last executing test programs: 8.852286266s ago: executing program 4 (id=1907): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000000)={@loopback, 0x0, 0x1, 0x0, 0xf}, 0x20) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000340)={{}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}) r6 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0) write$binfmt_elf64(r6, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c46020000000d0200aa1e1c170003003e000839a59434d90a2742a24e000000000000000000deef14b40028e27ebdfd74dafc20380003"], 0xfebe) execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049e9) 8.739510704s ago: executing program 3 (id=1909): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x0, 0x0) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000740)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8}]}}}, @IFLA_MASTER={0x8, 0x4}]}, 0x44}}, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x4001, 0x3, 0x2b0, 0x138, 0x0, 0x148, 0x0, 0x148, 0x218, 0x240, 0x240, 0x218, 0x240, 0x7fffffe, 0x0, {[{{@ip={@loopback, @local, 0x0, 0x0, 'ip6gretap0\x00', 'netdevsim0\x00'}, 0x0, 0xf0, 0x138, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'lo\x00', {0x0, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}, @common=@unspec=@connlabel={{0x28}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private1, 'ip6erspan0\x00'}}}, {{@ip={@local, @loopback, 0x0, 0x0, 'veth0_vlan\x00', 'macvtap0\x00'}, 0x0, 0xc0, 0xe0, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28, 'rpfilter\x00', 0x2}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x310) r4 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001980)=ANY=[@ANYBLOB="14000000100001000000000090d60ab529f98c7576521ad10000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000028100000000000000797a30000000000900030073797a32000000001400000011000100"/125], 0x7c}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000ac0)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000a80)={&(0x7f0000001c00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a80000000020a05000000000000000000030000055300060059e71b2c8afa07a3e3992d652e9bc41e1be11daf180e1943aa7522fb8174d7a6cd36d59681de9691d24d5194d99a58a6fcb0a6584c7564f6d17697cd351e78479952c15658c555e80732a3e833dd63000900010073797a30000000000900010073797a300000000044000000180a01020000000000000000020000060c00054000050000000000000000020073797a31000000000800074000000000080007400000000108000740000000002c000000140a00000000000000000000010000030900020073797a32000000000900010073797a3000000000fc000000160a050000000000000000000a000007bc00038008000240000000044000038014000100697036746e6c30000000000000000000140001006261746164765f736c6176865f3000001400010073797a5f74756e000000000000000000680003801400010076657468310000000000000000000000140001007866726d3000000000000000000000001400010073797a6b616c6c65723e00000000000014000100766c616e310000000000000000315f746f5f6261746164760008000140000000000c00054000000000000000030c000540000000000000000408000740000000010900020073797a3100000000b8010000060a0102000000000000000003000003ac000480100001800b000100736f636b65740000300001800700010072740000240002800800014000000013080001400000001308000140000000120800024000000003680001800a0001006d61746368000000580002803a000300f9555fec8c24dd613100cfbb6544debe63320c168f3186898fbd65569a9ccf84dc60beda587b7d430f8e547427121c6ae122f26e39f200000800024000000004080002400000086e0800010029242a001c00058008000140000000f9080001400000002f080001400000006208000a400000000334000580080002400000000008000140000000110800014000000004080002400000000208000a4000000002080002400000000208000940000000018b00074015a55cd553ae33ffb16fc4c2ced2884df571a5853a3941ad3178a5eb88f9f3745d9d5ea290070dc041863b7919b431a4269cd4561709cb840cad340e56ddbe707df4c9bcde7dac9022950a056c76b4f2562780ba2ce6f1061a3ff4f36d16a027cccaf1b781b014bb9008442727cddedda744499c81e807c604754e0c2c2ba2253bc1f56ff3e366000900020073797a3000000000140000001100010000000000000000000000000a00000000000000000000004e73356686281f1c14551bed8e5ffe37f22e7d9aecd699ac0fb3bde2c2873a7d942417d771a856231b0ac719b3a7ce8bf8454957a0aed2cefe351e36373c3a289db86322f9899d9084fa1a3017aa630f056fdefefc15204c187ed90d3b1d8fbb8e4d8faeecb430fafd6834c8bff59ca8bddd36562b6780b3b9c024f9dd0efc59419b3a20002c102874b494c420556980194ec3f091ee"], 0x3cc}, 0x1, 0x0, 0x0, 0x40000}, 0x4c801) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_CT_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000001940)={0x0, 0x0, &(0x7f0000001900)={&(0x7f0000001400)={{0x14}, [@NFT_MSG_DELTABLE={0x1c, 0x2, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0x5}, [@NFTA_TABLE_FLAGS={0x8}]}, @NFT_MSG_NEWSETELEM={0x2ec, 0xc, 0xa, 0x201, 0x0, 0x0, {0x5, 0x0, 0x4}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x2c0, 0x3, 0x0, 0x1, [{0x1b0, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPRESSIONS={0xb0, 0xb, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_LIMIT_TYPE={0x8}]}}}, {0x20, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_FIB_FLAGS={0x8, 0x3, 0x1, 0x0, 0x28}, @NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0x10}]}}}, {0x2c, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_CSUM_FLAGS={0x8, 0x8, 0x1, 0x0, 0x1}, @NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0xab}, @NFTA_PAYLOAD_CSUM_OFFSET={0x8}]}}}, {0x18, 0x1, 0x0, 0x1, @flow_offload={{0x11}, @void}}, {0x10, 0x1, 0x0, 0x1, @numgen={{0xb}, @void}}, {0x1c, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x17}]}}}]}, @NFTA_SET_ELEM_KEY_END={0xb8, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x76, 0x1, "a9ced1af17270da7d568877308c31902d14c986165f0e2af436d04b2218e8b31cb75f886b40719e7b4746f2321e62412e55d5ddb7b0d60fdc6c93ea99b48f566a31c9014605cd6a295f1f87a6fdb400c3b3c6b1491e056bc6924154d39dc91d0aafa3aa5aa6158dba051e214f7307b155f4b"}, @NFTA_DATA_VALUE={0x38, 0x1, "00f50fe86a2022a1b528ebdcfee21c0a0042290df837110aaee8cdbe65e5b7bb0920e654d82212c14f457aa998789084c4c0ab7d"}, @NFTA_DATA_VALUE={0x4}]}, @NFTA_SET_ELEM_KEY_END={0x44, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x40, 0x1, "ad9ce8328fa8052f8bc55ff7f36b8fcda6c03b215e22e7d92bdda4b59418e1f6913a542f651935b490137dcce2ee71183546c517ff1f0c2615c0b7ec"}]}]}, {0x10c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY_END={0xac, 0xa, 0x0, 0x1, [@NFTA_DATA_VALUE={0x66, 0x1, "e6d8f898a3afa3180c88f026da3452d959b8d8a0d9c108bf9605f43f5cbb68c7ed35b0ce50957c97862721d05442d683c1727369d9b6e66a73dfc01bd6a87bc4465b139ff296664b8450f49439149dcde854007653f417334e13d9a2358f4c4ed646"}, @NFTA_DATA_VALUE={0x3f, 0x1, "5f3d4d2ce03ddaf50db8196d2ab8304201a7a5d8e1f79918122424c389ac9d3fb418d81707e8eedf6fa56d3077896d3db2b19ea5a7da9ac15e2861"}]}, @NFTA_SET_ELEM_EXPRESSIONS={0x5c, 0xb, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LOG_QTHRESHOLD={0x6, 0x4, 0x1, 0x0, 0x401}, @NFTA_LOG_PREFIX={0x8, 0x2, 0x1, 0x0, 'TEE\x00'}, @NFTA_LOG_QTHRESHOLD={0x6, 0x4, 0x1, 0x0, 0x7}, @NFTA_LOG_FLAGS={0x8, 0x6, 0x1, 0x0, 0x10}]}}}, {0x10, 0x1, 0x0, 0x1, @fwd={{0x8}, @val={0x4}}}, {0xc, 0x1, 0x0, 0x1, @rt={{0x7}, @void}}, {0xc, 0x1, 0x0, 0x1, @cmp={{0x8}, @void}}]}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWTABLE={0x34, 0x0, 0xa, 0x3, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x3}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TABLE_USERDATA={0x4}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}, @NFT_MSG_NEWFLOWTABLE={0x74, 0x16, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_HOOK={0xc, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xfff}]}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x3d8}, 0x1, 0x0, 0x0, 0x80}, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r5, 0x8982, &(0x7f00000000c0)={0x0, 'macsec0\x00'}) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000a00)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000009c0)={&(0x7f0000000940)=ANY=[@ANYBLOB="7c00000000010300000000000000000100ac1e01010800020000000010060003401f0100000c00028005000100840000da1b96f06eae0b0bd404d10ae50006f093c389ff15145390797ddc0100000c00028005000100110000000c000280050001002f0000000610124000020000140005800e0001"], 0x7c}, 0x1, 0x0, 0x0, 0x4048844}, 0x4002) socket$inet_sctp(0x2, 0x5, 0x84) ioctl$sock_inet_SIOCDELRT(r1, 0x890c, &(0x7f0000000000)={0x0, {0x2, 0x4e21, @loopback}, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}, {0x2, 0x4e21, @remote}, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x6, 0x0, 0x8}) r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_SECURITY(r7, 0x112, 0x4, 0x0, 0x1000000000000) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={0xffffffffffffffff, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000100)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140), &(0x7f00000001c0)=[0x0, 0x0], 0x0, 0x8, 0x0, 0x0, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000680)}}, 0x10) r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000001240), r3) sendmsg$DEVLINK_CMD_RATE_GET(r3, &(0x7f0000001380)={&(0x7f0000000b00)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001340)={&(0x7f0000001280)={0x84, r8, 0x0, 0x70bd26, 0x25dfdbfb, {}, [@DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}]}, 0x84}, 0x1, 0x0, 0x0, 0xc0}, 0x1) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'}) 7.383632395s ago: executing program 2 (id=1913): sched_setaffinity(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0xffd8) mkdir(0x0, 0x0) chdir(0x0) open(&(0x7f0000000040)='./file0\x00', 0x40c5, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file2\x00', 0x10001, 0x85) socket$caif_stream(0x25, 0x1, 0x1) r2 = socket$inet6(0xa, 0x3, 0x0) setsockopt$inet6_int(r2, 0x29, 0x10, &(0x7f0000000000), 0x4) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x0, 0x1) r3 = open(&(0x7f0000000040)='./file2\x00', 0x0, 0x0) syz_open_dev$sg(&(0x7f0000000300), 0x0, 0x0) r4 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VIDIOC_DQBUF(r4, 0xc0585611, &(0x7f0000000140)=@mmap={0x0, 0x9, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "d3f61e4a"}, 0x0, 0x1, {}, 0x4}) ioctl$BTRFS_IOC_DEFRAG(r3, 0x4c00, 0x3) r5 = socket$nl_route(0x10, 0x3, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080), 0x8101, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0x14, 0x30, 0x871a15abc695fa3d}, 0x14}}, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000300)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @private, @loopback}, '\b\x00\x00\x00\x00\x00 \x00'}}}}}, 0x0) 7.349779364s ago: executing program 3 (id=1914): syz_emit_vhci(0x0, 0xd) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) sched_setparam(0x0, &(0x7f0000000400)) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000003a80)={0x0, 0x1c, &(0x7f0000003980)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}]}, &(0x7f0000003ac0)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x6d, &(0x7f0000000080)={r2}, &(0x7f00000000c0)=0x18) r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r4 = userfaultfd(0x801) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000280)={{&(0x7f0000576000/0xd000)=nil, 0xd000}}) write$binfmt_aout(r3, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r0], 0xc8) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=ANY=[@ANYRESOCT=r1], 0x38}, 0x1, 0x0, 0x0, 0x4c005}, 0x800) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r6, {0x2, 0x4e20, @rand_addr=0x64010101}, 0x2, 0x0, 0x4, 0x3}}, 0x2e) accept4(0xffffffffffffffff, &(0x7f0000000540)=@nl=@unspec, &(0x7f0000000200)=0x80, 0x800) mount_setattr(0xffffffffffffffff, 0x0, 0x100, 0x0, 0x0) r7 = syz_open_dev$loop(&(0x7f0000000180), 0x7, 0x2480) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) write$binfmt_aout(r8, &(0x7f0000000100)=ANY=[], 0x1a3) r9 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x4b8, 0x0, 0xffffffff, 0xffffffff, 0x120, 0xffffffff, 0x3e8, 0xffffffff, 0xffffffff, 0x3e8, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x100, 0x120, 0x0, {}, [@common=@srh={{0x30}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}}, @common=@mh={{0x28}, {',\n'}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@private0, @remote, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x2c8, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00'}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00'}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "17449c9c2a05e759713135ea9408fe6ca9b4b6152370a8dc206c4db34042a37edc63bd17a99fdd947c344b24556921c070477e13b6acb2af09498a96130edac4"}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x518) ioctl$LOOP_CONFIGURE(r7, 0x4c0a, &(0x7f00000002c0)={r8, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00000014000800000000000000007f"}}) 5.249608584s ago: executing program 4 (id=1916): syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="03000096ebc2c66584601f003d5eceea86c5b4e4c22e7d73f8c4023570f400684f05afa738be36eec766c4520117c4509c8aa8113e9030f33d953fabfa1f8be7a4dcf4eacafd3b2610329733906bb2051dfe326329d8fa7e4921add887812104e226bf9cf3fab7af4a47805227c0b05145b51fadabcd55be1fd272b82f6dd32f35208d7aac762d4e6de900"/154], 0x9a) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f22"], 0x22) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240), 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) gettid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000400)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x8) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x15) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x2, 0x1000, 0x3, 0x1, 0x1d48, 0xffffffffffffffff, 0x5fff, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x4}, 0x48) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1e, 0xe, &(0x7f0000001600)=ANY=[@ANYBLOB="b702000000000000bfa30000000000001403000000feffff7a0af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7040000050000006a0af2fe00000000850000007c000000b700000000000000950000000000000000e154cd844a954b26c933f7ffffffffffffff55bb2007ee51050512b5b42128aa090a79507df79f298129da487130d5f24bf901115e17392ac66ad029d1c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1efc5f9094fa737c28b994a8512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d6f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804d4a69bf9bc5fa77ee293fbd165a5a7c31de7910d1ed4065a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db3503680e5e5971ff4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dacfeb47479321a0574fb304bc2a1681989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f3de8726c2a61ec45c19f97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde0745db06753a7ac7fe13cab6692422a46e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c9bdce38c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c5f1e24d9f679e4fbe948dfb4cc4af05c28308241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5490f6589880ed6eea7b9c670012be05e7de0940313c5870786554df2623d58f5ace92d028f2c71a6ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77962a2cd8a104e16b77d5f7f13b1640d43e11801140caf1a8b1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b905fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af0a77fbcf2cd1d0000002000000001c800000000000000000000000928ee53595a779d243a48cea769470424d28804c026ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf34117a82a96b2ced73abb8e4bb718d6ee7aebf9ef40662d7836d252c566f5ee938a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c74f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7eee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab50fe82d5a96b09c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada209bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cdfba05e3633be3f00000001762e5f5a3a0bc33fdbe28a5ffc83f2f08544eb2794e7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5d81e750d50515a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f85d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d801002653c4d9818708e27c89b552d3fcd11ebce9c764c714c9402c21d181aae59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff2a8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4000000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b850580994484305d7a1759782ae57773e0d8b0ab900edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af0bd91e328b6a6f732a91f0e2e9120be61e58c79d497247d278888901d44bf77ff246605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c2d0836395fe39f0e11c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc71300000000000021000000b12f0ec0412268860027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b50f3ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861ddb54684cb73e7aeefae47fa09fd88e6043bd52ae84c1bb0c8a6b769f952283a1f4e3842edb3d42c68a2102fa1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e81163bde261fd00000000007271e28ef6806bc8e139c49b91c76b0d3958f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d1b8b90bc0df4c4b51b1f922a44ec675203bf8d1548e49262727c3de6daab3b4ed15aa99802e45d0620617e839b5237ddfcf103c91e61d174e3be6c9fd47398797e3b814e751ff31ecb42de6dd9d6b88121aaa680c236a303914e00150e1ec3f144ebc28287d5b51cfb8cabb844d12b140767d0fc24425590024b2e431722392489e3d43b3e31438a0138988083c47c61384d54e9a40fba01cac6e59ec82edc764840fe551c1d57442970cd8e59b9f41094e158c0a1ee855d8515599685486c2a21fa1c107531a0db8306441e8408b34aa90e9736e672d74cb8e78f8bdb93a23d024fc200796836ab396911a56231e953efad6cd83db32ffc595d970108e9547ea0000002730d5d1b70fe8b458ac1651135037b6cb9c8053299f77ab84c5b9fd2f764c3caa9c69377c397d310ddc7bc4bfa165def7b49e28ef196ae263b6829a8419d8860f56c86c288964ac4bc19839d96ff24b981c3a4fd6f93a000000ea9d6b06dafae4c91177"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0xa}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x50) syz_emit_ethernet(0x84, &(0x7f00000002c0)={@local, @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, '\x00', 0x4e, 0x2f, 0x0, @remote, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x37}}, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x880b, 0x0, 0x0, [0x4]}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, [0xb, 0x3, 0x40]}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x6]}, {0x8, 0x88be, 0x2, {{0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d}}}}}}}}}, 0x0) 5.030214608s ago: executing program 2 (id=1917): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) clock_gettime(0x2, &(0x7f0000000040)={0x0, 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=ANY=[@ANYRESOCT=r2, @ANYRES16=r3, @ANYRESHEX=r0, @ANYRES32=r4, @ANYBLOB="0800050002000000"], 0x24}}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0) close(r5) socketpair$unix(0x1, 0x1, 0x0, &(0x7f000000a300)) ioctl$SIOCSIFHWADDR(r5, 0x8b37, &(0x7f0000000600)={'wlan1\x00', @remote}) sendmsg$NL80211_CMD_CONNECT(r1, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000900)=ANY=[@ANYBLOB="50000000080211000001080211000000ffffffffffff000006000000000000000700010071f949364f2115f8e26f0006020202020202010802848b960c1218242d1a0c000d0600000000000000040088001900000001000400000080"], 0x52) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000340), 0xffffffffffffffff) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000380)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_GATEWAYS(r6, &(0x7f0000000440)={0x0, 0xa6, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="0107fc000000000000000a00060008000300", @ANYRES32=r9, @ANYBLOB], 0x1c}}, 0x0) sendmsg$BATADV_CMD_SET_HARDIF(r5, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000480)={&(0x7f0000000640)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="000e2bbd7000fedbdf2310000700000000020000ffff08003c000100000083366e9f46236b8d4aaf19c917c58ba63f7ccb5d020b54af7d8ce769bcb2a2c3b350437b10722439df10164f1de2a105bbd9b55103618011feeb1abc9ff13d8dee72accde5b51abe087165e0141695fd6fcded680b7e4ef27b44c3b4a1d71089f76ca09c48eba2c15463a3288951b42cc8740dd205333ae97a059240dfd3564a"], 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x40054) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="160b00000000000000ce4bb60919ff8ef40d4d1fa480ba0000000000e6a78e81dc301a17e4cbe7e0b3d80099d4c3db7d1190d920ee0d1037d68a3bdff58b9644ab7a4f849870d8d57bf479abfb3793a0423431e5144addd0694d060000000000000081043a718d03fd0c096663961ca9a50982c86bb615a0306190077f5a22230ed4373df1046ebd12b344a4adb5928f88b8a9c7420a66ec5818c4e5a03eee7e61566dda6148a3bfe243a34a608d44f15ca9d7fb12d18c1c02cdf4e2bd07df04000000b0d2cf", @ANYRES16=r11, @ANYBLOB="010000000000000000004a00000008000300feffffff0e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x3c}}, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, 0x0, 0x0) r12 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/pid\x00') setns(r12, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000000)='maps\x00') ioctl$NS_GET_USERNS(0xffffffffffffffff, 0xb701, 0x0) 4.913332073s ago: executing program 0 (id=1918): add_key$user(&(0x7f0000000180), &(0x7f0000000000)={'syz', 0x0}, &(0x7f00000005c0)='\x00', 0x1, 0xfffffffffffffffe) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ed000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SOUND_MIXER_READ_RECSRC(r1, 0x80044dfd, &(0x7f0000000040)) 4.821808693s ago: executing program 3 (id=1920): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x15, 0x10, 0x0, 0x0, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48) 4.581077371s ago: executing program 0 (id=1921): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) io_uring_setup(0x497c, &(0x7f00000001c0)={0x0, 0x0, 0x2000, 0x0, 0x21f}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000a80)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8}, 0x1c, &(0x7f0000000100)}}], 0x1, 0x0) shutdown(0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f0000000340)=ANY=[@ANYBLOB="0000010040c3f2be96f36c88a50bc51cc1e42968f148337dedb747e6c68f6541a3387929b2"], 0x9) creat(0x0, 0x1de) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000980)={0x23b, 0x7d, 0x0, {{0x500, 