.039785][T12779] Code: b2 00 00 00 e8 d7 54 e7 fc 5b 5d c3 cc cc cc cc e8 cb 54 e7 fc c6 05 fe f1 e8 0a 01 90 48 c7 c7 20 98 1f 8c e8 97 82 a9 fc 90 <0f> 0b 90 90 eb d9 e8 ab 54 e7 fc c6 05 db f1 e8 0a 01 90 48 c7 c7 [ 454.049861][ T35] [ 454.056058][T12779] RSP: 0018:ffffc90009e57940 EFLAGS: 00010246 [ 454.060821][ T35] RIP: 0010:tcp_sk_exit_batch+0xc1/0x130 [ 454.080437][T12779] [ 454.080447][T12779] RAX: 89caa86a261e0f00 RBX: ffff88805afd5c40 RCX: 0000000000040000 [ 454.080464][T12779] RDX: ffffc9000fe51000 RSI: 000000000003ffff RDI: 0000000000040000 [ 454.080477][T12779] RBP: 0000000000000004 R08: ffffffff81585822 R09: 1ffffffff25f4eb1 [ 454.082782][ T35] Code: 01 00 00 00 89 ee e8 2e af a2 f7 83 fd 01 75 07 e8 e4 aa a2 f7 eb 16 31 ff 89 ee e8 19 af a2 f7 85 ed 7e 39 e8 d0 aa a2 f7 90 <0f> 0b 90 4c 89 ff e8 04 62 01 00 48 89 d8 48 c1 e8 03 42 80 3c 28 [ 454.088848][T12779] R10: dffffc0000000000 R11: fffffbfff25f4eb2 R12: ffffc90001e83950 [ 454.088867][T12779] R13: dffffc0000000000 R14: 1ffff1100245c864 R15: ffff8880122e42c0 [ 454.094464][ T35] RSP: 0018:ffffc90000ab7a88 EFLAGS: 00010293 [ 454.096805][T12779] FS: 00007f48b6e816c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 454.096828][T12779] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 454.104771][ T35] [ 454.104781][ T35] RAX: ffffffff89f37ce0 RBX: ffff88805afd56e8 RCX: ffff88801becda00 [ 454.112753][T12779] CR2: 00007f87b8efa098 CR3: 000000002cce0000 CR4: 00000000003506f0 [ 454.120719][ T35] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 454.120737][ T35] RBP: 0000000000000002 R08: ffffffff89f37cd7 R09: 1ffff1100b5fab88 [ 454.140342][T12779] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 454.140359][T12779] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 454.140373][T12779] Call Trace: [ 454.140384][T12779] [ 454.140394][T12779] ? __warn+0x163/0x4e0 [ 454.140421][T12779] ? refcount_warn_saturate+0xfa/0x1d0 [ 454.140447][T12779] ? report_bug+0x2b3/0x500 [ 454.140468][T12779] ? refcount_warn_saturate+0xfa/0x1d0 [ 454.140496][T12779] ? handle_bug+0x3e/0x70 [ 454.140523][T12779] ? exc_invalid_op+0x1a/0x50 [ 454.148499][ T35] R10: dffffc0000000000 R11: ffffed100b5fab89 R12: ffff88805afd5c40 [ 454.148519][ T35] R13: dffffc0000000000 R14: ffffc90000ab7b20 R15: ffff88805afd5640 [ 454.156463][T12779] ? asm_exc_invalid_op+0x1a/0x20 [ 454.162563][ T35] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 454.171467][T12779] ? __warn_printk+0x292/0x360 [ 454.178159][ T35] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 454.180356][T12779] ? refcount_warn_saturate+0xfa/0x1d0 [ 454.188325][ T35] CR2: 00007f87b8f04030 CR3: 000000007b97e000 CR4: 00000000003506f0 [ 454.196279][T12779] inet_twsk_kill+0x74b/0x890 [ 454.204256][ T35] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 454.204274][ T35] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 454.204289][ T35] Call Trace: [ 454.204300][ T35] [ 454.212280][T12779] inet_twsk_deschedule_put+0x3f/0x1e0 [ 454.212312][T12779] ? inet_twsk_purge+0x133/0x980 [ 454.212341][T12779] inet_twsk_purge+0x7fa/0x980 [ 454.220341][ T35] ? __warn+0x163/0x4e0 [ 454.228288][T12779] ? inet_twsk_purge+0x133/0x980 [ 454.228324][T12779] ? __pfx_inet_twsk_purge+0x10/0x10 [ 454.228356][T12779] ? __pfx___might_resched+0x10/0x10 [ 454.228377][T12779] ? do_raw_spin_unlock+0x13c/0x8b0 [ 454.228409][T12779] tcp_twsk_purge+0xcb/0x140 [ 454.228430][T12779] ? __pfx_tcp_sk_exit_batch+0x10/0x10 [ 454.231710][ T35] ? tcp_sk_exit_batch+0xc1/0x130 [ 454.234637][T12779] tcp_sk_exit_batch+0x28/0x130 [ 454.238804][ T35] ? report_bug+0x2b3/0x500 [ 454.244246][T12779] ? __pfx_tcp_sk_exit_batch+0x10/0x10 [ 454.248748][ T35] ? tcp_sk_exit_batch+0xc1/0x130 [ 454.254191][T12779] setup_net+0xa3b/0xca0 [ 454.258768][ T35] ? handle_bug+0x3e/0x70 [ 454.263176][T12779] ? __pfx_down_read_killable+0x10/0x10 [ 454.271174][ T35] ? exc_invalid_op+0x1a/0x50 [ 454.279146][T12779] ? __pfx_setup_net+0x10/0x10 [ 454.284136][ T35] ? asm_exc_invalid_op+0x1a/0x20 [ 454.293084][T12779] copy_net_ns+0x4e2/0x7b0 [ 454.297836][ T35] ? tcp_sk_exit_batch+0xb7/0x130 [ 454.304410][T12779] create_new_namespaces+0x425/0x7b0 [ 454.309946][ T35] ? tcp_sk_exit_batch+0xc0/0x130 [ 454.317939][T12779] ? bpf_lsm_capable+0x9/0x10 [ 454.317976][T12779] unshare_nsproxy_namespaces+0x124/0x180 [ 454.322628][ T35] ? tcp_sk_exit_batch+0xc1/0x130 [ 454.330615][T12779] ksys_unshare+0x619/0xc10 [ 454.330651][T12779] ? __pfx_ksys_unshare+0x10/0x10 [ 454.330672][T12779] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 454.330706][T12779] ? do_syscall_64+0x100/0x230 [ 454.330742][T12779] __x64_sys_unshare+0x38/0x40 [ 454.330767][T12779] do_syscall_64+0xf3/0x230 [ 454.338789][ T35] ? tcp_sk_exit_batch+0xc0/0x130 [ 454.342035][T12779] ? clear_bhb_loop+0x35/0x90 [ 454.344946][ T35] ? __pfx_tcp_sk_exit_batch+0x10/0x10 [ 454.350417][T12779] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.350447][T12779] RIP: 0033:0x7f48b6175bd9 [ 454.355358][ T35] cleanup_net+0x89d/0xcc0 [ 454.360133][T12779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 454.364262][ T35] ? __pfx_cleanup_net+0x10/0x10 [ 454.369202][T12779] RSP: 002b:00007f48b6e81048 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 454.374510][ T35] ? process_scheduled_works+0x945/0x1830 [ 454.379787][T12779] RAX: ffffffffffffffda RBX: 00007f48b6303f60 RCX: 00007f48b6175bd9 [ 454.379806][T12779] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006a040000 [ 454.379820][T12779] RBP: 00007f48b61e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 454.384990][ T35] process_scheduled_works+0xa2c/0x1830 [ 454.389580][T12779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 454.389596][T12779] R13: 000000000000000b R14: 00007f48b6303f60 R15: 00007f48b642fa68 [ 454.395054][ T35] ? __pfx_process_scheduled_works+0x10/0x10 [ 454.400068][T12779] [ 454.404919][ T35] ? assign_work+0x364/0x3d0 [ 454.409423][T12779] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 454.409437][T12779] CPU: 1 PID: 12779 Comm: syz.1.1783 Not tainted 6.10.0-rc6-syzkaller-00223-gc6653f49e4fd #0 [ 454.409456][T12779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 454.409469][T12779] Call Trace: [ 454.409480][T12779] [ 454.409488][T12779] dump_stack_lvl+0x241/0x360 [ 454.409518][T12779] ? __pfx_dump_stack_lvl+0x10/0x10 [ 454.409542][T12779] ? __pfx__printk+0x10/0x10 [ 454.409573][T12779] ? vscnprintf+0x5d/0x90 [ 454.409594][T12779] panic+0x349/0x860 [ 454.409618][T12779] ? __warn+0x172/0x4e0 [ 454.409641][T12779] ? __pfx_panic+0x10/0x10 [ 454.409686][T12779] __warn+0x346/0x4e0 [ 