0xfa, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x04nodev{cvfox%\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xcf\xab\x00\x10\x00\x00\x00\x16\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x5e, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x9d,;\x9e\x1dR\xc3\xd6\xda\x9b\xf6\x99\xfa\x88\xda\xcel\xde{\xa4\xa4\x00\xb4\xb0\xb4\xdb\xf6\xc6\x9ai\xd0\x17\xce\xc4Y\x06\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1a'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x23b) writev(0xffffffffffffffff, &(0x7f0000003480)=[{&(0x7f00000034c0)="50bdc2efb8d0fecba7b9f07a11d112390f893112a87c4a10d97d6bd1cab082d5766613a937e7a6767af05b68c4338a3c306fec8bb9b83d8f28a04683cbd386d1d8e427b02d3ff427a0569c1682e4dcc4aa4757a01f0ec405b764df476ddc99387f04b96c82a87b3945b849965bf6320d38c85cbe36014658c0df25ec9415a444d6be387de48cac69f15b6b1d45c0f8e62b54f0ca13368cae0645969feb781db89a70463e42d3197672063faab45c46b5c3e621282991cdde50f9af1a12760812b23b29dd4fffe2a0cb4474e9fafdaf2083280a3be1f0a57329a984d2ef5e62186ac555a55e8a273c0834f2da14f0b8b6242a12cc1af203bc142cef6c0048d3e56fcb85e0deef0fa9f3c18f9a7c04caae4d57d3d4b139660a533aa9e25045e93e1be2261e166c6b7ac7855446fb863c0e6ef7c8137202ee7c52450c78c89d8a7aa278b5511e9b769209ac0747084b9c553150d8a6f060153252b4c5fe69a0ab271f85b7400358206e9d220b0065b3f94657afb4bf982e641cbe07c8f3e92b17e7e2c49174fd3bd89719d465f6de1708e1e25ad6185203cd51b939d485865504efc571ecc5915767c3b0dbd097e80c38532d7a322e48fab7a6811816d6247a644864248d635bd61b46ab09bfcebf86e06c08fb112d072365afa6bf1292f540586e16bc640f031c740a04bf61df1aa00b99ff99a49c73d5dffd1523c6d5c2d028ce3577110f15447cd87914a5534f45d9e69a8e51bfdf343f70c7c4a5ccbc62b4ad632d48f93a38361907ed686b76cda7ed98df7f04d881712280db912133fbbcef41e918e6cda8a1b25da503721e13bad3dee199f9357260c4aa7ebe23ec5c13ed13f33f9176ef2cbdec432fd6d07cdabbb051985fbd4d69f9eb09f3d6b1e78870ac6a59eba73fa5df0d1a708d2673684856cf504a2d3bcb0038605831c965e8e0c6090a0457462a6ea7564f57696219af371c120cd4565d1e278f233d738245b758e6e6b4d7c434fc5ecaaf72cc57889d10c1e2c465a12fdb25d0f653e464cab62a4179f5bab38c560a12dd5852ed2684c30787774690cb7b4f9b5f4c573759a60946d7e6708d4c520354cd7b310986ecb5569f3ba1e322ccd2282fb8ca57588b21c46ca0bfc1d50bb43cada0ca6c8337d66e6829eadfab60c38bbf58cad9e611b3ed84dd8f00be795673b5a611ebb1e11a54b533d9d064b5df4d1203bbf1f82a9f63c178e9441b538539193b28b70a6045e6c8f1cbddf97ff79525801bb9bbf59ed76fafcc29c8317f3f50ef5cedf5f767747ecbee95bbf7251a92382ab1ee0ac10c206ee6a4cdd4ac3fa8607c66ba19309fb0fb646c787d226d55b9f8158a3835ee5d1565f5c4fb41339088f06cc89c670da67fe33ce1f20327bd989de43e6a62a135e0ff3d3949b08bc6d46aec46ad100059cbf987054690de9764ad56dcecf5afcd19cfad537b571f324858908b86213b7420e12733cd6a192bf1f69651ea1043b9fb12bc29ced691f7ee3eaac4618732f173c424707bcac7cea3e023da9af43a7e6c465feab01f246adaf8d573e5aa578af8b36ffdd39c1d48787739bae6582b63cb7755a9ddca85a0614994d793b8f023a0ad28b5e2172a06d59ddd646e8e8de0022902f6016d60019c4ec2a753d41ddc47303d4b490c116083eb19dc36e0805b4b748f47189d288db04be485cceb5a0656e0466877526b6395bc9053cd0d703127eb912964c052442535d2d03b89cd4e1a63ceefaf043509416f79dc7507c0f84dbe881bee0d73b4e40c062d953ab2eb631bca3d71aa08bc903953cc0cb71b04b11123f5ac9ce03501c7c706130808bba16f2ccc7b0b7a5da5ca9e48e46d08f04be516249298198cf8487e3361abf2071f9d41974e9ecde5db520960eea20028ab27517b7a8ea820209107a79da17bb2c4fd11da3a4b7f71c211517c7c2c823efa85ffc100286a987a81fd266f3df86704af9a227b06f93d6ab9a220f9572591e2628233691ec5cbd04220143bdcf6b7cae2d562b98c2db8cb7534d4774159fb6b47efb7a2bcc2b8726f9dfbf68b96b3341cd9452765af2c48a2430f242facd2ef9bfb99edb16ba68c4cc7f098b4d561fc04e51121fae6d25fdff1c86e13f97c1b432c006eef5424662f657143ea858ce7e3797f40089facdf96fa10eea15a20d107e89eeab1526939f6f46cfdac6717691d8aa01819f1992d1652ff3b02661e209633270dae9b024e11933ab0f11487d488c60927ba56b12add87e89503e1d2075cd68b48da65a150c798b671effccb21332c980b59250cce776df49d4d6e958172508d325a7dc7ca539dd89db8a0a22022b9cd2b1a545c8e10d3e836b2f7f379c1d868f90dfde77c157d03a72c49985607d2fdfe31ec68acf31dba08755a63fe2acc8682ddf707b1a1e81a7fb1cc51aedb44c354bf053a2fac29845322ef612b89c5b70fac061075dd7ad7c715534d801850deb118b7414369b0357e2694d88bfffae67e82fc82202286459c8cef40ad588f750c7f50d8107f0c9c51c345d101772b921d69954ff8c41bc6fc49a8b101176f60f15515e726c94ac27a6ddd8f03fb47ef616b5d17cf00e78d8909518082ef86e32c42b8dd72c8ee084171ea61465ca3b4169b6e3abd300a1c2247ee45eed29948355096f6dba394a56d8df4addd4529d834ec8f27d4957d81fca5091004ad3ecc98acb72392689b8145a5a9ec8736464c6544a64ca40c44359429b91690bb592707c6f3d93a85766ca6a754f5bfa8824d8ca6510df9b39abb5c84281f61100507d2014eba19031e654601f0c7d7ae9c45ebbe587fbc2dd299c14c8af310c5ac41be08ea71ca18fe732eeca736af024bbafc77e38883647dec12", 0x7f0}], 0x1) r1 = syz_open_dev$video(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_QUERYCTRL(r1, 0xc0445624, &(0x7f00000000c0)={0x8000001, 0x0, "679c51ecbc83d1e22e845e3ede57135adc714d432546da16827000"}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x4e, &(0x7f0000000000)=0x1, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0xfffe, 0x0, @loopback={0x0, 0xa8aaaafffeaaaa1e}}, 0x1c) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f00000002c0)={0x34, &(0x7f0000000500)={0x0, 0x0, 0x2, "ef26"}, &(0x7f00000001c0)={0x0, 0xa, 0x1}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f00000007c0)={0x44, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x2000006, 0x10, r3, 0xffffe000) 3.750576304s ago: executing program 4 (id=1923): sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet(0x2, 0x3, 0x6) syz_emit_vhci(&(0x7f0000000b40)=ANY=[@ANYBLOB="040e05003d20"], 0x7) r2 = openat(r0, 0x0, 0x1451c2, 0x0) ftruncate(r2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCDELRT(r3, 0x890c, &(0x7f0000000140)={0x0, {0x2, 0x4e23, @remote}, {0x2, 0x4e20, @loopback}, {0x2, 0x0, @multicast2}, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000100)='veth0_macvtap\x00', 0x7, 0x8000000000000001, 0x7ff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'team_slave_1\x00'}) r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000100)={0x2015}) read$FUSE(r4, &(0x7f0000001ac0)={0x2020}, 0x2020) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r7 = dup3(r0, r6, 0x80000) fallocate(r7, 0x6, 0x8, 0xfffffffffffffff8) ioctl$KVM_RUN(r4, 0xae80, 0x0) socket$packet(0x11, 0x3, 0x300) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000001080)={0x0, 0x0, 0x0, {0x2000, 0x1}, {0x6a, 0x2}, @ramp={0x100, 0x8, {0x9, 0x6, 0x0, 0x4}}}) r8 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x862b01) ioctl$EVIOCSMASK(r8, 0x40104593, &(0x7f0000000180)={0x1, 0x67, &(0x7f0000000100)="f13b8716bcfdcca0c8af3538908cd9249f533b44e0242eab855e96f55b9ffada39f62d8b23dd050e4bd47c6e12e3bd98840d9ae70008ed417a94f6c6b2fccb3a3bcb625653302c9301e4fe75a70cdee4c457f97a50895e6577df2340fb458bd55be572ac782da8"}) write$char_usb(r8, &(0x7f0000000040), 0x0) ioctl$TIOCMIWAIT(0xffffffffffffffff, 0x545c, 0x0) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="18efff0000000000000000000000000085800000cb0000009500000000000000"], &(0x7f0000000140)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 3.621264173s ago: executing program 1 (id=1924): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000540)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10) write$binfmt_script(r1, &(0x7f00000002c0), 0x1000a) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x4, 0x4, 0x3e8, 0x200, 0x200, 0x200, 0x300, 0x300, 0x300, 0x4, 0x0, {[{{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local={0x2}}, {@mac}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'bridge0\x00', 'erspan0\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local}, {@mac=@multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_vlan\x00', 'ipvlan1\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x438) 3.617765494s ago: executing program 3 (id=1925): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELCHAIN={0x20, 0x5, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x68}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000000)=@mgmt_frame=@beacon={{{}, {}, @device_b}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x2, [{0xb}, {0x16, 0x1}]}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x71, 0x7}, @void}, 0x39) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}}, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480)) syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001740)={0x20, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_SCAN_SUPP_RATES={0x4}]}, 0x20}}, 0x0) 3.391486482s ago: executing program 1 (id=1926): r0 = socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000900)=@base={0x12, 0xff, 0x4, 0xfff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) syz_emit_ethernet(0x44a, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaa00aaaaaaaaaa0086dd60cb653e04143a00fe800000000000000000000000000000ff0200000000000000000000000000018600907800000000000000000000000000087db4265c9f6aa3b46521199ea778d105c24ac1fd5315e8b977edb940e63f49a7129f45462e5eecc39f468544e3c13aa9017ccd638e784912ef2c2589d0d45cf0ed4bbe90921800000077130c3818a2eaac43f1a6efc4f7772852ea05bff405aa28758ba53e0f2060e4e027f24bb723a5571d0da2ebeb3fe47f34e606cb3987e3681841f511126b773758e143f6be25d6965fcca35155fec3f970e2067f5db8a5de787eaf96b5957e6b988c02ae9fe26ec3118d9fdcca129d1269b290f687cde5b4eaba737c806335ca0d1e43697d144c6df4dc0d31e84004bc22e87b6e2daab5674479c76a1be360d309e7e7e5fa089032b331a3ceea18d92124681c0b78a0f1665ffcba0bee11950f6b4912bb302b3e648fad7ff4862ccc823e720fdb20af8ab0a6a09dfcdacf69923d60a0efeacf81e1e7e17db9547a4962bdec794c013af7210e54d43f3fe7da2f88c674f4cfd818f6a7461368bf62f1d5f98fd9394eb74bf0559f1c6b1ebec57dba007f143108ca4be3fa330cc21a411b0b7af23ebd9282be17fb702a5ca61650b283eec78e0280e4f2713b42bd4e3615c48c55c1abe5827601038109736f9c6b7242e7c9c917309397b864eedf5ca71db1debb609b6381b54955706017731319e0cc41083f99bd11da748b47d8715080899eb15caf19df36632b73bb22596b8e16186a2e51e277f8c78df609ca44a83914e8f7a8b053210573941b560ff8b114326678c6851c74596300b1c2a1ddc0af5b4cb5f15fa61e42214341368152275070973f3063f35fded9eeb535a0837783921dc2b705e0a0ceacca1882ff23813bc9199a9be39559c9f82a7452ce6113780cd7d26f532b72603afbfe994f5baf7257c9a33b9ac1ecd0b69da263daa9ac7e6a8d4400341926ed1f0c0e9086009c7945c0b255716f5b0dac45a9af480dc1f17beba2a2cddeafed29ecc91ce704895e28d0c46e639591c667a7f34500ea98ef557801dccf733fa61f3cf6740e40418745a42a738440ba9fc2ec415ba0fbf34800e6987b902302d552cf869eb350a9a862cd946f8285b03f03067dc9bae653dc701d97c7e6f7c1f0767624ac9e48b041c51697968b1e1733921270e569ac0b1ac7c25d00936ad05f14d67d3225d6a8cecd9fb63205ab14131e2e742977860e4a38ec056cda185aa357a059d0180056816a7902bdc0951253005099039bd945a6a4e525123cd4fcb8c5b335626464707fc21e92039b9190020eb9ef84c61cddede466a4c3ea2572927153997c33433ce9de0a7d2ed0b5fb0dce9cc6630bd0635a66be0cb490689169618184e896233d49b8f0e0717ae5d557333d54887ed8d983ee01091326af86e76583131104c66753efd58c32e499be23a05249b98e505c4c0237e2e70506fed29a33169d02b74ba5cbefad267e1107f4468e1144ece9656d35b88e405405fbb143"], 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newlink={0x50, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FWMARK={0x8, 0x14, 0x3}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @local}}]}}}]}, 0x50}, 0x1, 0xba01}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000", @ANYRES32, @ANYBLOB="00000000000010006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0xe6, &(0x7f0000000140)=""/230, 0x0, 0x8}, 0x90) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) unshare(0x40400) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x4, &(0x7f0000001540)=ANY=[@ANYBLOB="18020000e2ffffff00000000000000c685000000360000009500001800000000922ae83713ab9600010000801b10fb54a8cb72d232ad558c46fff4208d4990ec11ce9413ac30e00bd0081f8504e19a5183d769676520e98a263345e44d5ad12bca35510100c4d86abeb12303ff1c9fe0d0020000d60400000007d3670000008aff66d6b3181ffc1d62a3954c1198bbc4fa13aee48ca9e8969faebf3183fe803ab3f5024b52dc265b36fc9dae00a09404f01f9504d0976d252bd8d24538556e5e57bee3b8cf464ef3c6a7def8bad3ca6e3abdb21696e340bb8e2a093add57196b40def3858ef569147fa4108328392d322ab5df10a2f69a6bdf72ee7944e810d0223917c3d042410f57466f59544047d6d8ac44060000000000ee16c729300d2301800000000000002b5a8b05fcc154ad5290a8cdb97c343f454ff69dd6cbde49b28a6cb5f4fc0001745cff6e00e7ffffff0000acf3209a08439f1ff01779b6f6df7e02aa6d7760525b595fe1f697bc114ed1778e97a3f0395f946974cfb458be2a34cf924dc37b5592bf17956f3547497aba814382ff67b345b677a9d6523d87008000000400000000003fe8613ca29ff92be0d8deffff7b68136b0046d535dd39c0f35408869e9b342b953f91447e6b9eab304f134306320600a44095254b45a6c1312a13696c7202df5f764713504facc532c5a6d44d99ec7530ed7b0311000000000000e54e9072a22d911f4a2c2e2fa806e63c5cd98a8569a6d6bcfb000064885117e2ad910eae67e0ebe380d0f648713e68153579e02d71c58d147b00821ab9a6475b31e1ebf1369a04000000fbf3983f283f2f00000000992774814d63c933912d000006000000a66acb0a38856929e7d8b1b06c9bd5d7e5490f3b8596b694ea9483bd4bd287c83dd998a74694d18bdd8ad0983bc90770bbd26a82b9d99d5fc04563b523c47ef8c33400e90d02000000000000000edf1147a7afe772cd45af8aeffe2753088e02ca6bb2feec446ce7dbce66f0a93a03371320980865c7c62ea4d8f8a864dce9fa85aeb0454349100296ee2dba39c3f6fd6cf96714e11fe03b5062809a7418b165dd0336d226bac1e1223be1c97b15175d0e664beb126000e96549e1a1228c686edb475b705eaa9515c96f4fc6b3c925ea404e0f1de61026dc6c6618580fd6ce9eac602c1756f6d1056712412131ed9925989e01eae489ec7052e0ed72c326c7a8aa63999e2297c54ce1822d14b7c7699a9d0600f11f2e7f474cffbc35bc8623cd5eb68af82275a940be0400000000000000bcc3fbe7d90de96d6a8e9f32f18d1f606b381e4903b500000000000000000000004a2357ba5f6000de1cfa88b7165dcf4f2aaee86d4802000000000000008fdb686d5da2a42e4b5024b6535811f362201d4f82012e6af704973d04ea923c19e6cb723c1923b3eea2d73e176dff383c9fbbac53dfdcb1a68c98e96fe39eec23963faf3ebed3409144c7c53d6318ced678a621450a9b01e9f2772e5f2999d3435da02556e36c3215d2bd4e96c93bff3ad04a82ff3cfadcf65eb92adc6c68d66b11cb2d7556414a86dfa94bb7aa52c7febb1e9b2efcbbc5bccf9d39bed802f4f056976a9a362ee9cc624ec454b90200fd9603f96908bddc14500000000000000000000000000044d917c62b27679913075731e8fddb07c10c82002d60181588ae63a440454287de9e340f611267f37bdd0f2d21cb06fcaf45a0a297e396f428d43371424b307eef82c5d6d19f3ef0d3b8f7fa51957e3099caab31133b34a1d3eebc0f0c9056df2e9667ba0b55695c78d4010079b07e7aef7785e2486472b5cba1f3346c1e8e23deb8c82bb6eb2c72c484241dc3b66da78260f800fffd39368b952f6f4a10295c50c887a31d8b543c5d10f2dbd4d0b84eaad43feb6e169a9f2fcff7000000000000000000e011bc6366f56fa787f212c1f8c0f47f50b1e9b5d841ea55fe569bb7bf1e78191c8a02ad436725771738a2a98891971e3b932352896e1ea10f62e8ef7a87e16151b39d6c27575714540d8c293a3fa4b5a825360423c1cbc8b5d19167152823ed853140edda002c16c842b168bb55f6bb713deb57d0aa78d6d4e5fc5be2c402bd246128f41bcb02000000892b135a92e8c844938aa98ba4839a1408a696454d40e5eed4d4dce481ca86bfac54c330331b7f2cde17cbaeb0377696faf546ecbe742d73d47d726a50f6e752f3325255bd7e8b5923aa3cfb6f7e06494f21ca450139c558000000000000000000000800000000000000000075aa0000000000000000000000005560bd9eb81e839e4992e64b074a66cccccf00334fa94da8477be7d99b558ec6a5b1596ac1e7617c6b32eed0cc70286caf2c5189a103f4b0b04aff171c4d388ccf67fea37e782f025c04fe8ba975cf616c7134d6934e2594c853cde330a193a967d907a8c88fcb033e680f559a72150cb900bafcd536f48797915a2fe9922ce27300009e1b36aa4730117d9b00000000003c630000000000008fbbd11b015c415ca04192fbfb1a8b0e3460af35771dbac10062835c9bab3ad09f7a022c52d800000000000000000000400000000000000000000000007be52c0d05b4cd120400000000000000000000000000006ec473c54399b7b8aa1ee46132fc45da8292631178cecf19550108b8b8423de42957ffe9bb6d752e68d2bc2ce777a17bf4dfdfee5de0f3e4dadf51ab03d2165ccc9562827b762fa611ba5f32861c19dffe1dc9fd5c41cd46cf131fd6b0c2ddad90ac33f768f9ecc70327c59918fa5a249befe98262f53c8182d95f6da3698a6a88c2c31d801a8f1f5e0ce05138d5422da0a6a62b9dfe1f39775d1d0c9186096415f544aaf76b0a1c877a6c826a5adcfb22c4a0e5a46271caa3eaf4f389dd5f3c20dbddc0377a4266d7b9fd61b9287e9b4be0a413ee31be0ddecab0ef7b25cba1fb3654ddf291ecb7768ac1e177042cb4c452fa6b396695000000000080ffffff87da23d6855500fe8510b51e13a890e394b84a6ea2cc8d42b97c697c29122298d55e2e1cca8e07abda2606a3f381c64b9fec0000000a7965e4854e8e3572ad5149b3872342dea9252132860c9af1bd5fe263c0313dea5d6e0c11a466d6892ed65f34667dd79b07b5cbdd8aa7dd561a26b5562d4861a7e1b0f48930e0b696ea3bee7eb72794e163d7aeac9a0fa5403ac9cb421eae283b0550f1d0d339cd7b96e71d3ab48ad9d7975e0c9b117f71d3ab80a0c9b0284ecc469fa6181c9c71fce07a6ffb23296a107763138e8d9876291af2076890c47925ac773d95d2ca42acb3e5f3a1550665b898462c139ffd0106bc8a61b6117d252efcab7106b4c3a3c13a70ff452e9d2096142c517b0e91b5cf88332faca5b3ee96363065c3ce32d3d39ec36e20d597e05664f2526bd918090649da11f7299789d00f5024df1e99d3efecb9b457642fe810370ba4fbe00fa60a28af966a27a1659e448bbe43a1dcd2ea760018b57a36ac41ef2051a7b703d55c0602540663016e20d50385766df4dac47802a55bd38dd767ee9960c6daa704fc5d01a1459134d1b9edfde3be9e25a110228c64253588ff420644dbc0854e69a7bdda72f93ceaccf92cfe7dd6296c950db10f6dd8a5ef9b73cf6a12a1ba16fdc7e35b805f4fd2fcff0a623722149c1465e4de2d53f0f10b14c21865027abc71a12cb1e9f8029c7a20000000eeb0d53a83e518c8d2052c08b515d9d0bde24ac4e798040c7db0bb03c019507d6377f3d5dd94a27abc6d6b120d61f772407e0d2cb50d29168b68aef9f176b4c3aa8b21279d4ea9c1f669aa8c2c17d5b3a8d1dda58d26f1019af04b7774c85d5bce8be010f27c5211938031c3404680b01279c778bd1fe1b48c4b5b8e0fe756e54a8d76b7cec5e3407d93b4eadc446440607de844acf5524a4657e33af2115547b735b57b5092d0bc8fa6acb832509abe0882d570ce400aaebd7baff88526608d6991aac95751671174129457e4a03aca69d82b64b89e6ad6ed1e275ec5002e48170e4c7b4f3971481098dedb88fba90770e44bf404d5a97fefe2fe8e459fe45933b78c7ab5fe985a480193a20fb07da1455fb283df68af569ac82aa6dc703e29bf158931fb79f2abfa6ff7eb8c4f381c9da58bea460e2ead969933e5391970ca4fddd64da2e5df9c4d82044068caaaab771b37bb06bbe673056d849825525f1120b2250fc48520381f7a74b1c687781cb6b23e67b918844b83dbaeeb559ec8520d710dd6d6b4e64838bd434a36ed03fc0c488b24571032ffbc9f8ce97041e1bc4729d539358dc9599c1266b9ce2cb6dd0ad57a6e9d3d4a11a27f70b2934c96237e2ba09c58eeda678d4d08b6da99b7a86e946215afb1b48792fde54492e306cb5342e2589874b603a1de972b1f09cc350096f5c3e814118af9ba0793cfdf20c77b34eacfdf63ce59ec4d2f867bf884e941559b068d908325667672b5e1cf71f4829c0493e8b141489ed926b822becead7a0a2b4a4c008ab16b616d60f347e4da54f06443507efe57ea62399ef4eb11b2f559e1b056456a53998bf1c6d13c92e75136147f91aecf020000eb1b51bf700b3c0bf54bc3745ff313c5e75dc66386897f6ee45429371b8d0878c442ad2fe9baf85c1390da13efc353ccbef950c29f39ddf436f0d9bf1be1515ed251d8b6f11ecb16b1e8d1ed04196e9b6c2f9e068b7749bb6c1f533e493f22c901662c65cb761dc2eeff2f698bd4dbae83e2dfdc4f1c7f918a00515c1bc189d10ec22b35c92725cbf0ba244fd029c4f026f68e000000060000ab0476c3fd7f7c1e5c000000000000000000000011e43e39d3f4394fbfa13c416b1c443c5e52eea726491ad75100ebad7c6d5a665c59a3fb158e43da904f19e7e8daa4e90390b8da945f6cd78536c0d2be07221f85ad46b180f256d4d84592811d15d65896b66b63a46705338b67b72dc1c3075fcdc5cbffb0366151632ba5be8ae815dfea9fadfd31c473a24a73d3e5116c3023b3563c72d26fbd59877132bde5ca4ef8d92fd3613c768b35223f6fd0b5e9a8b98cccf1e2b4612e620e3a159d6365c9045aaa826aa0ee6d26cf0397ce674c20824584b464ebdc2f3ea26a7aec4570b242a6677a4e9187f8591c3a9bdc14a31ae7c034bb19da845de69d1300e4a8b6e345c2e31cdf127f77102ef0e576ed1ff4133599882c14943558737da0ed246603d768933b36d8f8df3add2e17ce644347c419a7795b6308d4455dc680be6ee2ee7fae761292d67249baedbd6c03ec95dc0966ccdb319aaa9f8a35b24cc7b7c9c47934a261aeff831dc52d9e54fe0d54641b413298432427eaba265f3ecbffbd3b8465f1acf2073edb06f65241744909ead745c68b260803e7369beabb2740e55e48450c9c3399cb70434463"], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x40}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001380)={r5, 0xfe, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd48175dc, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x38, 0x0}}, 0x10) mkdir(&(0x7f0000001300)='./file0\x00', 0xa8) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901) fchdir(r6) creat(&(0x7f0000002000)='./file3aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x0) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r7, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x200, 0x70bd27, 0x25dfdbfc, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) sendto$inet6(r7, &(0x7f0000000000)="eb", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 3.185000761s ago: executing program 2 (id=1927): sched_setaffinity(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0xffd8) mkdir(0x0, 0x0) chdir(0x0) open(&(0x7f0000000040)='./file0\x00', 0x40c5, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file2\x00', 0x10001, 0x85) socket$caif_stream(0x25, 0x1, 0x1) r2 = socket$inet6(0xa, 0x3, 0x0) setsockopt$inet6_int(r2, 0x29, 0x10, &(0x7f0000000000), 0x4) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x0, 0x1) r3 = open(&(0x7f0000000040)='./file2\x00', 0x0, 0x0) syz_open_dev$sg(&(0x7f0000000300), 0x0, 0x0) r4 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VIDIOC_DQBUF(r4, 0xc0585611, &(0x7f0000000140)=@mmap={0x0, 0x9, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "d3f61e4a"}, 0x0, 0x1, {}, 0x4}) ioctl$BTRFS_IOC_DEFRAG(r3, 0x4c00, 0x3) r5 = socket$nl_route(0x10, 0x3, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080), 0x8101, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0x14, 0x30, 0x871a15abc695fa3d}, 0x14}}, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000300)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @private, @loopback}, '\b\x00\x00\x00\x00\x00 \x00'}}}}}, 0x0) 2.866009728s ago: executing program 1 (id=1928): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) openat$dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$DMA_BUF_SET_NAME_A(0xffffffffffffffff, 0x40086203, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000240)=@getchain={0x24, 0x66, 0x0, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0xfff3}, {0x0, 0xfff3}, {0x0, 0x6}}}, 0x24}}, 0x0) r0 = socket$kcm(0x2, 0x3, 0x84) sendmsg$inet(r0, &(0x7f0000000a00)={&(0x7f0000000040)={0x2, 0x0, @dev}, 0x10, 0x0}, 0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000080)={0x41, 0x1000}, 0x10) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000003580)={0x2, 0x0, @dev}, 0x10) bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @broadcast}, 0x65) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000480)={0x0, 0x241, &(0x7f0000000440)={&(0x7f0000000200)={0x28, r4, 0x1, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1d}]}]}, 0x28}}, 0x0) 2.71230488s ago: executing program 2 (id=1929): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000000)={@loopback, 0x0, 0x1, 0x0, 0xf}, 0x20) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000340)={{}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}) r6 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0) write$binfmt_elf64(r6, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c46020000000d0200aa1e1c170003003e000839a59434d90a2742a24e000000000000000000deef14b40028e27ebdfd74dafc20380003"], 0xfebe) execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049e9) 2.690647538s ago: executing program 3 (id=1930): preadv(0xffffffffffffffff, &(0x7f0000000ec0)=[{&(0x7f0000000cc0)=""/79, 0x4f}, {&(0x7f0000000a80)=""/145, 0x91}, {&(0x7f0000000b40)=""/160, 0xa0}, {&(0x7f0000000500)=""/2, 0x2}, {&(0x7f0000000c00)=""/131, 0x83}, {&(0x7f0000000f40)=""/112, 0x70}, {&(0x7f0000000e40)=""/99, 0x63}], 0x7, 0x59dc, 0x0) syz_emit_vhci(0x0, 0xd) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) sched_setparam(0x0, &(0x7f0000000400)) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000003a80)={0x0, 0x1c, &(0x7f0000003980)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}]}, &(0x7f0000003ac0)=0x10) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x6d, &(0x7f0000000080)={r2}, &(0x7f00000000c0)=0x18) r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) r4 = userfaultfd(0x801) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_ZEROPAGE(0xffffffffffffffff, 0xc020aa04, &(0x7f0000000280)={{&(0x7f0000576000/0xd000)=nil, 0xd000}}) write$binfmt_aout(r3, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r0], 0xc8) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=ANY=[@ANYRESOCT=r1], 0x38}, 0x1, 0x0, 0x0, 0x4c005}, 0x800) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r6, {0x2, 0x4e20, @rand_addr=0x64010101}, 0x2, 0x0, 0x4, 0x3}}, 0x2e) accept4(0xffffffffffffffff, &(0x7f0000000540)=@nl=@unspec, &(0x7f0000000200)=0x80, 0x800) mount_setattr(0xffffffffffffffff, 0x0, 0x100, 0x0, 0x0) r7 = syz_open_dev$loop(&(0x7f0000000180), 0x7, 0x2480) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) write$binfmt_aout(r8, &(0x7f0000000100)=ANY=[], 0x1a3) r9 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r9, 0x29, 0x40, &(0x7f0000000540)=@raw={'raw\x00', 0x8, 0x3, 0x4b8, 0x0, 0xffffffff, 0xffffffff, 0x120, 0xffffffff, 0x3e8, 0xffffffff, 0xffffffff, 0x3e8, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0x100, 0x120, 0x0, {}, [@common=@srh={{0x30}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}}, @common=@mh={{0x28}, {',\n'}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@private0, @remote, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x2c8, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00'}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00'}}]}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "17449c9c2a05e759713135ea9408fe6ca9b4b6152370a8dc206c4db34042a37edc63bd17a99fdd947c344b24556921c070477e13b6acb2af09498a96130edac4"}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x518) ioctl$LOOP_CONFIGURE(r7, 0x4c0a, &(0x7f00000002c0)={r8, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00000014000800000000000000007f"}}) 2.597192192s ago: executing program 1 (id=1931): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f00000016c0), 0x3af4701e) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) r3 = socket(0x200000100000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) bind$packet(r3, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000100)=0x3c0, 0x43) sendfile(r3, r2, 0x0, 0x80004700) 2.245866059s ago: executing program 1 (id=1932): sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(0xffffffffffffffff, &(0x7f00000000c0)=@pppol2tpv3={0x18, 0x1, {0x3, r0, {0x2, 0x0, @multicast1}, 0x2}}, 0x2e) sendmmsg(0xffffffffffffffff, &(0x7f0000000280)=[{{0x0, 0x700003a, 0x0, 0x0, 0x0, 0x0, 0x700}, 0x4}], 0x400000000000085, 0x0) 2.243488715s ago: executing program 0 (id=1933): syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="03000096ebc2c66584601f003d5eceea86c5b4e4c22e7d73f8c4023570f400684f05afa738be36eec766c4520117c4509c8aa8113e9030f33d953fabfa1f8be7a4dcf4eacafd3b2610329733906bb2051dfe326329d8fa7e4921add887812104e226bf9cf3fab7af4a47805227c0b05145b51fadabcd55be1fd272b82f6dd32f35208d7aac762d4e6de900"/154], 0x9a) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1f22"], 0x22) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240), 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) gettid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000400)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x8) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x15) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x2, 0x1000, 0x3, 0x1, 0x1d48, 0xffffffffffffffff, 0x5fff, '\x00', 0x0, r0, 0x0, 0x0, 0x4}, 0x48) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1e, 0xe, &(0x7f0000001600)=ANY=[@ANYBLOB="b702000000000000bfa30000000000001403000000feffff7a0af0ff1100000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7040000050000006a0af2fe00000000850000007c000000b700000000000000950000000000000000e154cd844a954b26c933f7ffffffffffffff55bb2007ee51050512b5b42128aa090a79507df79f298129da487130d5f24bf901115e17392ac66ad029d1c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1efc5f9094fa737c28b994a8512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d6f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804d4a69bf9bc5fa77ee293fbd165a5a7c31de7910d1ed4065a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db3503680e5e5971ff4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dacfeb47479321a0574fb304bc2a1681989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f3de8726c2a61ec45c19f97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c6d294d3665016ac59dda0fde0745db06753a7ac7fe13cab6692422a46e9ffe2d4a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d4045c9bdce38c2153a6eee01738b0c10671f4f559b7dcb98a6273b8c5f1e24d9f679e4fbe948dfb4cc4af05c28308241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5490f6589880ed6eea7b9c670012be05e7de0940313c5870786554df2623d58f5ace92d028f2c71a6ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77962a2cd8a104e16b77d5f7f13b1640d43e11801140caf1a8b1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b905fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af0a77fbcf2cd1d0000002000000001c800000000000000000000000928ee53595a779d243a48cea769470424d28804c026ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf34117a82a96b2ced73abb8e4bb718d6ee7aebf9ef40662d7836d252c566f5ee938a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da2022f23daec61854f640f701db0276652f6c74f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7eee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab50fe82d5a96b09c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada209bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cdfba05e3633be3f00000001762e5f5a3a0bc33fdbe28a5ffc83f2f08544eb2794e7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5d81e750d50515a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f85d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d801002653c4d9818708e27c89b552d3fcd11ebce9c764c714c9402c21d181aae59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff2a8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4000000000000000749efd3763655500344bae34137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b850580994484305d7a1759782ae57773e0d8b0ab900edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af0bd91e328b6a6f732a91f0e2e9120be61e58c79d497247d278888901d44bf77ff246605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c2d0836395fe39f0e11c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc71300000000000021000000b12f0ec0412268860027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b50f3ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861ddb54684cb73e7aeefae47fa09fd88e6043bd52ae84c1bb0c8a6b769f952283a1f4e3842edb3d42c68a2102fa1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e81163bde261fd00000000007271e28ef6806bc8e139c49b91c76b0d3958f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d1b8b90bc0df4c4b51b1f922a44ec675203bf8d1548e49262727c3de6daab3b4ed15aa99802e45d0620617e839b5237ddfcf103c91e61d174e3be6c9fd47398797e3b814e751ff31ecb42de6dd9d6b88121aaa680c236a303914e00150e1ec3f144ebc28287d5b51cfb8cabb844d12b140767d0fc24425590024b2e431722392489e3d43b3e31438a0138988083c47c61384d54e9a40fba01cac6e59ec82edc764840fe551c1d57442970cd8e59b9f41094e158c0a1ee855d8515599685486c2a21fa1c107531a0db8306441e8408b34aa90e9736e672d74cb8e78f8bdb93a23d024fc200796836ab396911a56231e953efad6cd83db32ffc595d970108e9547ea0000002730d5d1b70fe8b458ac1651135037b6cb9c8053299f77ab84c5b9fd2f764c3caa9c69377c397d310ddc7bc4bfa165def7b49e28ef196ae263b6829a8419d8860f56c86c288964ac4bc19839d96ff24b981c3a4fd6f93a000000ea9d6b06dafae4c91177"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0xa}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x34, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x50) syz_emit_ethernet(0x84, &(0x7f00000002c0)={@local, @local, @void, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, '\x00', 0x4e, 0x2f, 0x0, @remote, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x37}}, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x880b, 0x0, 0x0, [0x4]}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, [0xb, 0x3, 0x40]}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x86dd, [0x6]}, {0x8, 0x88be, 0x2, {{0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3d}}}}}}}}}, 0x0) 2.019708418s ago: executing program 1 (id=1934): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r1, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=@newlink={0x40, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IKEY={0x8, 0x4, 0xffff}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x40}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000040)=0x9, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}]}}}]}, 0x40}}, 0x20044040) syz_usb_connect(0x0, 0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000e8445a40ca0735a8fa21000000010902120001000060000904"], 0x0) syz_usb_connect(0x0, 0x3d, &(0x7f0000001540)={{0x12, 0x1, 0x0, 0xd3, 0xc4, 0xad, 0x8, 0xf11, 0x1031, 0x7c0c, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0xff, 0xff, 0xff, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "8c9be78b85"}]}}, {{0x9, 0x5, 0x3}}]}}]}}]}}, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r5, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r6 = socket$inet6(0xa, 0x3, 0x84) setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000100)={{{@in=@multicast2, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@mcast2, 0x0, 0x32}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8) syz_open_dev$mouse(0x0, 0x0, 0x0) dup(0xffffffffffffffff) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write(r7, &(0x7f0000000000)="3f000000010040", 0x7) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, 0x0) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) shmget$private(0x0, 0x2000, 0x100, &(0x7f0000002000/0x2000)=nil) mmap(&(0x7f000097a000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) 1.228058607s ago: executing program 2 (id=1935): r0 = socket(0x10, 0x803, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x10}, 0xc) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000340), 0xc, &(0x7f0000000540)={&(0x7f0000000c80)={0x180, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x38, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_NET={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_ID={0x8}]}, @TIPC_NLA_NODE={0xc4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_KEY={0x49, 0x4, {'gcm(aes)\x00', 0x21, "e6245b66d3d5f86ba451e347a087fe1c5035bd2888c106120bcc8a64f1cd4b9bc7"}}, @TIPC_NLA_NODE_ID={0x6d, 0x3, "0d70de683fb363478394087a577e0ec7fe9eea08ed9e3bc4dc8db3d9f489e376afc7b258da0f1cbf9e7a08cac6f2c6c46a73c1ff87b84c13be20cfda38e31c023e8da0df0d485385d63c576f280ec36e7d36e484454cd735daaa62950e95973cbe8cebd52f07fcf6c4"}]}, @TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_ID={0x8}]}]}, 0x180}}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x1c}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0xbe8}, {&(0x7f00000007c0)=""/154, 0xc0f}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) 1.202541414s ago: executing program 4 (id=1936): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000540)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10) write$binfmt_script(r1, &(0x7f00000002c0), 0x1000a) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x4, 0x4, 0x3e8, 0x200, 0x200, 0x200, 0x300, 0x300, 0x300, 0x4, 0x0, {[{{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local={0x2}}, {@mac}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'bridge0\x00', 'erspan0\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00'}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local}, {@mac=@multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_vlan\x00', 'ipvlan1\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x438) 1.137524699s ago: executing program 3 (id=1937): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) clock_gettime(0x2, &(0x7f0000000040)={0x0, 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=ANY=[@ANYRESOCT=r2, @ANYRES16=r3, @ANYRESHEX=r0, @ANYRES32=r4, @ANYBLOB="0800050002000000"], 0x24}}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpu.stat\x00', 0x26e1, 0x0) close(r5) socketpair$unix(0x1, 0x1, 0x0, &(0x7f000000a300)) ioctl$SIOCSIFHWADDR(r5, 0x8b37, &(0x7f0000000600)={'wlan1\x00', @remote}) sendmsg$NL80211_CMD_CONNECT(r1, 0x0, 0x0) syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000900)=ANY=[@ANYBLOB="50000000080211000001080211000000ffffffffffff000006000000000000000700010071f949364f2115f8e26f0006020202020202010802848b960c1218242d1a0c000d0600000000000000040088001900000001000400000080"], 0x52) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380)) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000340), 0xffffffffffffffff) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000380)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_GATEWAYS(r6, &(0x7f0000000440)={0x0, 0xa6, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="0107fc000000000000000a00060008000300", @ANYRES32=r9, @ANYBLOB], 0x1c}}, 0x0) sendmsg$BATADV_CMD_SET_HARDIF(r5, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000480)={&(0x7f0000000640)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="000e2bbd7000fedbdf2310000700000000020000ffff08003c000100000083366e9f46236b8d4aaf19c917c58ba63f7ccb5d020b54af7d8ce769bcb2a2c3b350437b10722439df10164f1de2a105bbd9b55103618011feeb1abc9ff13d8dee72accde5b51abe087165e0141695fd6fcded680b7e4ef27b44c3b4a1d71089f76ca09c48eba2c15463a3288951b42cc8740dd205333ae97a059240dfd3564a"], 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x40054) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="160b00000000000000ce4bb60919ff8ef40d4d1fa480ba0000000000e6a78e81dc301a17e4cbe7e0b3d80099d4c3db7d1190d920ee0d1037d68a3bdff58b9644ab7a4f849870d8d57bf479abfb3793a0423431e5144addd0694d060000000000000081043a718d03fd0c096663961ca9a50982c86bb615a0306190077f5a22230ed4373df1046ebd12b344a4adb5928f88b8a9c7420a66ec5818c4e5a03eee7e61566dda6148a3bfe243a34a608d44f15ca9d7fb12d18c1c02cdf4e2bd07df04000000b0d2cf", @ANYRES16=r11, @ANYBLOB="010000000000000000004a00000008000300feffffff0e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x3c}}, 0x0) syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, 0x0, 0x0) r12 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/pid\x00') setns(r12, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000000)='maps\x00') ioctl$NS_GET_USERNS(0xffffffffffffffff, 0xb701, 0x0) 943.600135ms ago: executing program 4 (id=1938): r0 = socket$netlink(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000900)=@base={0x12, 0xff, 0x4, 0xfff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) syz_emit_ethernet(0x44a, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaa00aaaaaaaaaa0086dd60cb653e04143a00fe800000000000000000000000000000ff0200000000000000000000000000018600907800000000000000000000000000087db4265c9f6aa3b46521199ea778d105c24ac1fd5315e8b977edb940e63f49a7129f45462e5eecc39f468544e3c13aa9017ccd638e784912ef2c2589d0d45cf0ed4bbe90921800000077130c3818a2eaac43f1a6efc4f7772852ea05bff405aa28758ba53e0f2060e4e027f24bb723a5571d0da2ebeb3fe47f34e606cb3987e3681841f511126b773758e143f6be25d6965fcca35155fec3f970e2067f5db8a5de787eaf96b5957e6b988c02ae9fe26ec3118d9fdcca129d1269b290f687cde5b4eaba737c806335ca0d1e43697d144c6df4dc0d31e84004bc22e87b6e2daab5674479c76a1be360d309e7e7e5fa089032b331a3ceea18d92124681c0b78a0f1665ffcba0bee11950f6b4912bb302b3e648fad7ff4862ccc823e720fdb20af8ab0a6a09dfcdacf69923d60a0efeacf81e1e7e17db9547a4962bdec794c013af7210e54d43f3fe7da2f88c674f4cfd818f6a7461368bf62f1d5f98fd9394eb74bf0559f1c6b1ebec57dba007f143108ca4be3fa330cc21a411b0b7af23ebd9282be17fb702a5ca61650b283eec78e0280e4f2713b42bd4e3615c48c55c1abe5827601038109736f9c6b7242e7c9c917309397b864eedf5ca71db1debb609b6381b54955706017731319e0cc41083f99bd11da748b47d8715080899eb15caf19df36632b73bb22596b8e16186a2e51e277f8c78df609ca44a83914e8f7a8b053210573941b560ff8b114326678c6851c74596300b1c2a1ddc0af5b4cb5f15fa61e42214341368152275070973f3063f35fded9eeb535a0837783921dc2b705e0a0ceacca1882ff23813bc9199a9be39559c9f82a7452ce6113780cd7d26f532b72603afbfe994f5baf7257c9a33b9ac1ecd0b69da263daa9ac7e6a8d4400341926ed1f0c0e9086009c7945c0b255716f5b0dac45a9af480dc1f17beba2a2cddeafed29ecc91ce704895e28d0c46e639591c667a7f34500ea98ef557801dccf733fa61f3cf6740e40418745a42a738440ba9fc2ec415ba0fbf34800e6987b902302d552cf869eb350a9a862cd946f8285b03f03067dc9bae653dc701d97c7e6f7c1f0767624ac9e48b041c51697968b1e1733921270e569ac0b1ac7c25d00936ad05f14d67d3225d6a8cecd9fb63205ab14131e2e742977860e4a38ec056cda185aa357a059d0180056816a7902bdc0951253005099039bd945a6a4e525123cd4fcb8c5b335626464707fc21e92039b9190020eb9ef84c61cddede466a4c3ea2572927153997c33433ce9de0a7d2ed0b5fb0dce9cc6630bd0635a66be0cb490689169618184e896233d49b8f0e0717ae5d557333d54887ed8d983ee01091326af86e76583131104c66753efd58c32e499be23a05249b98e505c4c0237e2e70506fed29a33169d02b74ba5cbefad267e1107f4468e1144ece9656d35b88e405405fbb143"], 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newlink={0x50, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_FWMARK={0x8, 0x14, 0x3}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @local}}]}}}]}, 0x50}, 0x1, 0xba01}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000", @ANYRES32, @ANYBLOB="00000000000010006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0xe6, &(0x7f0000000140)=""/230, 0x0, 0x8}, 0x90) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) unshare(0x40400) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x4, &(0x7f0000001540)=ANY=[@ANYBLOB="18020000e2ffffff00000000000000c685000000360000009500001800000000922ae83713ab9600010000801b10fb54a8cb72d232ad558c46fff4208d4990ec11ce9413ac30e00bd0081f8504e19a5183d769676520e98a263345e44d5ad12bca35510100c4d86abeb12303ff1c9fe0d0020000d60400000007d3670000008aff66d6b3181ffc1d62a3954c1198bbc4fa13aee48ca9e8969faebf3183fe803ab3f5024b52dc265b36fc9dae00a09404f01f9504d0976d252bd8d24538556e5e57bee3b8cf464ef3c6a7def8bad3ca6e3abdb21696e340bb8e2a093add57196b40def3858ef569147fa4108328392d322ab5df10a2f69a6bdf72ee7944e810d0223917c3d042410f57466f59544047d6d8ac44060000000000ee16c729300d2301800000000000002b5a8b05fcc154ad5290a8cdb97c343f454ff69dd6cbde49b28a6cb5f4fc0001745cff6e00e7ffffff0000acf3209a08439f1ff01779b6f6df7e02aa6d7760525b595fe1f697bc114ed1778e97a3f0395f946974cfb458be2a34cf924dc37b5592bf17956f3547497aba814382ff67b345b677a9d6523d87008000000400000000003fe8613ca29ff92be0d8deffff7b68136b0046d535dd39c0f35408869e9b342b953f91447e6b9eab304f134306320600a44095254b45a6c1312a13696c7202df5f764713504facc532c5a6d44d99ec7530ed7b0311000000000000e54e9072a22d911f4a2c2e2fa806e63c5cd98a8569a6d6bcfb000064885117e2ad910eae67e0ebe380d0f648713e68153579e02d71c58d147b00821ab9a6475b31e1ebf1369a04000000fbf3983f283f2f00000000992774814d63c933912d000006000000a66acb0a38856929e7d8b1b06c9bd5d7e5490f3b8596b694ea9483bd4bd287c83dd998a74694d18bdd8ad0983bc90770bbd26a82b9d99d5fc04563b523c47ef8c33400e90d02000000000000000edf1147a7afe772cd45af8aeffe2753088e02ca6bb2feec446ce7dbce66f0a93a03371320980865c7c62ea4d8f8a864dce9fa85aeb0454349100296ee2dba39c3f6fd6cf96714e11fe03b5062809a7418b165dd0336d226bac1e1223be1c97b15175d0e664beb126000e96549e1a1228c686edb475b705eaa9515c96f4fc6b3c925ea404e0f1de61026dc6c6618580fd6ce9eac602c1756f6d1056712412131ed9925989e01eae489ec7052e0ed72c326c7a8aa63999e2297c54ce1822d14b7c7699a9d0600f11f2e7f474cffbc35bc8623cd5eb68af82275a940be0400000000000000bcc3fbe7d90de96d6a8e9f32f18d1f606b381e4903b500000000000000000000004a2357ba5f6000de1cfa88b7165dcf4f2aaee86d4802000000000000008fdb686d5da2a42e4b5024b6535811f362201d4f82012e6af704973d04ea923c19e6cb723c1923b3eea2d73e176dff383c9fbbac53dfdcb1a68c98e96fe39eec23963faf3ebed3409144c7c53d6318ced678a621450a9b01e9f2772e5f2999d3435da02556e36c3215d2bd4e96c93bff3ad04a82ff3cfadcf65eb92adc6c68d66b11cb2d7556414a86dfa94bb7aa52c7febb1e9b2efcbbc5bccf9d39bed802f4f056976a9a362ee9cc624ec454b90200fd9603f96908bddc14500000000000000000000000000044d917c62b27679913075731e8fddb07c10c82002d60181588ae63a440454287de9e340f611267f37bdd0f2d21cb06fcaf45a0a297e396f428d43371424b307eef82c5d6d19f3ef0d3b8f7fa51957e3099caab31133b34a1d3eebc0f0c9056df2e9667ba0b55695c78d4010079b07e7aef7785e2486472b5cba1f3346c1e8e23deb8c82bb6eb2c72c484241dc3b66da78260f800fffd39368b952f6f4a10295c50c887a31d8b543c5d10f2dbd4d0b84eaad43feb6e169a9f2fcff7000000000000000000e011bc6366f56fa787f212c1f8c0f47f50b1e9b5d841ea55fe569bb7bf1e78191c8a02ad436725771738a2a98891971e3b932352896e1ea10f62e8ef7a87e16151b39d6c27575714540d8c293a3fa4b5a825360423c1cbc8b5d19167152823ed853140edda002c16c842b168bb55f6bb713deb57d0aa78d6d4e5fc5be2c402bd246128f41bcb02000000892b135a92e8c844938aa98ba4839a1408a696454d40e5eed4d4dce481ca86bfac54c330331b7f2cde17cbaeb0377696faf546ecbe742d73d47d726a50f6e752f3325255bd7e8b5923aa3cfb6f7e06494f21ca450139c558000000000000000000000800000000000000000075aa0000000000000000000000005560bd9eb81e839e4992e64b074a66cccccf00334fa94da8477be7d99b558ec6a5b1596ac1e7617c6b32eed0cc70286caf2c5189a103f4b0b04aff171c4d388ccf67fea37e782f025c04fe8ba975cf616c7134d6934e2594c853cde330a193a967d907a8c88fcb033e680f559a72150cb900bafcd536f48797915a2fe9922ce27300009e1b36aa4730117d9b00000000003c630000000000008fbbd11b015c415ca04192fbfb1a8b0e3460af35771dbac10062835c9bab3ad09f7a022c52d800000000000000000000400000000000000000000000007be52c0d05b4cd120400000000000000000000000000006ec473c54399b7b8aa1ee46132fc45da8292631178cecf19550108b8b8423de42957ffe9bb6d752e68d2bc2ce777a17bf4dfdfee5de0f3e4dadf51ab03d2165ccc9562827b762fa611ba5f32861c19dffe1dc9fd5c41cd46cf131fd6b0c2ddad90ac33f768f9ecc70327c59918fa5a249befe98262f53c8182d95f6da3698a6a88c2c31d801a8f1f5e0ce05138d5422da0a6a62b9dfe1f39775d1d0c9186096415f544aaf76b0a1c877a6c826a5adcfb22c4a0e5a46271caa3eaf4f389dd5f3c20dbddc0377a4266d7b9fd61b9287e9b4be0a413ee31be0ddecab0ef7b25cba1fb3654ddf291ecb7768ac1e177042cb4c452fa6b396695000000000080ffffff87da23d6855500fe8510b51e13a890e394b84a6ea2cc8d42b97c697c29122298d55e2e1cca8e07abda2606a3f381c64b9fec0000000a7965e4854e8e3572ad5149b3872342dea9252132860c9af1bd5fe263c0313dea5d6e0c11a466d6892ed65f34667dd79b07b5cbdd8aa7dd561a26b5562d4861a7e1b0f48930e0b696ea3bee7eb72794e163d7aeac9a0fa5403ac9cb421eae283b0550f1d0d339cd7b96e71d3ab48ad9d7975e0c9b117f71d3ab80a0c9b0284ecc469fa6181c9c71fce07a6ffb23296a107763138e8d9876291af2076890c47925ac773d95d2ca42acb3e5f3a1550665b898462c139ffd0106bc8a61b6117d252efcab7106b4c3a3c13a70ff452e9d2096142c517b0e91b5cf88332faca5b3ee96363065c3ce32d3d39ec36e20d597e05664f2526bd918090649da11f7299789d00f5024df1e99d3efecb9b457642fe810370ba4fbe00fa60a28af966a27a1659e448bbe43a1dcd2ea760018b57a36ac41ef2051a7b703d55c0602540663016e20d50385766df4dac47802a55bd38dd767ee9960c6daa704fc5d01a1459134d1b9edfde3be9e25a110228c64253588ff420644dbc0854e69a7bdda72f93ceaccf92cfe7dd6296c950db10f6dd8a5ef9b73cf6a12a1ba16fdc7e35b805f4fd2fcff0a623722149c1465e4de2d53f0f10b14c21865027abc71a12cb1e9f8029c7a20000000eeb0d53a83e518c8d2052c08b515d9d0bde24ac4e798040c7db0bb03c019507d6377f3d5dd94a27abc6d6b120d61f772407e0d2cb50d29168b68aef9f176b4c3aa8b21279d4ea9c1f669aa8c2c17d5b3a8d1dda58d26f1019af04b7774c85d5bce8be010f27c5211938031c3404680b01279c778bd1fe1b48c4b5b8e0fe756e54a8d76b7cec5e3407d93b4eadc446440607de844acf5524a4657e33af2115547b735b57b5092d0bc8fa6acb832509abe0882d570ce400aaebd7baff88526608d6991aac95751671174129457e4a03aca69d82b64b89e6ad6ed1e275ec5002e48170e4c7b4f3971481098dedb88fba90770e44bf404d5a97fefe2fe8e459fe45933b78c7ab5fe985a480193a20fb07da1455fb283df68af569ac82aa6dc703e29bf158931fb79f2abfa6ff7eb8c4f381c9da58bea460e2ead969933e5391970ca4fddd64da2e5df9c4d82044068caaaab771b37bb06bbe673056d849825525f1120b2250fc48520381f7a74b1c687781cb6b23e67b918844b83dbaeeb559ec8520d710dd6d6b4e64838bd434a36ed03fc0c488b24571032ffbc9f8ce97041e1bc4729d539358dc9599c1266b9ce2cb6dd0ad57a6e9d3d4a11a27f70b2934c96237e2ba09c58eeda678d4d08b6da99b7a86e946215afb1b48792fde54492e306cb5342e2589874b603a1de972b1f09cc350096f5c3e814118af9ba0793cfdf20c77b34eacfdf63ce59ec4d2f867bf884e941559b068d908325667672b5e1cf71f4829c0493e8b141489ed926b822becead7a0a2b4a4c008ab16b616d60f347e4da54f06443507efe57ea62399ef4eb11b2f559e1b056456a53998bf1c6d13c92e75136147f91aecf020000eb1b51bf700b3c0bf54bc3745ff313c5e75dc66386897f6ee45429371b8d0878c442ad2fe9baf85c1390da13efc353ccbef950c29f39ddf436f0d9bf1be1515ed251d8b6f11ecb16b1e8d1ed04196e9b6c2f9e068b7749bb6c1f533e493f22c901662c65cb761dc2eeff2f698bd4dbae83e2dfdc4f1c7f918a00515c1bc189d10ec22b35c92725cbf0ba244fd029c4f026f68e000000060000ab0476c3fd7f7c1e5c000000000000000000000011e43e39d3f4394fbfa13c416b1c443c5e52eea726491ad75100ebad7c6d5a665c59a3fb158e43da904f19e7e8daa4e90390b8da945f6cd78536c0d2be07221f85ad46b180f256d4d84592811d15d65896b66b63a46705338b67b72dc1c3075fcdc5cbffb0366151632ba5be8ae815dfea9fadfd31c473a24a73d3e5116c3023b3563c72d26fbd59877132bde5ca4ef8d92fd3613c768b35223f6fd0b5e9a8b98cccf1e2b4612e620e3a159d6365c9045aaa826aa0ee6d26cf0397ce674c20824584b464ebdc2f3ea26a7aec4570b242a6677a4e9187f8591c3a9bdc14a31ae7c034bb19da845de69d1300e4a8b6e345c2e31cdf127f77102ef0e576ed1ff4133599882c14943558737da0ed246603d768933b36d8f8df3add2e17ce644347c419a7795b6308d4455dc680be6ee2ee7fae761292d67249baedbd6c03ec95dc0966ccdb319aaa9f8a35b24cc7b7c9c47934a261aeff831dc52d9e54fe0d54641b413298432427eaba265f3ecbffbd3b8465f1acf2073edb06f65241744909ead745c68b260803e7369beabb2740e55e48450c9c3399cb70434463"], &(0x7f0000000040)='GPL\x00', 