454.409709][T12779] ? refcount_warn_saturate+0xfa/0x1d0 [ 454.409733][T12779] report_bug+0x2b3/0x500 [ 454.409754][T12779] ? refcount_warn_saturate+0xfa/0x1d0 [ 454.409778][T12779] handle_bug+0x3e/0x70 [ 454.409802][T12779] exc_invalid_op+0x1a/0x50 [ 454.409827][T12779] asm_exc_invalid_op+0x1a/0x20 [ 454.409853][T12779] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 454.409874][T12779] Code: b2 00 00 00 e8 d7 54 e7 fc 5b 5d c3 cc cc cc cc e8 cb 54 e7 fc c6 05 fe f1 e8 0a 01 90 48 c7 c7 20 98 1f 8c e8 97 82 a9 fc 90 <0f> 0b 90 90 eb d9 e8 ab 54 e7 fc c6 05 db f1 e8 0a 01 90 48 c7 c7 [ 454.409889][T12779] RSP: 0018:ffffc90009e57940 EFLAGS: 00010246 [ 454.409907][T12779] RAX: 89caa86a261e0f00 RBX: ffff88805afd5c40 RCX: 0000000000040000 [ 454.409922][T12779] RDX: ffffc9000fe51000 RSI: 000000000003ffff RDI: 0000000000040000 [ 454.409936][T12779] RBP: 0000000000000004 R08: ffffffff81585822 R09: 1ffffffff25f4eb1 [ 454.409950][T12779] R10: dffffc0000000000 R11: fffffbfff25f4eb2 R12: ffffc90001e83950 [ 454.409964][T12779] R13: dffffc0000000000 R14: 1ffff1100245c864 R15: ffff8880122e42c0 [ 454.409988][T12779] ? __warn_printk+0x292/0x360 [ 454.410020][T12779] inet_twsk_kill+0x74b/0x890 [ 454.410054][T12779] inet_twsk_deschedule_put+0x3f/0x1e0 [ 454.410078][T12779] ? inet_twsk_purge+0x133/0x980 [ 454.410106][T12779] inet_twsk_purge+0x7fa/0x980 [ 454.410130][T12779] ? inet_twsk_purge+0x133/0x980 [ 454.410162][T12779] ? __pfx_inet_twsk_purge+0x10/0x10 [ 454.410190][T12779] ? __pfx___might_resched+0x10/0x10 [ 454.410212][T12779] ? do_raw_spin_unlock+0x13c/0x8b0 [ 454.410241][T12779] tcp_twsk_purge+0xcb/0x140 [ 454.410259][T12779] ? __pfx_tcp_sk_exit_batch+0x10/0x10 [ 454.410287][T12779] tcp_sk_exit_batch+0x28/0x130 [ 454.410311][T12779] ? __pfx_tcp_sk_exit_batch+0x10/0x10 [ 454.410339][T12779] setup_net+0xa3b/0xca0 [ 454.410357][T12779] ? __pfx_down_read_killable+0x10/0x10 [ 454.410384][T12779] ? __pfx_setup_net+0x10/0x10 [ 454.410420][T12779] copy_net_ns+0x4e2/0x7b0 [ 454.410451][T12779] create_new_namespaces+0x425/0x7b0 [ 454.410481][T12779] ? bpf_lsm_capable+0x9/0x10 [ 454.410512][T12779] unshare_nsproxy_namespaces+0x124/0x180 [ 454.410534][T12779] ksys_unshare+0x619/0xc10 [ 454.410565][T12779] ? __pfx_ksys_unshare+0x10/0x10 [ 454.410585][T12779] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 454.410611][T12779] ? do_syscall_64+0x100/0x230 [ 454.410641][T12779] __x64_sys_unshare+0x38/0x40 [ 454.410663][T12779] do_syscall_64+0xf3/0x230 [ 454.410691][T12779] ? clear_bhb_loop+0x35/0x90 [ 454.410711][T12779] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.410735][T12779] RIP: 0033:0x7f48b6175bd9 [ 454.410752][T12779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 454.410768][T12779] RSP: 002b:00007f48b6e81048 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 454.410787][T12779] RAX: ffffffffffffffda RBX: 00007f48b6303f60 RCX: 00007f48b6175bd9 [ 454.410802][T12779] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006a040000 [ 454.410815][T12779] RBP: 00007f48b61e4aa1 R08: 0000000000000000 R09: 0000000000000000 [ 454.410828][T12779] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 454.410840][T12779] R13: 000000000000000b R14: 00007f48b6303f60 R15: 00007f48b642fa68 [ 454.410867][T12779] [ 454.415052][T12779] Kernel Offset: disabled