0x4, 0x1000, &(0x7f0000000300)=""/4096}, 0x90) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001380)={r5, 0xfe, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd48175dc, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x38, 0x0}}, 0x10) mkdir(&(0x7f0000001300)='./file0\x00', 0xa8) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901) fchdir(r6) creat(&(0x7f0000002000)='./file3aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(0xffffffffffffffff, 0x0, 0x0) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r7, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) sendmsg$TIPC_CMD_GET_MAX_PORTS(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x200, 0x70bd27, 0x25dfdbfc, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) sendto$inet6(r7, &(0x7f0000000000)="eb", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 874.968686ms ago: executing program 0 (id=1939): mkdir(&(0x7f0000000100)='./file0\x00', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000318616f60000000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000000)={0x13, 0x10, 0x7, {0x0, r1}}, 0x18) r2 = socket$inet_sctp(0x2, 0x5, 0x84) sendmmsg$inet_sctp(r2, 0x0, 0x0, 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r3) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r4 = inotify_init1(0x0) fcntl$setown(r4, 0x8, 0xffffffffffffffff) fcntl$getownex(r4, 0x10, &(0x7f0000000140)={0x0, 0x0}) r6 = syz_open_procfs(r5, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r6, 0x4004662b, &(0x7f0000000180)={@desc={0x1, 0x2000000, @desc3}}) 652.991312ms ago: executing program 0 (id=1940): sched_setaffinity(0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r1, &(0x7f0000000480), 0x2e9, 0xffd8) mkdir(0x0, 0x0) chdir(0x0) open(&(0x7f0000000040)='./file0\x00', 0x40c5, 0x0) openat(0xffffffffffffffff, &(0x7f0000000000)='./file2\x00', 0x10001, 0x85) socket$caif_stream(0x25, 0x1, 0x1) r2 = socket$inet6(0xa, 0x3, 0x0) setsockopt$inet6_int(r2, 0x29, 0x10, &(0x7f0000000000), 0x4) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x0, 0x1) r3 = open(&(0x7f0000000040)='./file2\x00', 0x0, 0x0) syz_open_dev$sg(&(0x7f0000000300), 0x0, 0x0) r4 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VIDIOC_DQBUF(r4, 0xc0585611, &(0x7f0000000140)=@mmap={0x0, 0x9, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "d3f61e4a"}, 0x0, 0x1, {}, 0x4}) ioctl$BTRFS_IOC_DEFRAG(r3, 0x4c00, 0x3) r5 = socket$nl_route(0x10, 0x3, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080), 0x8101, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0x14, 0x30, 0x871a15abc695fa3d}, 0x14}}, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000300)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @private, @loopback}, '\b\x00\x00\x00\x00\x00 \x00'}}}}}, 0x0) 48.631677ms ago: executing program 2 (id=1941): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x3a, &(0x7f0000000240)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0x0, 0x0, 0x0, 0x0, {[@mss={0x2, 0x4}]}}}}}}}, 0x0) 14.77042ms ago: executing program 4 (id=1942): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=@newlink={0x40, 0x10, 0x503, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IKEY={0x8, 0x4, 0xffff}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x40}}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) set_mempolicy(0x3, &(0x7f0000000040)=0x9, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_GROUP_ADDR={0xa, 0x14, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}]}}}]}, 0x40}}, 0x20044040) syz_usb_connect(0x0, 0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000e8445a40ca0735a8fa21000000010902120001000060000904"], 0x0) syz_usb_connect(0x0, 0x3d, &(0x7f0000001540)={{0x12, 0x1, 0x0, 0xd3, 0xc4, 0xad, 0x8, 0xf11, 0x1031, 0x7c0c, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0xff, 0xff, 0xff, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "8c9be78b85"}]}}, {{0x9, 0x5, 0x3}}]}}]}}]}}, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r5, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r6 = socket$inet6(0xa, 0x3, 0x84) setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f0000000100)={{{@in=@multicast2, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@mcast2, 0x0, 0x32}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8) syz_open_dev$mouse(0x0, 0x0, 0x0) dup(0xffffffffffffffff) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write(r7, &(0x7f0000000000)="3f000000010040", 0x7) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, 0x0) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) shmget$private(0x0, 0x2000, 0x100, &(0x7f0000002000/0x2000)=nil) mmap(&(0x7f000097a000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) 0s ago: executing program 0 (id=1943): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) io_uring_setup(0x497c, &(0x7f00000001c0)={0x0, 0x0, 0x2000, 0x0, 0x21f}) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000a80)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8}, 0x1c, &(0x7f0000000100)}}], 0x1, 0x0) shutdown(0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f0000000340)=ANY=[@ANYBLOB="0000010040c3f2be96f36c88a50bc51cc1e42968f148337dedb747e6c68f6541a3387929b2"], 0x9) creat(0x0, 0x1de) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) write$P9_RSTATu(0xffffffffffffffff, &(0x7f0000000980)={0x23b, 0x7d, 0x0, {{0x500, 0xfa, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x04nodev{cvfox%\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xcf\xab\x00\x10\x00\x00\x00\x16\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x5e, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x9d,;\x9e\x1dR\xc3\xd6\xda\x9b\xf6\x99\xfa\x88\xda\xcel\xde{\xa4\xa4\x00\xb4\xb0\xb4\xdb\xf6\xc6\x9ai\xd0\x17\xce\xc4Y\x06\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1a'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x23b) writev(0xffffffffffffffff, &(0x7f0000003480)=[{0x0}, {&(0x7f00000034c0)="50bdc2efb8d0fecba7b9f07a11d112390f893112a87c4a10d97d6bd1cab082d5766613a937e7a6767af05b68c4338a3c306fec8bb9b83d8f28a04683cbd386d1d8e427b02d3ff427a0569c1682e4dcc4aa4757a01f0ec405b764df476ddc99387f04b96c82a87b3945b849965bf6320d38c85cbe36014658c0df25ec9415a444d6be387de48cac69f15b6b1d45c0f8e62b54f0ca13368cae0645969feb781db89a70463e42d3197672063faab45c46b5c3e621282991cdde50f9af1a12760812b23b29dd4fffe2a0cb4474e9fafdaf2083280a3be1f0a57329a984d2ef5e62186ac555a55e8a273c0834f2da14f0b8b6242a12cc1af203bc142cef6c0048d3e56fcb85e0deef0fa9f3c18f9a7c04caae4d57d3d4b139660a533aa9e25045e93e1be2261e166c6b7ac7855446fb863c0e6ef7c8137202ee7c52450c78c89d8a7aa278b5511e9b769209ac0747084b9c553150d8a6f060153252b4c5fe69a0ab271f85b7400358206e9d220b0065b3f94657afb4bf982e641cbe07c8f3e92b17e7e2c49174fd3bd89719d465f6de1708e1e25ad6185203cd51b939d485865504efc571ecc5915767c3b0dbd097e80c38532d7a322e48fab7a6811816d6247a644864248d635bd61b46ab09bfcebf86e06c08fb112d072365afa6bf1292f540586e16bc640f031c740a04bf61df1aa00b99ff99a49c73d5dffd1523c6d5c2d028ce3577110f15447cd87914a5534f45d9e69a8e51bfdf343f70c7c4a5ccbc62b4ad632d48f93a38361907ed686b76cda7ed98df7f04d881712280db912133fbbcef41e918e6cda8a1b25da503721e13bad3dee199f9357260c4aa7ebe23ec5c13ed13f33f9176ef2cbdec432fd6d07cdabbb051985fbd4d69f9eb09f3d6b1e78870ac6a59eba73fa5df0d1a708d2673684856cf504a2d3bcb0038605831c965e8e0c6090a0457462a6ea7564f57696219af371c120cd4565d1e278f233d738245b758e6e6b4d7c434fc5ecaaf72cc57889d10c1e2c465a12fdb25d0f653e464cab62a4179f5bab38c560a12dd5852ed2684c30787774690cb7b4f9b5f4c573759a60946d7e6708d4c520354cd7b310986ecb5569f3ba1e322ccd2282fb8ca57588b21c46ca0bfc1d50bb43cada0ca6c8337d66e6829eadfab60c38bbf58cad9e611b3ed84dd8f00be795673b5a611ebb1e11a54b533d9d064b5df4d1203bbf1f82a9f63c178e9441b538539193b28b70a6045e6c8f1cbddf97ff79525801bb9bbf59ed76fafcc29c8317f3f50ef5cedf5f767747ecbee95bbf7251a92382ab1ee0ac10c206ee6a4cdd4ac3fa8607c66ba19309fb0fb646c787d226d55b9f8158a3835ee5d1565f5c4fb41339088f06cc89c670da67fe33ce1f20327bd989de43e6a62a135e0ff3d3949b08bc6d46aec46ad100059cbf987054690de9764ad56dcecf5afcd19cfad537b571f324858908b86213b7420e12733cd6a192bf1f69651ea1043b9fb12bc29ced691f7ee3eaac4618732f173c424707bcac7cea3e023da9af43a7e6c465feab01f246adaf8d573e5aa578af8b36ffdd39c1d48787739bae6582b63cb7755a9ddca85a0614994d793b8f023a0ad28b5e2172a06d59ddd646e8e8de0022902f6016d60019c4ec2a753d41ddc47303d4b490c116083eb19dc36e0805b4b748f47189d288db04be485cceb5a0656e0466877526b6395bc9053cd0d703127eb912964c052442535d2d03b89cd4e1a63ceefaf043509416f79dc7507c0f84dbe881bee0d73b4e40c062d953ab2eb631bca3d71aa08bc903953cc0cb71b04b11123f5ac9ce03501c7c706130808bba16f2ccc7b0b7a5da5ca9e48e46d08f04be516249298198cf8487e3361abf2071f9d41974e9ecde5db520960eea20028ab27517b7a8ea820209107a79da17bb2c4fd11da3a4b7f71c211517c7c2c823efa85ffc100286a987a81fd266f3df86704af9a227b06f93d6ab9a220f9572591e2628233691ec5cbd04220143bdcf6b7cae2d562b98c2db8cb7534d4774159fb6b47efb7a2bcc2b8726f9dfbf68b96b3341cd9452765af2c48a2430f242facd2ef9bfb99edb16ba68c4cc7f098b4d561fc04e51121fae6d25fdff1c86e13f97c1b432c006eef5424662f657143ea858ce7e3797f40089facdf96fa10eea15a20d107e89eeab1526939f6f46cfdac6717691d8aa01819f1992d1652ff3b02661e209633270dae9b024e11933ab0f11487d488c60927ba56b12add87e89503e1d2075cd68b48da65a150c798b671effccb21332c980b59250cce776df49d4d6e958172508d325a7dc7ca539dd89db8a0a22022b9cd2b1a545c8e10d3e836b2f7f379c1d868f90dfde77c157d03a72c49985607d2fdfe31ec68acf31dba08755a63fe2acc8682ddf707b1a1e81a7fb1cc51aedb44c354bf053a2fac29845322ef612b89c5b70fac061075dd7ad7c715534d801850deb118b7414369b0357e2694d88bfffae67e82fc82202286459c8cef40ad588f750c7f50d8107f0c9c51c345d101772b921d69954ff8c41bc6fc49a8b101176f60f15515e726c94ac27a6ddd8f03fb47ef616b5d17cf00e78d8909518082ef86e32c42b8dd72c8ee084171ea61465ca3b4169b6e3abd300a1c2247ee45eed29948355096f6dba394a56d8df4addd4529d834ec8f27d4957d81fca5091004ad3ecc98acb72392689b8145a5a9ec8736464c6544a64ca40c44359429b91690bb592707c6f3d93a85766ca6a754f5bfa8824d8ca6510df9b39abb5c84281f61100507d2014eba19031e654601f0c7d7ae9c45ebbe587fbc2dd299c14c8af310c5ac41be08ea71ca18fe732eeca736af024bbafc77e38883647dec12", 0x7f0}], 0x2) r1 = syz_open_dev$video(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_QUERYCTRL(r1, 0xc0445624, &(0x7f00000000c0)={0x8000001, 0x0, "679c51ecbc83d1e22e845e3ede57135adc714d432546da16827000"}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x4e, &(0x7f0000000000)=0x1, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0xfffe, 0x0, @loopback={0x0, 0xa8aaaafffeaaaa1e}}, 0x1c) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f00000002c0)={0x34, &(0x7f0000000500)={0x0, 0x0, 0x2, "ef26"}, &(0x7f00000001c0)={0x0, 0xa, 0x1}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f00000007c0)={0x44, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x2000006, 0x10, r3, 0xffffe000) kernel console output (not intermixed with test programs): 5130] usb 2-1: New USB device found, idVendor=07ca, idProduct=a835, bcdDevice=21.fa [ 393.133899][ T5130] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.161326][ T5130] usb 2-1: config 0 descriptor?? [ 393.209806][ T9412] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 393.224315][ T9412] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 393.250346][ C0] vkms_vblank_simulate: vblank timer overrun [ 393.307237][ T9412] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 393.412478][ T9551] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 393.460320][ T5080] Bluetooth: hci4: SCO packet for unknown connection handle 0 [ 393.517368][ T9551] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 393.606142][ T5130] usb 2-1: string descriptor 0 read error: -71 [ 393.671881][ T5130] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 393.696992][ T5130] dvb_usb_af9035 2-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 393.714047][ T5797] hsr_slave_0: left promiscuous mode [ 393.733644][ T5797] hsr_slave_1: left promiscuous mode [ 393.739728][ T5130] usb 2-1: USB disconnect, device number 13 [ 393.761962][ T5797] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 393.772858][ T5797] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 393.789315][ T5126] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 393.836662][ T5797] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 393.863864][ T5797] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 393.927010][ T5797] veth1_macvtap: left promiscuous mode [ 393.965740][ T5797] veth0_macvtap: left promiscuous mode [ 393.972842][ T5797] veth1_vlan: left promiscuous mode [ 393.979699][ T5126] usb 3-1: Using ep0 maxpacket: 32 [ 393.986569][ T5797] veth0_vlan: left promiscuous mode [ 393.993372][ T5126] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 394.014060][ T5126] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 394.036618][ T5126] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 394.067175][ T5126] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 394.097957][ T5126] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 394.107875][ T5126] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 394.132866][ T5126] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 394.148132][ T5126] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 394.162452][ T5126] usb 3-1: Product: syz [ 394.169897][ T5126] usb 3-1: Manufacturer: syz [ 394.187136][ T5126] usb 3-1: SerialNumber: syz [ 394.426091][ T5126] cdc_ncm 3-1:1.0: bind() failure [ 394.483679][ T5126] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 394.513764][ T5126] cdc_ncm 3-1:1.1: bind() failure [ 394.537438][ T5126] usb 3-1: USB disconnect, device number 27 [ 394.959948][ T5797] team0 (unregistering): Port device team_slave_1 removed [ 395.065494][ T5797] team0 (unregistering): Port device team_slave_0 removed [ 395.592298][ T1801] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 395.664334][ T9412] hsr_slave_0: entered promiscuous mode [ 395.674737][ T9412] hsr_slave_1: entered promiscuous mode [ 395.788571][ T1801] usb 1-1: Using ep0 maxpacket: 8 [ 395.820389][ T1801] usb 1-1: config 0 has an invalid interface number: 125 but max is 3 [ 395.839188][ T1801] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 395.853901][ T1801] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 4 [ 395.864226][ T1801] usb 1-1: config 0 has no interface number 0 [ 395.883688][ T1801] usb 1-1: config 0 interface 125 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 395.900039][ T1801] usb 1-1: config 0 interface 125 has no altsetting 0 [ 395.924545][ T1801] usb 1-1: string descriptor 0 read error: -22 [ 395.966105][ T1801] usb 1-1: Dual-Role OTG device on HNP port [ 395.982499][ T1801] usb 1-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd [ 396.008643][ T1801] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 396.083357][ T1801] usb 1-1: config 0 descriptor?? [ 396.113471][ T1801] hub 1-1:0.125: bad descriptor, ignoring hub [ 396.131196][ T1801] hub 1-1:0.125: probe with driver hub failed with error -5 [ 396.142687][ T9607] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1049'. [ 396.145096][ T1801] usb 1-1: Found UVC 15.ff device (17dc:0202) [ 396.159528][ T1801] usb 1-1: No valid video chain found. [ 396.563396][ T9310] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 396.587627][ T9310] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 396.707551][ T9310] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 396.737825][ T9310] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 396.811777][ T9600] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 396.838429][ T9600] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 397.171340][ T9310] 8021q: adding VLAN 0 to HW filter on device bond0 [ 397.205949][ T9310] 8021q: adding VLAN 0 to HW filter on device team0 [ 397.219798][ T1801] bridge0: port 1(bridge_slave_0) entered blocking state [ 397.227035][ T1801] bridge0: port 1(bridge_slave_0) entered forwarding state [ 397.336708][ T5079] bridge0: port 2(bridge_slave_1) entered blocking state [ 397.343988][ T5079] bridge0: port 2(bridge_slave_1) entered forwarding state [ 397.416367][ T9310] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 397.429693][ T9310] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 397.565524][ T5080] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 397.786978][ T9412] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 397.953340][ T9412] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 397.992566][ T9412] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 398.018672][ T9638] netlink: 'syz.1.1054': attribute type 1 has an invalid length. [ 398.098728][ T9412] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 398.220668][ T9310] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 398.445108][ T9310] veth0_vlan: entered promiscuous mode [ 398.450428][ T1801] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 398.484666][ T9310] veth1_vlan: entered promiscuous mode [ 398.557808][ T9310] veth0_macvtap: entered promiscuous mode [ 398.576956][ T9412] 8021q: adding VLAN 0 to HW filter on device bond0 [ 398.597019][ T9310] veth1_macvtap: entered promiscuous mode [ 398.651372][ T9310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 398.665426][ T9310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 398.670866][ T1801] usb 2-1: New USB device found, idVendor=07ca, idProduct=a835, bcdDevice=21.fa [ 398.687410][ T9310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 398.697482][ T1801] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 398.698168][ T5134] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 398.716419][ T9310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 398.727012][ T9310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 398.738308][ T9310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 398.740955][ T1801] usb 2-1: config 0 descriptor?? [ 398.755666][ T9310] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 398.777386][ T9412] 8021q: adding VLAN 0 to HW filter on device team0 [ 398.792266][ T9310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 398.810190][ T9310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 398.830458][ T9310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 398.844852][ T9310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 398.857709][ T9310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 398.874977][ T9310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 398.887422][ T9310] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 398.919609][ T5125] bridge0: port 1(bridge_slave_0) entered blocking state [ 398.926839][ T5125] bridge0: port 1(bridge_slave_0) entered forwarding state [ 398.934648][ T5134] usb 3-1: Using ep0 maxpacket: 32 [ 398.946632][ T5134] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 398.961969][ T5134] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 398.975433][ T9638] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 398.979959][ T9310] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 398.995550][ T5134] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 399.007494][ T5134] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 399.022168][ T9638] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 399.032959][ T9310] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.046063][ T5134] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 399.063542][ T9310] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.077085][ T1801] usb 2-1: string descriptor 0 read error: -71 [ 399.079734][ T5134] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 399.093271][ T9310] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.098520][ T1801] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 399.122964][ T1801] dvb_usb_af9035 2-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 399.123415][ T5134] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 399.159608][ T784] bridge0: port 2(bridge_slave_1) entered blocking state [ 399.161766][ T1801] usb 2-1: USB disconnect, device number 14 [ 399.166839][ T784] bridge0: port 2(bridge_slave_1) entered forwarding state [ 399.193561][ T5134] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 399.204154][ T5134] usb 3-1: Product: syz [ 399.211000][ T5134] usb 3-1: Manufacturer: syz [ 399.215813][ T5134] usb 3-1: SerialNumber: syz [ 399.437055][ T5134] cdc_ncm 3-1:1.0: bind() failure [ 399.461274][ T130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 399.476947][ T5134] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 399.498689][ T130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 399.508534][ T5134] cdc_ncm 3-1:1.1: bind() failure [ 399.538193][ T784] usb 1-1: USB disconnect, device number 15 [ 399.558382][ T5134] usb 3-1: USB disconnect, device number 28 [ 399.643961][ T130] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 399.700967][ T130] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 399.974368][ T9684] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1059'. [ 400.163316][ T9412] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 401.044614][ T5080] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 401.074479][ T9724] qrtr: Invalid version 48 [ 401.193670][ T9412] veth0_vlan: entered promiscuous mode [ 401.206521][ T9724] ip6t_srh: unknown srh match flags 4000 [ 401.235169][ T9412] veth1_vlan: entered promiscuous mode [ 401.312504][ T9412] veth0_macvtap: entered promiscuous mode [ 401.363923][ T9412] veth1_macvtap: entered promiscuous mode [ 401.484724][ T9412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 401.524250][ T9412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 401.566226][ T9412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 401.613639][ T9412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 401.645055][ T9412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 401.671792][ T9412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 401.695479][ T9412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 401.707745][ T9412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 401.744479][ T9412] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 401.800607][ T784] usb 4-1: new full-speed USB device number 23 using dummy_hcd [ 401.811973][ T9412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 401.896784][ T9412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 401.917550][ T9412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 401.933429][ T9412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 401.959236][ T9412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 401.995136][ T9412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.008660][ T9412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 402.027812][ T9412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 402.045831][ T784] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 402.089740][ T9412] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 402.097082][ T784] usb 4-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 402.151392][ T784] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 402.172364][ T9750] netlink: 'syz.1.1067': attribute type 1 has an invalid length. [ 402.184942][ T784] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 402.201075][ T784] usb 4-1: SerialNumber: syz [ 402.231716][ T784] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22 [ 402.273787][ T784] usb-storage 4-1:1.0: USB Mass Storage device detected [ 402.289489][ T9412] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.300942][ T9412] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.309951][ T9412] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.322182][ T9412] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 402.332994][ T784] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 402.408206][ T5125] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 402.444946][ T9732] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 402.489803][ T9732] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 402.503793][ T1801] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 402.572227][ T9772] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1070'. [ 402.615263][ T784] usb 4-1: USB disconnect, device number 23 [ 402.632144][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 402.645996][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 402.665411][ T5125] usb 2-1: New USB device found, idVendor=07ca, idProduct=a835, bcdDevice=21.fa [ 402.697963][ T5125] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.723339][ T2464] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 402.734052][ T2464] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 402.744087][ T1801] usb 3-1: Using ep0 maxpacket: 32 [ 402.750842][ T5125] usb 2-1: config 0 descriptor?? [ 402.777606][ T1801] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 402.807759][ T1801] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 402.828323][ T1801] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 402.859950][ T1801] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 402.882732][ T1801] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 402.901644][ T1801] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 402.925854][ T1801] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 402.958170][ T1801] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 402.980238][ T1801] usb 3-1: Product: syz [ 402.984468][ T1801] usb 3-1: Manufacturer: syz [ 403.002382][ T9750] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 403.019981][ T1801] usb 3-1: SerialNumber: syz [ 403.055397][ T9750] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 403.124908][ T5125] usb 2-1: string descriptor 0 read error: -71 [ 403.151923][ T5125] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 403.172650][ T5125] dvb_usb_af9035 2-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 403.212696][ T5125] usb 2-1: USB disconnect, device number 15 [ 403.235779][ T1801] cdc_ncm 3-1:1.0: bind() failure [ 403.267010][ T1801] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 403.298312][ T1801] cdc_ncm 3-1:1.1: bind() failure [ 403.350359][ T1801] usb 3-1: USB disconnect, device number 29 [ 404.268296][ T1801] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 404.307347][ T5080] Bluetooth: hci4: SCO packet for unknown connection handle 0 [ 404.800228][ T1801] usb 3-1: Using ep0 maxpacket: 8 [ 404.832007][ T1801] usb 3-1: config 0 has an invalid interface number: 125 but max is 3 [ 404.845902][ T1801] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 404.892000][ T1801] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 4 [ 404.912197][ T1801] usb 3-1: config 0 has no interface number 0 [ 404.924709][ T1801] usb 3-1: config 0 interface 125 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 404.958666][ T1801] usb 3-1: config 0 interface 125 has no altsetting 0 [ 404.977500][ T1801] usb 3-1: string descriptor 0 read error: -22 [ 404.988423][ T1801] usb 3-1: Dual-Role OTG device on HNP port [ 404.995749][ T1801] usb 3-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd [ 405.089500][ T1801] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 405.137563][ T1801] usb 3-1: config 0 descriptor?? [ 405.167550][ T1801] hub 3-1:0.125: bad descriptor, ignoring hub [ 405.183509][ T9831] qrtr: Invalid version 48 [ 405.195532][ T1801] hub 3-1:0.125: probe with driver hub failed with error -5 [ 405.213913][ T1801] usb 3-1: Found UVC 15.ff device (17dc:0202) [ 405.224664][ T1801] usb 3-1: No valid video chain found. [ 405.290798][ T9831] ip6t_srh: unknown srh match flags 4000 [ 405.427243][ T9810] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 405.478952][ T9810] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 405.684447][ T9847] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1081'. [ 406.428444][ T1801] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 406.588141][ T5079] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 406.650323][ T1801] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 406.676493][ T1801] usb 5-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 406.699517][ T1801] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 406.736779][ T1801] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 406.745157][ T1801] usb 5-1: SerialNumber: syz [ 406.754395][ T1801] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 406.768617][ T1801] usb-storage 5-1:1.0: USB Mass Storage device detected [ 406.786475][ T1801] usb-storage 5-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 406.794483][ T5079] usb 4-1: Using ep0 maxpacket: 32 [ 406.832991][ T5079] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 406.969860][ T5079] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 406.982447][ T9851] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 407.012644][ T9851] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 407.052881][ T5079] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 407.079692][ T5079] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 407.112453][ T5079] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 407.143233][ T5079] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 407.170040][ T5079] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 407.181660][ T50] usb 5-1: USB disconnect, device number 18 [ 407.199678][ T5079] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 407.234746][ T5079] usb 4-1: Product: syz [ 407.252712][ T5079] usb 4-1: Manufacturer: syz [ 407.272677][ T5079] usb 4-1: SerialNumber: syz [ 407.463777][ T5130] usb 3-1: USB disconnect, device number 30 [ 407.492680][ T9872] netlink: 1688 bytes leftover after parsing attributes in process `syz.3.1086'. [ 407.570310][ T5079] cdc_ncm 4-1:1.0: bind() failure [ 407.635731][ T5079] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 407.678138][ T5079] cdc_ncm 4-1:1.1: bind() failure [ 407.704464][ T5079] usb 4-1: USB disconnect, device number 24 [ 408.525378][ T5080] Bluetooth: hci4: SCO packet for unknown connection handle 0 [ 408.944971][ T5080] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 409.072465][ T9935] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1095'. [ 409.122006][ T9940] qrtr: Invalid version 48 [ 409.170482][ T9940] ip6t_srh: unknown srh match flags 4000 [ 410.229640][ T1801] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 410.421428][ T5079] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 410.478358][ T1801] usb 4-1: Using ep0 maxpacket: 8 [ 410.504972][ T1801] usb 4-1: config 0 has an invalid interface number: 125 but max is 3 [ 410.530939][ T1801] usb 4-1: config 0 has an invalid interface number: 37 but max is 3 [ 410.539784][ T1801] usb 4-1: config 0 has an invalid interface number: 162 but max is 3 [ 410.569559][ T5130] usb 1-1: new full-speed USB device number 16 using dummy_hcd [ 410.585282][ T1801] usb 4-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 410.605395][ T1801] usb 4-1: config 0 has 3 interfaces, different from the descriptor's value: 4 [ 410.671464][ T1801] usb 4-1: config 0 has no interface number 0 [ 410.691483][ T1801] usb 4-1: config 0 has no interface number 1 [ 410.698618][ T5079] usb 5-1: Using ep0 maxpacket: 32 [ 410.706117][ T1801] usb 4-1: config 0 has no interface number 2 [ 410.722941][ T1801] usb 4-1: config 0 interface 125 altsetting 2 endpoint 0x5 has invalid maxpacket 1023, setting to 64 [ 410.734862][ T1801] usb 4-1: config 0 interface 125 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 410.748384][ T5079] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 410.759554][ T1801] usb 4-1: config 0 interface 37 altsetting 5 has a duplicate endpoint with address 0xE, skipping [ 410.771264][ T5130] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 410.771762][ T5079] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 410.795545][ T1801] usb 4-1: config 0 interface 37 altsetting 5 has a duplicate endpoint with address 0xB, skipping [ 410.813235][ T1801] usb 4-1: config 0 interface 37 altsetting 5 bulk endpoint 0x3 has invalid maxpacket 16 [ 410.833902][ T5079] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 410.843110][ T5130] usb 1-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 410.854727][ T1801] usb 4-1: config 0 interface 37 altsetting 5 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 410.868985][ T5130] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 410.883280][ T5079] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 410.883285][ T5130] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 410.883315][ T5079] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 410.929545][ T5130] usb 1-1: SerialNumber: syz [ 410.935741][ T1801] usb 4-1: config 0 interface 162 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 10 [ 410.959964][ T1801] usb 4-1: config 0 interface 125 has no altsetting 0 [ 410.961767][ T5130] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22 [ 410.967206][ T5079] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 410.996894][ T1801] usb 4-1: config 0 interface 37 has no altsetting 0 [ 411.039223][ T1801] usb 4-1: config 0 interface 162 has no altsetting 0 [ 411.042638][ T5130] usb-storage 1-1:1.0: USB Mass Storage device detected [ 411.076497][ T1801] usb 4-1: string descriptor 0 read error: -22 [ 411.084263][ T1801] usb 4-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd [ 411.094006][ T5079] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 411.103514][ T5079] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 411.112399][ T1801] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 411.120671][ T5079] usb 5-1: Product: syz [ 411.125361][ T5079] usb 5-1: Manufacturer: syz [ 411.138189][ T5079] usb 5-1: SerialNumber: syz [ 411.184628][ T1801] usb 4-1: config 0 descriptor?? [ 411.185591][ T9950] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 411.200483][ T1801] hub 4-1:0.125: bad descriptor, ignoring hub [ 411.206675][ T1801] hub 4-1:0.125: probe with driver hub failed with error -5 [ 411.215703][ T1801] usb 4-1: Found UVC 15.ff device (17dc:0202) [ 411.224615][ T1801] usb 4-1: No valid video chain found. [ 411.234605][ T1801] hub 4-1:0.37: bad descriptor, ignoring hub [ 411.243125][ T1801] hub 4-1:0.37: probe with driver hub failed with error -5 [ 411.244359][ T5130] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 411.261762][ T1801] hub 4-1:0.162: bad descriptor, ignoring hub [ 411.282805][ T1801] hub 4-1:0.162: probe with driver hub failed with error -5 [ 411.298485][ T9950] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 411.380374][ T9954] netlink: 1688 bytes leftover after parsing attributes in process `syz.4.1101'. [ 411.419595][ T5079] cdc_ncm 5-1:1.0: bind() failure [ 411.441753][ T5130] usb 1-1: USB disconnect, device number 16 [ 411.451369][ T5079] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 411.459001][ T9948] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 411.480847][ T5079] cdc_ncm 5-1:1.1: bind() failure [ 411.513014][ T9948] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 411.564964][ T5079] usb 5-1: USB disconnect, device number 19 [ 411.820272][ T5092] Bluetooth: hci2: command 0x0406 tx timeout [ 412.151553][ T5080] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 412.621143][T10001] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1109'. [ 412.642726][T10001] (unnamed net_device) (uninitialized): option ad_actor_system: mode dependency failed, not supported in mode balance-rr(0) [ 412.893578][T10014] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1112'. [ 413.320513][ T1801] usb 4-1: USB disconnect, device number 25 [ 413.428339][ T5079] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 413.809086][ T5079] usb 5-1: Using ep0 maxpacket: 32 [ 413.847104][ T5080] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 413.862604][ T5079] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 413.983599][ T5079] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 414.058191][ T5079] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 414.163592][ T5079] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 414.238502][ T5079] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 414.344489][ T5079] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 414.411166][ T5079] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 414.439246][ T5079] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 414.495929][ T5079] usb 5-1: Product: syz [ 414.525387][ T5079] usb 5-1: Manufacturer: syz [ 414.544542][ T5079] usb 5-1: SerialNumber: syz [ 414.799012][T10020] netlink: 1688 bytes leftover after parsing attributes in process `syz.4.1116'. [ 414.830724][ T5079] cdc_ncm 5-1:1.0: bind() failure [ 414.884175][ T5079] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 414.898642][ T5079] cdc_ncm 5-1:1.1: bind() failure [ 414.944101][ T5079] usb 5-1: USB disconnect, device number 20 [ 416.232032][T10064] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1126'. [ 416.518260][ T5125] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 416.538307][T10068] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1129'. [ 416.554792][T10068] (unnamed net_device) (uninitialized): option ad_actor_system: mode dependency failed, not supported in mode balance-rr(0) [ 416.628547][T10075] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1131'. [ 416.655905][T10075] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1131'. [ 416.708238][ T5125] usb 5-1: Using ep0 maxpacket: 8 [ 416.717382][ T5125] usb 5-1: config 0 has an invalid interface number: 125 but max is 3 [ 416.729558][ T5125] usb 5-1: config 0 has an invalid interface number: 37 but max is 3 [ 416.738268][ T5125] usb 5-1: config 0 has an invalid interface number: 162 but max is 3 [ 416.749848][ T5125] usb 5-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 416.767668][ T5125] usb 5-1: config 0 has 3 interfaces, different from the descriptor's value: 4 [ 416.780509][ T5125] usb 5-1: config 0 has no interface number 0 [ 416.793405][ T5125] usb 5-1: config 0 has no interface number 1 [ 416.808865][ T5125] usb 5-1: config 0 has no interface number 2 [ 416.820184][ T5125] usb 5-1: config 0 interface 125 altsetting 2 endpoint 0x5 has invalid maxpacket 1023, setting to 64 [ 416.833576][ T5125] usb 5-1: config 0 interface 125 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 416.880781][ T5125] usb 5-1: config 0 interface 37 altsetting 5 has a duplicate endpoint with address 0xE, skipping [ 416.989827][ T5125] usb 5-1: config 0 interface 37 altsetting 5 has a duplicate endpoint with address 0xB, skipping [ 417.029017][ T5125] usb 5-1: config 0 interface 37 altsetting 5 bulk endpoint 0x3 has invalid maxpacket 16 [ 417.064912][ T5125] usb 5-1: config 0 interface 37 altsetting 5 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 417.080423][ T5125] usb 5-1: config 0 interface 162 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 10 [ 417.094078][ T5125] usb 5-1: config 0 interface 125 has no altsetting 0 [ 417.136851][ T5125] usb 5-1: config 0 interface 37 has no altsetting 0 [ 417.178472][ T5080] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 417.188738][ T5080] Bluetooth: hci4: Injecting HCI hardware error event [ 417.197224][ T5092] Bluetooth: hci4: hardware error 0x00 [ 417.215425][ T5125] usb 5-1: config 0 interface 162 has no altsetting 0 [ 417.233349][ T5125] usb 5-1: string descriptor 0 read error: -22 [ 417.253329][ T5125] usb 5-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd [ 417.274510][ T5125] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 417.302829][ T5125] usb 5-1: config 0 descriptor?? [ 417.322931][ T5125] hub 5-1:0.125: bad descriptor, ignoring hub [ 417.334148][ T5125] hub 5-1:0.125: probe with driver hub failed with error -5 [ 417.356178][ T5125] usb 5-1: Found UVC 15.ff device (17dc:0202) [ 417.381298][ T5125] usb 5-1: No valid video chain found. [ 417.412739][ T5125] hub 5-1:0.37: bad descriptor, ignoring hub [ 417.445593][ T5125] hub 5-1:0.37: probe with driver hub failed with error -5 [ 417.496050][ T5125] hub 5-1:0.162: bad descriptor, ignoring hub [ 417.543450][T10065] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 417.708937][T10065] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 417.717199][ T5125] hub 5-1:0.162: probe with driver hub failed with error -5 [ 418.452730][ T29] audit: type=1326 audit(1720932823.405:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10091 comm="syz.2.1136" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe802775bd9 code=0x0 [ 418.971384][ T5079] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 418.991664][T10109] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1140'. [ 419.110118][T10120] xt_hashlimit: overflow, try lower: 0/0 [ 419.209436][ T5079] usb 1-1: Using ep0 maxpacket: 32 [ 419.227488][ T5079] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 419.258869][ T5092] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 419.276422][ T5079] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 419.293403][ T5079] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 419.305090][ T5079] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 419.321513][ T5079] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 419.338761][ T5079] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 419.371230][ T5079] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 419.380698][ T5079] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 419.390226][ T5079] usb 1-1: Product: syz [ 419.396849][ T5079] usb 1-1: Manufacturer: syz [ 419.403604][ T5079] usb 1-1: SerialNumber: syz [ 419.651354][T10103] netlink: 'syz.0.1137': attribute type 72 has an invalid length. [ 419.739599][ T5079] cdc_ncm 1-1:1.0: bind() failure [ 419.773764][ T5079] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 419.810330][ T5079] cdc_ncm 1-1:1.1: bind() failure [ 419.840021][ T5079] usb 1-1: USB disconnect, device number 17 [ 419.987290][ T5092] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 420.341643][ T5125] usb 5-1: USB disconnect, device number 21 [ 421.248171][ T29] audit: type=1326 audit(1720932826.225:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10142 comm="syz.4.1149" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4041375bd9 code=0x0 [ 421.582055][T10161] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1155'. [ 421.726183][T10167] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1153'. [ 422.240858][T10187] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1159'. [ 422.525868][ T5092] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 422.767782][ T5092] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 422.862061][ T29] audit: type=1326 audit(1720932828.465:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10198 comm="syz.0.1162" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feda2775bd9 code=0x0 [ 424.016811][T10217] fuse: Unknown parameter '' [ 424.046796][T10219] fuse: Unknown parameter '' [ 424.183490][ T5092] Bluetooth: hci1: unexpected subevent 0x0e length: 244 > 15 [ 424.293207][T10225] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1169'. [ 424.508448][ T1801] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 424.748292][ T1801] usb 5-1: Using ep0 maxpacket: 8 [ 424.762349][ T1801] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 424.783012][ T1801] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 424.806286][ T1801] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 424.849277][ T1801] usb 5-1: config 0 descriptor?? [ 424.872978][ T1801] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 425.032408][T10245] FAULT_INJECTION: forcing a failure. [ 425.032408][T10245] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 425.052520][T10245] CPU: 1 PID: 10245 Comm: syz.3.1174 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 425.062739][T10245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 425.072787][T10245] Call Trace: [ 425.076053][T10245] [ 425.078973][T10245] dump_stack_lvl+0x241/0x360 [ 425.083651][T10245] ? __pfx_dump_stack_lvl+0x10/0x10 [ 425.088841][T10245] ? __pfx__printk+0x10/0x10 [ 425.093418][T10245] ? __pfx_lock_release+0x10/0x10 [ 425.098437][T10245] should_fail_ex+0x3b0/0x4e0 [ 425.103105][T10245] _copy_from_iter+0x1f6/0x1960 [ 425.107952][T10245] ? __virt_addr_valid+0x183/0x530 [ 425.113083][T10245] ? __pfx_lock_release+0x10/0x10 [ 425.118132][T10245] ? __alloc_skb+0x28f/0x440 [ 425.122736][T10245] ? __pfx__copy_from_iter+0x10/0x10 [ 425.128041][T10245] ? __virt_addr_valid+0x183/0x530 [ 425.133184][T10245] ? __virt_addr_valid+0x183/0x530 [ 425.138294][T10245] ? __virt_addr_valid+0x45f/0x530 [ 425.143422][T10245] ? __check_object_size+0x49c/0x900 [ 425.148726][T10245] netlink_sendmsg+0x743/0xcb0 [ 425.153552][T10245] ? __pfx_netlink_sendmsg+0x10/0x10 [ 425.158882][T10245] ? __import_iovec+0x536/0x820 [ 425.163753][T10245] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 425.169059][T10245] ? security_socket_sendmsg+0x87/0xb0 [ 425.174520][T10245] ? __pfx_netlink_sendmsg+0x10/0x10 [ 425.179815][T10245] __sock_sendmsg+0x221/0x270 [ 425.184694][T10245] ____sys_sendmsg+0x525/0x7d0 [ 425.189458][T10245] ? __pfx_____sys_sendmsg+0x10/0x10 [ 425.194832][T10245] __sys_sendmsg+0x2b0/0x3a0 [ 425.199417][T10245] ? __pfx___sys_sendmsg+0x10/0x10 [ 425.204517][T10245] ? vfs_write+0x7c4/0xc90 [ 425.208959][T10245] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 425.215279][T10245] ? do_syscall_64+0x100/0x230 [ 425.220078][T10245] ? do_syscall_64+0xb6/0x230 [ 425.224787][T10245] do_syscall_64+0xf3/0x230 [ 425.229301][T10245] ? clear_bhb_loop+0x35/0x90 [ 425.233978][T10245] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 425.239890][T10245] RIP: 0033:0x7f250f375bd9 [ 425.244313][T10245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 425.264011][T10245] RSP: 002b:00007f251018b048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 425.272425][T10245] RAX: ffffffffffffffda RBX: 00007f250f503f60 RCX: 00007f250f375bd9 [ 425.280389][T10245] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000008 [ 425.288353][T10245] RBP: 00007f251018b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 425.296312][T10245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 425.304268][T10245] R13: 000000000000000b R14: 00007f250f503f60 R15: 00007ffee6b4e5b8 [ 425.312248][T10245] [ 425.573843][ T1801] gspca_vc032x: reg_r err -71 [ 426.115273][ T1801] vc032x 5-1:0.0: probe with driver vc032x failed with error -71 [ 426.118562][ T29] audit: type=1326 audit(1720932831.275:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10246 comm="syz.2.1175" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe802775bd9 code=0x0 [ 426.126349][ T1801] usb 5-1: USB disconnect, device number 22 [ 426.554992][ T5092] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 426.571621][ T5092] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 426.791771][T10273] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1182'. [ 427.148813][ T5092] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 427.315703][ T5130] usb 5-1: new full-speed USB device number 23 using dummy_hcd [ 428.001060][ T29] audit: type=1326 audit(1720932833.195:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10297 comm="syz.1.1188" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f73e2b75bd9 code=0x0 [ 428.236024][ T5130] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 428.303843][ T5130] usb 5-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 428.326494][ T5130] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 428.356223][ T5130] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 428.398305][ T5130] usb 5-1: SerialNumber: syz [ 428.418575][ T5130] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 428.434181][T10322] 9pnet_virtio: no channels available for device syz [ 428.452597][ T5130] usb-storage 5-1:1.0: USB Mass Storage device detected [ 428.504853][ T5130] usb-storage 5-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 428.650215][ T50] usb 1-1: new full-speed USB device number 18 using dummy_hcd [ 428.736769][T10278] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 428.759680][T10278] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 428.828528][ T5092] Bluetooth: hci2: unexpected event for opcode 0x203d [ 428.860319][ T50] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 428.980536][ T50] usb 1-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 429.012287][ T50] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 429.034805][ T50] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 429.038732][ T5130] usb 5-1: USB disconnect, device number 23 [ 429.207112][ T50] usb 1-1: SerialNumber: syz [ 429.233613][ T50] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22 [ 429.988892][T10306] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 430.000473][ T50] usb-storage 1-1:1.0: USB Mass Storage device detected [ 430.025556][T10306] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 430.104767][ T5092] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 430.107350][ T50] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 430.207668][ T50] usb 1-1: USB disconnect, device number 18 [ 431.885251][ T5092] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 431.971631][ T5797] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 431.990363][ T5797] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.226047][ T5092] Bluetooth: hci1: unexpected event 0x09 length: 8 > 3 [ 432.252737][ T5797] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 432.289082][ T5797] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 432.303396][ T5080] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 432.311884][ T5076] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 432.316337][ T5080] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 432.338381][ T5080] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 432.350359][ T5080] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 432.358500][ T5080] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 432.365959][ T5080] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 432.749829][ T5797] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 433.539918][ T5080] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 433.548691][ T5080] Bluetooth: hci2: Injecting HCI hardware error event [ 433.557422][ T5080] Bluetooth: hci2: hardware error 0x00 [ 433.567043][ T29] audit: type=1326 audit(1720932838.445:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10370 comm="syz.2.1204" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe802775bd9 code=0x0 [ 433.598332][ T5797] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 433.679408][T10374] 9pnet_virtio: no channels available for device syz [ 433.944512][ T5797] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 433.977893][ T5797] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 434.035941][T10386] FAULT_INJECTION: forcing a failure. [ 434.035941][T10386] name failslab, interval 1, probability 0, space 0, times 0 [ 434.093709][T10387] FAULT_INJECTION: forcing a failure. [ 434.093709][T10387] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 434.094921][T10386] CPU: 1 PID: 10386 Comm: syz.3.1208 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 434.118231][T10386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 434.128294][T10386] Call Trace: [ 434.132095][T10386] [ 434.135020][T10386] dump_stack_lvl+0x241/0x360 [ 434.139696][T10386] ? __pfx_dump_stack_lvl+0x10/0x10 [ 434.144904][T10386] ? __pfx__printk+0x10/0x10 [ 434.149519][T10386] should_fail_ex+0x3b0/0x4e0 [ 434.154225][T10386] ? __alloc_skb+0x1c3/0x440 [ 434.158823][T10386] should_failslab+0x9/0x20 [ 434.163324][T10386] kmem_cache_alloc_node_noprof+0x71/0x320 [ 434.169123][T10386] __alloc_skb+0x1c3/0x440 [ 434.173531][T10386] ? __pfx___alloc_skb+0x10/0x10 [ 434.178457][T10386] ? netlink_ack_tlv_len+0x6e/0x200 [ 434.183647][T10386] netlink_ack+0x13f/0xa30 [ 434.188061][T10386] ? __pfx_lock_acquire+0x10/0x10 [ 434.193090][T10386] ? __pfx_nl80211_set_tx_bitrate_mask+0x10/0x10 [ 434.199404][T10386] ? __pfx_nl80211_post_doit+0x10/0x10 [ 434.204883][T10386] netlink_rcv_skb+0x262/0x430 [ 434.209668][T10386] ? __pfx_genl_rcv_msg+0x10/0x10 [ 434.214705][T10386] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 434.219998][T10386] ? __netlink_deliver_tap+0x77e/0x7c0 [ 434.225455][T10386] genl_rcv+0x28/0x40 [ 434.229421][T10386] netlink_unicast+0x7ea/0x980 [ 434.234178][T10386] ? __pfx_netlink_unicast+0x10/0x10 [ 434.239449][T10386] ? __virt_addr_valid+0x183/0x530 [ 434.244552][T10386] ? __check_object_size+0x49c/0x900 [ 434.249835][T10386] ? bpf_lsm_netlink_send+0x9/0x10 [ 434.254936][T10386] netlink_sendmsg+0x8db/0xcb0 [ 434.259716][T10386] ? __pfx_netlink_sendmsg+0x10/0x10 [ 434.264999][T10386] ? __import_iovec+0x536/0x820 [ 434.269836][T10386] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 434.275105][T10386] ? security_socket_sendmsg+0x87/0xb0 [ 434.280557][T10386] ? __pfx_netlink_sendmsg+0x10/0x10 [ 434.285827][T10386] __sock_sendmsg+0x221/0x270 [ 434.290495][T10386] ____sys_sendmsg+0x525/0x7d0 [ 434.295249][T10386] ? __pfx_____sys_sendmsg+0x10/0x10 [ 434.300534][T10386] __sys_sendmsg+0x2b0/0x3a0 [ 434.305115][T10386] ? __pfx___sys_sendmsg+0x10/0x10 [ 434.310214][T10386] ? vfs_write+0x7c4/0xc90 [ 434.314644][T10386] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 434.320971][T10386] ? do_syscall_64+0x100/0x230 [ 434.325744][T10386] ? do_syscall_64+0xb6/0x230 [ 434.330412][T10386] do_syscall_64+0xf3/0x230 [ 434.334898][T10386] ? clear_bhb_loop+0x35/0x90 [ 434.339559][T10386] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.345465][T10386] RIP: 0033:0x7f250f375bd9 [ 434.349867][T10386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 434.369464][T10386] RSP: 002b:00007f251018b048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 434.377861][T10386] RAX: ffffffffffffffda RBX: 00007f250f503f60 RCX: 00007f250f375bd9 [ 434.385816][T10386] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000004 [ 434.393774][T10386] RBP: 00007f251018b0a0 R08: 0000000000000000 R09: 0000000000000000 [ 434.401763][T10386] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 434.409723][T10386] R13: 000000000000000b R14: 00007f250f503f60 R15: 00007ffee6b4e5b8 [ 434.417695][T10386] [ 434.422880][T10387] CPU: 1 PID: 10387 Comm: syz.1.1207 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 434.433069][T10387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 434.443119][T10387] Call Trace: [ 434.446383][T10387] [ 434.449301][T10387] dump_stack_lvl+0x241/0x360 [ 434.453985][T10387] ? __pfx_dump_stack_lvl+0x10/0x10 [ 434.459169][T10387] ? __pfx__printk+0x10/0x10 [ 434.463833][T10387] ? __pfx_lock_release+0x10/0x10 [ 434.468843][T10387] ? do_raw_spin_lock+0x14f/0x370 [ 434.473887][T10387] should_fail_ex+0x3b0/0x4e0 [ 434.478398][ T5092] Bluetooth: hci4: command tx timeout [ 434.478565][T10387] _copy_to_user+0x2f/0xb0 [ 434.478593][T10387] binder_ioctl_write_read+0x81e5/0x8d60 [ 434.494209][T10387] ? stack_trace_save+0x118/0x1d0 [ 434.499235][T10387] ? stack_depot_save_flags+0x29/0x830 [ 434.504693][T10387] ? __pfx_binder_ioctl_write_read+0x10/0x10 [ 434.510660][T10387] ? __lock_acquire+0x1346/0x1fd0 [ 434.515693][T10387] ? binder_get_thread+0x574/0x6c0 [ 434.520788][T10387] ? __pfx_lock_release+0x10/0x10 [ 434.525892][T10387] ? do_raw_spin_unlock+0x13c/0x8b0 [ 434.531086][T10387] ? _raw_spin_unlock+0x28/0x50 [ 434.535919][T10387] ? binder_get_thread+0x593/0x6c0 [ 434.541018][T10387] binder_ioctl+0x43d/0x1c70 [ 434.545596][T10387] ? tomoyo_path_number_perm+0x71a/0x880 [ 434.551221][T10387] ? tomoyo_path_number_perm+0x208/0x880 [ 434.556928][T10387] ? smack_log+0x123/0x540 [ 434.561417][T10387] ? __pfx_binder_ioctl+0x10/0x10 [ 434.566427][T10387] ? __pfx_smack_log+0x10/0x10 [ 434.571176][T10387] ? smk_access+0x4ab/0x4e0 [ 434.575685][T10387] ? smk_tskacc+0x300/0x370 [ 434.580199][T10387] ? smack_file_ioctl+0x2fa/0x3a0 [ 434.585217][T10387] ? __pfx_smack_file_ioctl+0x10/0x10 [ 434.590593][T10387] ? __fget_files+0x3f6/0x470 [ 434.595255][T10387] ? __fget_files+0x29/0x470 [ 434.599832][T10387] ? bpf_lsm_file_ioctl+0x9/0x10 [ 434.604754][T10387] ? security_file_ioctl+0x87/0xb0 [ 434.609863][T10387] ? __pfx_binder_ioctl+0x10/0x10 [ 434.614897][T10387] __se_sys_ioctl+0xfc/0x170 [ 434.619477][T10387] do_syscall_64+0xf3/0x230 [ 434.623963][T10387] ? clear_bhb_loop+0x35/0x90 [ 434.628630][T10387] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.634530][T10387] RIP: 0033:0x7f73e2b75bd9 [ 434.638929][T10387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 434.658516][T10387] RSP: 002b:00007f73e3934048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 434.666931][T10387] RAX: ffffffffffffffda RBX: 00007f73e2d04038 RCX: 00007f73e2b75bd9 [ 434.674935][T10387] RDX: 0000000020000640 RSI: 00000000c0306201 RDI: 0000000000000006 [ 434.682926][T10387] RBP: 00007f73e39340a0 R08: 0000000000000000 R09: 0000000000000000 [ 434.690908][T10387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 434.698888][T10387] R13: 000000000000006e R14: 00007f73e2d04038 R15: 00007ffc8d25dbc8 [ 434.706870][T10387] [ 434.715462][T10387] binder: 10382:10387 ioctl c0306201 20000640 returned -14 [ 435.128418][ T5092] Bluetooth: hci2: unexpected event for opcode 0x003d [ 435.226976][T10402] x_tables: duplicate underflow at hook 1 [ 435.352284][ T5797] bridge_slave_1: left allmulticast mode [ 435.410203][ T5797] bridge_slave_1: left promiscuous mode [ 435.441690][ T5797] bridge0: port 2(bridge_slave_1) entered disabled state [ 435.500515][ T5797] bridge_slave_0: left allmulticast mode [ 435.524404][ T5797] bridge_slave_0: left promiscuous mode [ 435.565866][ T5797] bridge0: port 1(bridge_slave_0) entered disabled state [ 435.658184][ T5080] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 436.539342][ T5080] Bluetooth: hci4: command tx timeout [ 436.748675][ T5797] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 436.766596][ T5797] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 436.797776][ T5797] bond0 (unregistering): Released all slaves [ 436.841406][T10364] chnl_net:caif_netlink_parms(): no params data found [ 436.905687][T10414] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1214'. [ 436.919936][T10414] (unnamed net_device) (uninitialized): option ad_actor_system: mode dependency failed, not supported in mode balance-rr(0) [ 437.585059][ T5797] hsr_slave_0: left promiscuous mode [ 437.885315][ T5797] hsr_slave_1: left promiscuous mode [ 438.696844][ T5080] Bluetooth: hci4: command tx timeout [ 438.708088][ T29] audit: type=1326 audit(1720932843.575:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10432 comm="syz.1.1215" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f73e2b75bd9 code=0x0 [ 438.759304][ T5797] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 438.786952][ T5797] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 438.794496][ T5080] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 438.829056][ T5797] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 439.597204][ T5080] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 439.606843][ T5080] Bluetooth: hci3: Injecting HCI hardware error event [ 439.615804][ T5080] Bluetooth: hci3: hardware error 0x00 [ 439.661154][ T5797] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 439.773867][ T5797] veth1_macvtap: left promiscuous mode [ 439.829569][ T5797] veth0_macvtap: left promiscuous mode [ 439.835293][ T5797] veth1_vlan: left promiscuous mode [ 439.885281][ T5797] veth0_vlan: left promiscuous mode [ 440.088684][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.095047][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.778269][ T5092] Bluetooth: hci4: command tx timeout [ 441.257840][ T5092] Bluetooth: hci3: unexpected event for opcode 0x203d [ 441.290720][ T5797] team0 (unregistering): Port device team_slave_1 removed [ 441.393228][ T5797] team0 (unregistering): Port device team_slave_0 removed [ 441.834889][ T5080] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 442.474633][T10364] bridge0: port 1(bridge_slave_0) entered blocking state [ 442.488939][T10364] bridge0: port 1(bridge_slave_0) entered disabled state [ 442.505835][T10364] bridge_slave_0: entered allmulticast mode [ 442.528678][T10364] bridge_slave_0: entered promiscuous mode [ 442.556601][T10364] bridge0: port 2(bridge_slave_1) entered blocking state [ 442.572870][T10364] bridge0: port 2(bridge_slave_1) entered disabled state [ 442.587499][T10364] bridge_slave_1: entered allmulticast mode [ 442.604109][T10364] bridge_slave_1: entered promiscuous mode [ 443.028076][ T29] audit: type=1326 audit(1720932848.625:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10497 comm="syz.4.1227" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4041375bd9 code=0x0 [ 443.750724][ T5080] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 443.955216][T10364] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 444.012324][T10364] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 444.424534][T10510] 9pnet_virtio: no channels available for device syz [ 447.327911][T10364] team0: Port device team_slave_0 added [ 447.522211][T10364] team0: Port device team_slave_1 added [ 447.756960][T10364] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 447.918157][T10364] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 448.141085][T10364] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 448.177917][T10364] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 448.196084][T10364] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 448.226614][T10364] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 448.479095][ T5126] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 448.678176][ T5126] usb 4-1: Using ep0 maxpacket: 8 [ 448.688309][ T5126] usb 4-1: config 0 has an invalid interface number: 125 but max is 3 [ 448.696561][ T5126] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 448.714070][ T5126] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 4 [ 448.723067][ T5126] usb 4-1: config 0 has no interface number 0 [ 448.729450][ T5126] usb 4-1: config 0 interface 125 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 448.775397][ T5126] usb 4-1: config 0 interface 125 has no altsetting 0 [ 448.811334][ T5126] usb 4-1: string descriptor 0 read error: -22 [ 448.817852][ T5126] usb 4-1: Dual-Role OTG device on HNP port [ 448.825355][ T5126] usb 4-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd [ 448.845702][ T5126] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 448.865372][ T5126] usb 4-1: config 0 descriptor?? [ 448.876386][T10364] hsr_slave_0: entered promiscuous mode [ 448.885216][ T5126] hub 4-1:0.125: bad descriptor, ignoring hub [ 448.893372][T10538] 9pnet_virtio: no channels available for device syz [ 448.901111][ T5126] hub 4-1:0.125: probe with driver hub failed with error -5 [ 448.909450][T10364] hsr_slave_1: entered promiscuous mode [ 448.919639][ T5126] usb 4-1: Found UVC 15.ff device (17dc:0202) [ 448.939310][T10364] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 448.956561][ T5126] usb 4-1: No valid video chain found. [ 448.978538][T10364] Cannot create hsr debugfs directory [ 449.160418][T10531] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 449.208414][T10531] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 450.457107][T10364] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 450.484384][T10364] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 450.510502][T10364] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 450.542752][T10364] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 450.552670][T10565] 9pnet_fd: Insufficient options for proto=fd [ 450.851683][T10364] 8021q: adding VLAN 0 to HW filter on device bond0 [ 450.935175][T10364] 8021q: adding VLAN 0 to HW filter on device team0 [ 450.957828][ T5125] bridge0: port 1(bridge_slave_0) entered blocking state [ 450.957911][ T5125] bridge0: port 1(bridge_slave_0) entered forwarding state [ 450.971082][ T5125] bridge0: port 2(bridge_slave_1) entered blocking state [ 450.971150][ T5125] bridge0: port 2(bridge_slave_1) entered forwarding state [ 451.248426][ T25] usb 4-1: USB disconnect, device number 26 [ 451.803421][T10364] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 452.234491][T10364] veth0_vlan: entered promiscuous mode [ 452.367683][T10364] veth1_vlan: entered promiscuous mode [ 453.028154][ T5125] usb 4-1: new full-speed USB device number 27 using dummy_hcd [ 453.201732][T10364] veth0_macvtap: entered promiscuous mode [ 453.233015][ T5125] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 453.258871][ T5080] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 453.268455][ T5080] Bluetooth: hci1: Injecting HCI hardware error event [ 453.278722][ T5080] Bluetooth: hci1: hardware error 0x00 [ 453.368498][T10364] veth1_macvtap: entered promiscuous mode [ 453.396178][ T5125] usb 4-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 453.460440][ T5125] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 453.485867][ T5125] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 453.559012][ T5125] usb 4-1: SerialNumber: syz [ 453.580098][ T5125] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22 [ 453.597186][ T5125] usb-storage 4-1:1.0: USB Mass Storage device detected [ 453.627843][T10364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 453.652741][T10364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.793416][T10364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 453.812001][T10364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.827513][T10364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 453.855464][ T5125] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 453.872772][T10583] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 453.935930][T10364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 453.946248][T10583] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 453.974673][T10364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 454.088077][T10364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 454.129752][T10364] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 454.198788][T10364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 454.242792][T10364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 454.276946][T10364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 454.315069][T10364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 454.340929][T10364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 454.538930][T10364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 454.599346][T10364] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 454.629072][T10364] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 454.636476][ T25] usb 4-1: USB disconnect, device number 27 [ 454.647482][T10364] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 454.767334][T10364] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 454.958177][T10364] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 454.969486][T10364] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.025444][T10364] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 455.338493][ T5080] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 455.539730][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 455.568186][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 455.641604][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 455.682910][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 455.708799][ T25] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 455.788194][ T5125] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 455.938387][ T25] usb 5-1: Using ep0 maxpacket: 8 [ 455.952187][ T25] usb 5-1: config 0 has an invalid interface number: 125 but max is 3 [ 455.977380][ T25] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 455.990052][ T5125] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 456.014985][ T25] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 4 [ 456.031749][ T5125] usb 2-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.40 [ 456.050769][ T5125] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.070902][ T25] usb 5-1: config 0 has no interface number 0 [ 456.073030][ T5125] usb 2-1: Product: syz [ 456.077044][ T25] usb 5-1: config 0 interface 125 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 456.093371][ T5125] usb 2-1: Manufacturer: syz [ 456.098094][ T5126] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 456.118558][ T5125] usb 2-1: SerialNumber: syz [ 456.141370][ T5125] usbhid 2-1:1.0: couldn't find an input interrupt endpoint [ 456.186348][ T25] usb 5-1: config 0 interface 125 has no altsetting 0 [ 456.211405][ T25] usb 5-1: string descriptor 0 read error: -22 [ 456.231058][ T25] usb 5-1: Dual-Role OTG device on HNP port [ 456.256929][ T25] usb 5-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd [ 456.297164][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.342640][ T5125] usb 2-1: USB disconnect, device number 16 [ 456.343965][ T5126] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 456.381513][ T25] usb 5-1: config 0 descriptor?? [ 456.445141][ T25] hub 5-1:0.125: bad descriptor, ignoring hub [ 456.456179][ T5126] usb 4-1: config 1 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 456.489903][ T25] hub 5-1:0.125: probe with driver hub failed with error -5 [ 456.519833][ T25] usb 5-1: Found UVC 15.ff device (17dc:0202) [ 456.532272][ T5126] usb 4-1: config 1 interface 0 has no altsetting 0 [ 456.583851][ T25] usb 5-1: No valid video chain found. [ 456.594921][ T5126] usb 4-1: config 1 interface 0 has no altsetting 1 [ 456.632559][ T5126] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 456.664045][ T5126] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.686559][ T5126] usb 4-1: Product: syz [ 456.694173][T10658] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 456.706215][ T5126] usb 4-1: Manufacturer: syz [ 456.718498][T10658] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 456.735331][ T5126] usb 4-1: SerialNumber: syz [ 457.712623][ T29] audit: type=1326 audit(1720932862.645:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10684 comm="syz.2.1254" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe802775bd9 code=0x0 [ 460.773068][ T5126] cdc_ether 4-1:1.0: skipping garbage [ 460.863824][ T5126] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22 [ 460.945846][ T5126] usb 4-1: USB disconnect, device number 28 [ 460.998584][ T1801] usb 5-1: USB disconnect, device number 24 [ 461.247806][T10719] 9pnet_virtio: no channels available for device syz [ 461.602522][T10724] 9pnet_virtio: no channels available for device syz [ 462.294727][ T25] IPVS: starting estimator thread 0... [ 462.408139][ T1801] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 462.429710][T10741] IPVS: using max 22 ests per chain, 52800 per kthread [ 462.584057][T10747] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1270'. [ 462.614322][ T1801] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 462.628816][ T1801] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 462.640829][ T1801] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 462.658377][ T1801] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 462.706476][ T1801] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 462.739822][ T1801] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 462.757559][ T1801] usb 2-1: Product: syz [ 462.775000][ T1801] usb 2-1: Manufacturer: syz [ 462.794725][ T1801] cdc_wdm 2-1:1.0: skipping garbage [ 462.808805][ T1801] cdc_wdm 2-1:1.0: skipping garbage [ 462.833683][ T1801] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 462.841196][ T1801] cdc_wdm 2-1:1.0: Unknown control protocol [ 463.307236][T10757] syz.3.1274: attempt to access beyond end of device [ 463.307236][T10757] loop3: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 463.327502][T10757] EXT4-fs (loop3): unable to read superblock [ 463.951204][T10776] tipc: Started in network mode [ 463.956222][T10776] tipc: Node identity f7, cluster identity 4711 [ 463.997111][T10776] tipc: Node number set to 247 [ 464.859930][T10791] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1287'. [ 464.995994][T10793] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1289'. [ 465.031108][ T5172] usb 2-1: USB disconnect, device number 17 [ 465.221082][T10793] Êü: entered promiscuous mode [ 465.762763][ T1801] IPVS: starting estimator thread 0... [ 465.823970][T10821] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1299'. [ 465.878207][T10817] IPVS: using max 26 ests per chain, 62400 per kthread [ 466.257166][T10835] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1306'. [ 467.571738][T10872] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1318'. [ 467.927601][T10880] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1320'. [ 468.648882][ T25] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 468.832035][T10896] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1327'. [ 468.878158][ T25] usb 5-1: config 0 has no interfaces? [ 468.906734][ T25] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 468.966103][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 469.004357][ T25] usb 5-1: Product: syz [ 469.032414][ T25] usb 5-1: Manufacturer: syz [ 469.037748][ T25] usb 5-1: SerialNumber: syz [ 469.079111][ T25] usb 5-1: config 0 descriptor?? [ 469.099958][T10904] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1330'. [ 469.335362][T10915] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1333'. [ 469.419972][ T5125] usb 5-1: USB disconnect, device number 25 [ 469.797580][T10931] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1340'. [ 469.929301][T10937] netlink: 'syz.3.1342': attribute type 9 has an invalid length. [ 470.070511][T10938] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1343'. [ 470.402275][T10958] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1353'. [ 470.583285][T10972] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1354'. [ 471.028307][ T1801] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 471.320300][ T1801] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 471.320339][ T1801] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 471.320379][ T1801] usb 1-1: New USB device found, idVendor=17ef, idProduct=6067, bcdDevice= 0.00 [ 471.320403][ T1801] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 471.343435][ T1801] usb 1-1: config 0 descriptor?? [ 471.608096][ T1801] usbhid 1-1:0.0: can't add hid device: -71 [ 471.648887][ T1801] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 471.670748][T10999] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1366'. [ 471.688806][ T1801] usb 1-1: USB disconnect, device number 19 [ 471.701601][T11001] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1365'. [ 473.268025][T11028] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 473.296426][ T1801] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 473.518161][ T1801] usb 1-1: Using ep0 maxpacket: 8 [ 473.545679][ T1801] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 473.589371][ T1801] usb 1-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 473.640766][ T1801] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 473.673673][ T1801] usb 1-1: config 0 descriptor?? [ 473.699563][ T1801] usb 1-1: Found UVC 0.00 device (05ac:8501) [ 473.717362][T11044] netlink: 'syz.2.1380': attribute type 12 has an invalid length. [ 473.725475][ T1801] usb 1-1: No valid video chain found. [ 473.778451][T11044] netlink: 'syz.2.1380': attribute type 11 has an invalid length. [ 473.807850][T11044] netlink: 190580 bytes leftover after parsing attributes in process `syz.2.1380'. [ 474.188361][ T5172] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 474.309638][T11064] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1384'. [ 474.438271][ T5172] usb 3-1: Using ep0 maxpacket: 16 [ 474.454306][ T5172] usb 3-1: config 0 has an invalid descriptor of length 56, skipping remainder of the config [ 474.487386][ T5172] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 474.519440][ T5172] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 474.564045][ T5172] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 474.607848][ T5172] usb 3-1: config 0 descriptor?? [ 474.633620][ T5172] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 474.934192][T11044] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1380'. [ 475.311552][T11051] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 475.341942][T11051] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 475.414697][ T1801] usb 1-1: USB disconnect, device number 20 [ 475.836561][T11119] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1404'. [ 476.874924][ T1801] usb 3-1: USB disconnect, device number 31 [ 477.691980][T11179] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 478.325801][ T29] audit: type=1326 audit(1720932883.315:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11167 comm="syz.3.1425" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f250f375bd9 code=0x0 [ 478.531554][T11182] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 478.538251][ T5080] Bluetooth: hci0: unexpected event for opcode 0x0c22 [ 478.538578][T11182] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 478.568160][T11182] vhci_hcd vhci_hcd.0: Device attached [ 478.754121][T11188] vhci_hcd: connection closed [ 478.764532][ T12] vhci_hcd: stop threads [ 478.796099][ T12] vhci_hcd: release socket [ 478.814811][ T12] vhci_hcd: disconnect device [ 478.828241][ T9] usb 11-1: new low-speed USB device number 2 using vhci_hcd [ 478.838057][ T9] usb 11-1: enqueue for inactive port 0 [ 478.851819][T11197] tipc: Failed to obtain node identity [ 478.857681][T11197] tipc: Enabling of bearer rejected, failed to enable media [ 478.928676][ T9] vhci_hcd: vhci_device speed not set [ 480.720530][T11256] netlink: 'syz.4.1449': attribute type 21 has an invalid length. [ 480.738258][ T9] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 480.893504][T11263] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1454'. [ 480.958521][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 480.981107][ T9] usb 4-1: config 0 has an invalid interface number: 125 but max is 3 [ 481.040175][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 481.071400][ T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 4 [ 481.096031][ T9] usb 4-1: config 0 has no interface number 0 [ 481.105944][ T9] usb 4-1: config 0 interface 125 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 481.202856][ T9] usb 4-1: config 0 interface 125 has no altsetting 0 [ 481.216207][ T9] usb 4-1: string descriptor 0 read error: -22 [ 481.240728][ T9] usb 4-1: Dual-Role OTG device on HNP port [ 481.265251][ T9] usb 4-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd [ 481.308046][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 481.357824][ T9] usb 4-1: config 0 descriptor?? [ 481.369280][ T9] hub 4-1:0.125: bad descriptor, ignoring hub [ 481.375986][ T9] hub 4-1:0.125: probe with driver hub failed with error -5 [ 481.536315][ T9] usb 4-1: Found UVC 15.ff device (17dc:0202) [ 481.568311][ T9] usb 4-1: No valid video chain found. [ 482.465140][T11243] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 482.500266][T11243] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 482.848441][ T5172] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 482.880857][T11299] syz_tun: entered promiscuous mode [ 482.895909][T11299] syz_tun: left promiscuous mode [ 483.036225][T11302] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1467'. [ 483.062852][ T5172] usb 3-1: Using ep0 maxpacket: 32 [ 483.092010][ T5172] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 483.109312][ T5172] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 483.140908][ T5172] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 483.161034][ T5172] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 483.201666][ T5172] usb 3-1: Product: syz [ 483.220511][ T5172] usb 3-1: Manufacturer: syz [ 483.234946][ T5172] hub 3-1:4.0: USB hub found [ 483.698728][ T5172] hub 3-1:4.0: config failed, can't read hub descriptor (err -22) [ 483.788458][ T5172] usb 3-1: USB disconnect, device number 32 [ 483.966683][T11323] netlink: 'syz.1.1472': attribute type 21 has an invalid length. [ 484.018144][ T25] usb 5-1: new low-speed USB device number 26 using dummy_hcd [ 484.210098][ T25] usb 5-1: config index 0 descriptor too short (expected 1307, got 27) [ 484.230920][ T25] usb 5-1: config 0 has an invalid interface number: 0 but max is -1 [ 484.264408][ T25] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 484.286533][ T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 484.306922][ T25] usb 5-1: string descriptor 0 read error: -22 [ 484.319379][ T25] usb 5-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 484.366012][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.401470][ T5172] usb 4-1: USB disconnect, device number 29 [ 484.414505][ T25] usb 5-1: config 0 descriptor?? [ 484.918320][ T5080] Bluetooth: hci0: command 0x206a tx timeout [ 484.931028][T11319] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 485.082015][ T5092] Bluetooth: hci0: Opcode 0x206a failed: -110 [ 485.094069][ T25] hub 5-1:0.0: bad descriptor, ignoring hub [ 485.102246][ T25] hub 5-1:0.0: probe with driver hub failed with error -5 [ 485.215288][T11338] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 485.248910][ T25] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input12 [ 485.360244][ C0] usb_acecad 5-1:0.0: can't resubmit intr, dummy_hcd.4-1/input0, status -1 [ 485.398901][ T5126] usb 5-1: USB disconnect, device number 26 [ 485.900573][T11365] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1487'. [ 485.921253][T11365] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 487.962703][T11411] IPVS: sync thread started: state = MASTER, mcast_ifn = bond0, syncid = 0, id = 0 [ 487.973407][T11406] IPVS: stopping master sync thread 11411 ... [ 488.009637][T11405] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 488.178719][ T5126] usb 2-1: new low-speed USB device number 18 using dummy_hcd [ 488.346353][T11424] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1508'. [ 488.389967][ T5126] usb 2-1: config index 0 descriptor too short (expected 1307, got 27) [ 488.423642][ T5126] usb 2-1: config 0 has an invalid interface number: 0 but max is -1 [ 488.448161][ T5126] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 488.457240][ T5126] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 is Bulk; changing to Interrupt [ 488.481246][ T5126] usb 2-1: string descriptor 0 read error: -22 [ 488.494075][ T5126] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de [ 488.515101][ T5126] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 488.536575][ T5126] usb 2-1: config 0 descriptor?? [ 488.549032][T11408] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 488.574431][ T5126] hub 2-1:0.0: bad descriptor, ignoring hub [ 488.597468][ T5126] hub 2-1:0.0: probe with driver hub failed with error -5 [ 488.633945][ T5126] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input13 [ 488.875483][ T5126] usb 2-1: USB disconnect, device number 18 [ 490.158521][T11482] netlink: 'syz.1.1526': attribute type 21 has an invalid length. [ 490.298371][ T5126] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 490.508198][ T5126] usb 4-1: Using ep0 maxpacket: 8 [ 490.527514][ T5126] usb 4-1: config 0 has an invalid interface number: 125 but max is 3 [ 490.558478][ T5126] usb 4-1: config 0 has an invalid interface number: 162 but max is 3 [ 490.592527][ T5126] usb 4-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 490.627738][ T5126] usb 4-1: config 0 has 2 interfaces, different from the descriptor's value: 4 [ 490.647157][ T5126] usb 4-1: config 0 has no interface number 0 [ 490.696693][ T5126] usb 4-1: config 0 has no interface number 1 [ 490.738403][ T5126] usb 4-1: config 0 interface 125 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 490.765489][ T5126] usb 4-1: config 0 interface 125 altsetting 2 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 490.898409][ T5126] usb 4-1: config 0 interface 162 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 10 [ 490.931992][ T5126] usb 4-1: config 0 interface 125 has no altsetting 0 [ 490.940433][ T5126] usb 4-1: config 0 interface 162 has no altsetting 0 [ 490.950235][ T5126] usb 4-1: string descriptor 0 read error: -22 [ 490.978485][ T5126] usb 4-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd [ 491.002297][ T5126] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 491.029328][ T5126] usb 4-1: config 0 descriptor?? [ 491.046266][ T5126] hub 4-1:0.125: bad descriptor, ignoring hub [ 491.065067][ T5126] hub 4-1:0.125: probe with driver hub failed with error -5 [ 491.099437][ T5126] usb 4-1: Found UVC 15.ff device (17dc:0202) [ 491.123280][ T5126] usb 4-1: No valid video chain found. [ 491.159138][ T5126] hub 4-1:0.162: bad descriptor, ignoring hub [ 491.173734][ T5126] hub 4-1:0.162: probe with driver hub failed with error -5 [ 491.286390][T11480] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 491.307789][T11501] 9pnet_virtio: no channels available for device syz [ 491.315281][T11480] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 491.673265][T11511] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 491.857444][T11511] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 491.927307][ T784] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 491.951494][ T784] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 491.969409][T11511] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 491.979538][ T130] wlan1: authenticated [ 491.990375][ T1037] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 492.056992][ T1037] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 492.067823][T11511] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 492.089475][ T1037] wlan1: associated [ 493.112643][T11533] netlink: 'syz.4.1546': attribute type 6 has an invalid length. [ 493.192333][T11533] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1546'. [ 493.212528][ T5172] usb 4-1: USB disconnect, device number 30 [ 493.256398][T11543] 9pnet_virtio: no channels available for device syz [ 494.893850][T11563] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 495.246078][T11563] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 495.333208][T11563] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 495.438142][T11563] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 496.151026][T11590] block nbd4: shutting down sockets [ 501.512541][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.518901][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.568726][ T1801] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 501.939963][ T1801] usb 4-1: New USB device found, idVendor=07ca, idProduct=a835, bcdDevice=21.fa [ 501.957122][ T1801] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 502.217697][ T1801] usb 4-1: config 0 descriptor?? [ 502.455894][T11620] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 502.568775][T11620] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 503.538335][ T1801] usb 4-1: string descriptor 0 read error: -71 [ 503.647701][ T1801] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 503.689080][ T1801] dvb_usb_af9035 4-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 503.782033][ T1801] usb 4-1: USB disconnect, device number 31 [ 505.519373][T11682] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1589'. [ 507.593579][T11698] syz_tun: entered promiscuous mode [ 507.624413][T11698] syz_tun: left promiscuous mode [ 507.680788][T11713] block nbd1: shutting down sockets [ 508.178831][ T5172] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 509.239845][ T5172] usb 1-1: Using ep0 maxpacket: 8 [ 509.251356][ T5172] usb 1-1: config 0 has an invalid interface number: 125 but max is 3 [ 509.266560][ T5172] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 509.292009][T11728] 9pnet_fd: Insufficient options for proto=fd [ 509.319072][ T5172] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 4 [ 509.349982][ T5172] usb 1-1: config 0 has no interface number 0 [ 509.356125][ T5172] usb 1-1: config 0 interface 125 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 509.392419][ T5172] usb 1-1: config 0 interface 125 has no altsetting 0 [ 509.396226][ T5172] usb 1-1: string descriptor 0 read error: -22 [ 509.399619][ T5172] usb 1-1: Dual-Role OTG device on HNP port [ 509.418120][ T5172] usb 1-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd [ 509.418157][ T5172] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 509.421102][ T5172] usb 1-1: config 0 descriptor?? [ 509.422646][ T5172] hub 1-1:0.125: bad descriptor, ignoring hub [ 509.422666][ T5172] hub 1-1:0.125: probe with driver hub failed with error -5 [ 509.423716][ T5172] usb 1-1: Found UVC 15.ff device (17dc:0202) [ 509.423736][ T5172] usb 1-1: No valid video chain found. [ 509.598750][T11734] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1605'. [ 509.658187][T11712] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 509.681296][T11712] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 510.258193][ T5172] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 511.884188][ T5172] usb 5-1: Using ep0 maxpacket: 32 [ 511.924419][ T5172] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 511.994264][ T5172] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 512.063928][ T5172] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 512.104344][ T5172] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 512.152441][ T5172] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 512.187912][ T5172] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 512.274226][ T5172] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 512.298144][ T5172] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 512.306233][ T5172] usb 5-1: Product: syz [ 512.328694][ T5126] usb 1-1: USB disconnect, device number 21 [ 512.396569][ T5172] usb 5-1: Manufacturer: syz [ 512.420136][ T5172] usb 5-1: SerialNumber: syz [ 512.434248][ T5092] Bluetooth: hci4: SCO packet for unknown connection handle 0 [ 512.650508][ T5172] cdc_ncm 5-1:1.0: bind() failure [ 512.670065][ T5172] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 512.677383][ T5172] cdc_ncm 5-1:1.1: bind() failure [ 512.699711][ T5172] usb 5-1: USB disconnect, device number 27 [ 515.288411][T11806] 9pnet_virtio: no channels available for device syz [ 516.753785][T11828] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 517.891518][ T29] audit: type=1326 audit(1720932923.485:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11818 comm="syz.1.1632" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f73e2b75bd9 code=0x0 [ 518.893001][T11858] 9pnet_virtio: no channels available for device syz [ 521.215884][T11882] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 521.395914][ T29] audit: type=1326 audit(1720932926.945:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11874 comm="syz.1.1649" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f73e2b75bd9 code=0x0 [ 522.378545][T11902] 9pnet_virtio: no channels available for device syz [ 522.858800][ T5092] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 522.867570][ T5092] Bluetooth: hci4: Injecting HCI hardware error event [ 522.876244][ T5092] Bluetooth: hci4: hardware error 0x00 [ 523.738492][T11923] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 524.132211][T11928] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1661'. [ 524.178136][ T5126] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 524.392465][ T5126] usb 5-1: New USB device found, idVendor=07ca, idProduct=a835, bcdDevice=21.fa [ 524.404094][ T5126] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.444908][ T5126] usb 5-1: config 0 descriptor?? [ 524.528238][ T5127] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 524.671260][T11917] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 524.692236][T11917] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 524.719333][ T5127] usb 2-1: Using ep0 maxpacket: 8 [ 524.761229][ T5127] usb 2-1: config 0 has an invalid interface number: 125 but max is 3 [ 524.794795][ T5126] usb 5-1: string descriptor 0 read error: -71 [ 524.814589][ T5127] usb 2-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 524.828731][ T5126] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 524.843373][ T5127] usb 2-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 524.858191][ T5126] dvb_usb_af9035 5-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 524.886230][ T5127] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 4 [ 524.901181][ T5126] usb 5-1: USB disconnect, device number 28 [ 524.907547][ T5127] usb 2-1: config 0 has no interface number 0 [ 524.938571][ T5092] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 524.954820][ T5127] usb 2-1: config 0 interface 125 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 524.969559][ T5127] usb 2-1: config 0 interface 125 has no altsetting 0 [ 525.005614][ T5127] usb 2-1: string descriptor 0 read error: -22 [ 525.024788][ T5127] usb 2-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd [ 525.043706][ T5127] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 525.085937][ T5127] usb 2-1: config 0 descriptor?? [ 525.110770][ T5127] hub 2-1:0.125: bad descriptor, ignoring hub [ 525.116928][ T5127] hub 2-1:0.125: probe with driver hub failed with error -5 [ 525.156091][ T5127] usb 2-1: Found UVC 15.ff device (17dc:0202) [ 525.169575][ T5127] usb 2-1: No valid video chain found. [ 525.211269][T11951] 9pnet_virtio: no channels available for device syz [ 525.331312][T11937] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 525.362152][T11937] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 526.144680][T11959] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 526.320063][T11966] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1675'. [ 528.128309][ T9] usb 2-1: USB disconnect, device number 19 [ 529.232142][T12010] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 529.596939][T12016] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1688'. [ 529.765562][ T5092] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 529.798107][ T1801] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 530.044803][ T1801] usb 1-1: New USB device found, idVendor=07ca, idProduct=a835, bcdDevice=21.fa [ 530.132780][ T1801] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.178926][ T1801] usb 1-1: config 0 descriptor?? [ 530.421021][T12012] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 530.445034][T12012] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 530.509254][ T1801] usb 1-1: string descriptor 0 read error: -71 [ 530.529516][ T1801] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 530.537137][ T1801] dvb_usb_af9035 1-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 530.732338][ T1801] usb 1-1: USB disconnect, device number 22 [ 531.668631][T12053] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 533.189891][T12076] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 533.237293][T12079] 9pnet_virtio: no channels available for device syz [ 533.315770][T12076] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 534.157849][ T5126] libceph: connect (1)[c::]:6789 error -101 [ 534.170926][ T5126] libceph: mon0 (1)[c::]:6789 connect error [ 534.400791][T12091] ceph: No mds server is up or the cluster is laggy [ 535.568282][ T9] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 535.710560][T12114] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1718'. [ 535.770120][ T9] usb 4-1: New USB device found, idVendor=07ca, idProduct=a835, bcdDevice=21.fa [ 535.783781][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 535.806865][ T9] usb 4-1: config 0 descriptor?? [ 535.959234][T12120] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 536.007401][T12124] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 536.065020][T12102] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 536.118584][T12102] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 536.142415][T12120] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 536.330612][ T9] usb 4-1: string descriptor 0 read error: -71 [ 536.339367][ T9] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 536.345922][ T9] dvb_usb_af9035 4-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 536.371456][ T9] usb 4-1: USB disconnect, device number 32 [ 536.496980][T12120] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 536.794541][T12120] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 537.856373][T12137] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 537.950580][T12135] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 537.993515][T12141] syz_tun: entered promiscuous mode [ 538.002568][T12141] syz_tun: left promiscuous mode [ 538.050048][T12135] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 538.779736][T12156] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1730'. [ 538.859493][ T5092] block nbd1: Receive control failed (result -32) [ 538.877732][T12142] block nbd1: shutting down sockets [ 540.050194][T12174] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 540.477156][T12179] syz_tun: entered promiscuous mode [ 541.242792][T12179] syz_tun: left promiscuous mode [ 543.026325][T12206] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1743'. [ 543.098893][T12207] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 543.178930][T12207] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 544.075708][T12223] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 548.106586][ T5092] block nbd0: Receive control failed (result -32) [ 548.161909][T12225] block nbd0: shutting down sockets [ 548.411332][T12247] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1756'. [ 549.562160][T12265] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 554.764273][ T5080] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 554.787650][ T5080] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 554.797334][ T5080] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 554.811104][ T5080] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 554.823110][ T5080] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 554.832139][ T5080] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 554.940988][T12298] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1768'. [ 556.065340][T12315] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 556.126625][T12300] chnl_net:caif_netlink_parms(): no params data found [ 556.365464][ T5126] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 559.174655][ T5080] Bluetooth: hci5: command tx timeout [ 559.391061][ C1] raw-gadget.0 gadget.1: ignoring, device is not running [ 559.417690][ C1] raw-gadget.0 gadget.1: ignoring, device is not running [ 559.425911][ T5126] usb 2-1: device descriptor read/all, error -71 [ 559.437354][T12300] bridge0: port 1(bridge_slave_0) entered blocking state [ 559.464748][T12300] bridge0: port 1(bridge_slave_0) entered disabled state [ 559.491351][T12300] bridge_slave_0: entered allmulticast mode [ 559.525646][T12300] bridge_slave_0: entered promiscuous mode [ 560.338695][T12341] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 560.410969][T12300] bridge0: port 2(bridge_slave_1) entered blocking state [ 560.437549][T12300] bridge0: port 2(bridge_slave_1) entered disabled state [ 560.488382][T12300] bridge_slave_1: entered allmulticast mode [ 560.508649][T12300] bridge_slave_1: entered promiscuous mode [ 560.573381][T12350] 9pnet_fd: Insufficient options for proto=fd [ 560.775567][T12300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 560.895083][T12300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 561.142828][T12300] team0: Port device team_slave_0 added [ 561.358120][ T5080] Bluetooth: hci5: command tx timeout [ 561.913854][T12364] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 562.000570][T12300] team0: Port device team_slave_1 added [ 563.048542][ T1249] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.054886][ T1249] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.281796][T12300] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 563.293714][T12300] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 563.324027][T12300] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 563.345240][T12300] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 563.356024][T12300] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 563.399090][T12300] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 563.422624][ T5080] Bluetooth: hci5: command tx timeout [ 565.498139][ T5080] Bluetooth: hci5: command tx timeout [ 566.804327][T12300] hsr_slave_0: entered promiscuous mode [ 566.822463][T12300] hsr_slave_1: entered promiscuous mode [ 566.867797][T12300] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 566.889575][T12300] Cannot create hsr debugfs directory [ 567.938403][ T29] audit: type=1326 audit(1720932972.865:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12390 comm="syz.2.1791" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe802775bd9 code=0x0 [ 568.249598][T12398] 9pnet_fd: Insufficient options for proto=fd [ 569.248129][T12408] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 570.570566][T12300] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 570.865659][T12300] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 571.026521][T12300] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 572.018272][ T29] audit: type=1326 audit(1720932976.975:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12439 comm="syz.2.1803" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe802775bd9 code=0x0 [ 572.269634][T12300] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 573.195926][T12450] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 573.418169][T12456] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 574.102408][T12456] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 574.255272][T12464] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 574.291116][T12456] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 574.410182][T12300] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 574.455683][T12300] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 574.476938][T12300] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 574.497682][T12300] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 574.773502][T12474] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 574.794940][ T29] audit: type=1326 audit(1720932980.395:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12468 comm="syz.3.1810" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f250f375bd9 code=0x0 [ 575.665936][T12300] 8021q: adding VLAN 0 to HW filter on device bond0 [ 575.775532][T12300] 8021q: adding VLAN 0 to HW filter on device team0 [ 575.861451][ T5127] bridge0: port 1(bridge_slave_0) entered blocking state [ 575.868690][ T5127] bridge0: port 1(bridge_slave_0) entered forwarding state [ 576.006163][ T1801] bridge0: port 2(bridge_slave_1) entered blocking state [ 576.013536][ T1801] bridge0: port 2(bridge_slave_1) entered forwarding state [ 576.301496][T12487] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1816'. [ 576.331791][T12494] 9pnet_fd: Insufficient options for proto=fd [ 577.119064][T12300] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 577.168792][ T5079] usb 2-1: new full-speed USB device number 22 using dummy_hcd [ 577.272177][T12300] veth0_vlan: entered promiscuous mode [ 577.289884][T12300] veth1_vlan: entered promiscuous mode [ 577.342599][T12300] veth0_macvtap: entered promiscuous mode [ 577.371844][ T5079] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 577.389864][T12300] veth1_macvtap: entered promiscuous mode [ 577.403482][ T5079] usb 2-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 577.418199][ T784] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 577.436997][ T5079] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 577.452923][T12300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 577.464232][ T5079] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 577.476461][ T5079] usb 2-1: SerialNumber: syz [ 577.481845][T12300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 577.504809][T12300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 577.521583][T12300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 577.542064][ T5079] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22 [ 577.560042][ T5079] usb-storage 2-1:1.0: USB Mass Storage device detected [ 577.565437][T12300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 577.604247][T12300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 577.607491][ T5079] usb-storage 2-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 577.647353][T12300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 577.665462][ T784] usb 3-1: Using ep0 maxpacket: 32 [ 577.668028][T12300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 577.672418][ T784] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 577.700412][T12300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 577.701788][ T784] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 577.725008][T12300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 577.749334][T12300] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 577.753035][T12504] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 577.784030][T12504] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 577.833285][ T784] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 577.833957][T12300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 577.856288][ T5079] usb 2-1: USB disconnect, device number 22 [ 577.881622][T12300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 577.907514][ T784] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 577.935063][T12300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 577.955459][ T784] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 577.957203][T12300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 577.976293][T12300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 577.993208][T12300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.004285][T12300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 578.015688][T12300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.026781][T12300] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 578.040732][T12300] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 578.062932][ T784] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 578.063304][T12300] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 578.123137][ T5080] block nbd4: Receive control failed (result -32) [ 578.144649][T12300] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.156274][ T784] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 578.165638][ T784] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.173762][ T784] usb 3-1: Product: syz [ 578.181488][T12532] block nbd4: shutting down sockets [ 578.186995][ T784] usb 3-1: Manufacturer: syz [ 578.192379][ T784] usb 3-1: SerialNumber: syz [ 578.205255][T12300] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.214314][T12300] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.226163][T12300] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 578.408710][ T784] cdc_ncm 3-1:1.0: bind() failure [ 578.456606][ T784] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 578.478177][ T784] cdc_ncm 3-1:1.1: bind() failure [ 578.512560][ T784] usb 3-1: USB disconnect, device number 33 [ 578.523830][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 578.576692][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 578.614274][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 578.642807][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 578.656144][T12541] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1827'. [ 578.694782][ T5080] Bluetooth: hci0: unexpected event for opcode 0x203d [ 578.780012][T12548] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 578.886962][T12548] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 580.411338][ T5079] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 580.678234][ T5079] usb 4-1: Using ep0 maxpacket: 8 [ 580.713351][ T5079] usb 4-1: config 0 has an invalid interface number: 125 but max is 3 [ 580.745839][ T5079] usb 4-1: config 0 has an invalid interface number: 162 but max is 3 [ 580.763753][ T5079] usb 4-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 580.865299][ T5079] usb 4-1: config 0 has 2 interfaces, different from the descriptor's value: 4 [ 580.910069][ T5079] usb 4-1: config 0 has no interface number 0 [ 580.929372][ T5079] usb 4-1: config 0 has no interface number 1 [ 580.935990][ T5079] usb 4-1: config 0 interface 125 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 580.975063][ T5079] usb 4-1: config 0 interface 125 altsetting 2 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 581.050324][ T5079] usb 4-1: config 0 interface 162 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 10 [ 581.109310][ T5079] usb 4-1: config 0 interface 125 has no altsetting 0 [ 581.116729][ T5079] usb 4-1: config 0 interface 162 has no altsetting 0 [ 581.124425][ T5079] usb 4-1: string descriptor 0 read error: -22 [ 581.152982][ T5079] usb 4-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd [ 581.189205][ T5079] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 581.261839][ T5079] usb 4-1: config 0 descriptor?? [ 581.275330][ T5079] hub 4-1:0.125: bad descriptor, ignoring hub [ 581.287207][T12584] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1840'. [ 581.308891][ T5079] hub 4-1:0.125: probe with driver hub failed with error -5 [ 581.329496][ T5079] usb 4-1: Found UVC 15.ff device (17dc:0202) [ 581.336466][ T5079] usb 4-1: No valid video chain found. [ 581.402822][ T5079] hub 4-1:0.162: bad descriptor, ignoring hub [ 581.422028][ T5079] hub 4-1:0.162: probe with driver hub failed with error -5 [ 581.479224][T12572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 581.519441][T12572] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 581.640488][T12602] qrtr: Invalid version 48 [ 581.712899][T12602] ip6t_srh: unknown srh match flags 4000 [ 582.318351][ T5079] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 582.609764][ T5079] usb 5-1: New USB device found, idVendor=07ca, idProduct=a835, bcdDevice=21.fa [ 582.701254][T12624] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 583.283760][ T5080] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 583.293391][ T5080] Bluetooth: hci0: Injecting HCI hardware error event [ 583.303627][ T5092] Bluetooth: hci0: hardware error 0x00 [ 583.340125][ T5079] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 583.380657][ T5079] usb 5-1: config 0 descriptor?? [ 583.548706][ T784] usb 4-1: USB disconnect, device number 33 [ 583.619831][T12614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 583.677794][T12614] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 583.779781][ T5079] usb 5-1: string descriptor 0 read error: -71 [ 583.827214][ T5079] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 583.872081][ T5079] dvb_usb_af9035 5-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 583.937907][ T5079] usb 5-1: USB disconnect, device number 29 [ 584.309543][ T5080] Bluetooth: hci5: SCO packet for unknown connection handle 0 [ 584.402729][T12642] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1855'. [ 584.664951][T12652] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1858'. [ 585.225521][T12663] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 585.338192][ T5092] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 585.518114][ T5127] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 585.558254][T12663] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 586.354476][ T29] audit: type=1326 audit(1720932991.235:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12665 comm="syz.2.1863" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe802775bd9 code=0x0 [ 586.480503][ T5127] usb 5-1: Using ep0 maxpacket: 8 [ 586.509530][ T5127] usb 5-1: config 0 has an invalid interface number: 125 but max is 3 [ 586.528495][ T5127] usb 5-1: config 0 has an invalid interface number: 162 but max is 3 [ 586.540386][ T5127] usb 5-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 586.557805][ T5127] usb 5-1: config 0 has 2 interfaces, different from the descriptor's value: 4 [ 586.567796][ T5127] usb 5-1: config 0 has no interface number 0 [ 586.579027][ T5127] usb 5-1: config 0 has no interface number 1 [ 586.585709][ T5127] usb 5-1: config 0 interface 125 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 586.601057][ T5127] usb 5-1: config 0 interface 125 altsetting 2 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 586.616359][ T5127] usb 5-1: config 0 interface 162 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 10 [ 586.635585][ T5127] usb 5-1: config 0 interface 125 has no altsetting 0 [ 586.651829][ T5127] usb 5-1: config 0 interface 162 has no altsetting 0 [ 586.662779][ T5127] usb 5-1: string descriptor 0 read error: -22 [ 586.673844][ T5127] usb 5-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd [ 586.685747][ T5127] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 586.774371][ T5127] usb 5-1: config 0 descriptor?? [ 586.815344][ T5127] hub 5-1:0.125: bad descriptor, ignoring hub [ 586.830452][ T5127] hub 5-1:0.125: probe with driver hub failed with error -5 [ 586.850988][ T5127] usb 5-1: Found UVC 15.ff device (17dc:0202) [ 586.897548][ T5127] usb 5-1: No valid video chain found. [ 586.921497][ T5127] hub 5-1:0.162: bad descriptor, ignoring hub [ 586.951820][ T5127] hub 5-1:0.162: probe with driver hub failed with error -5 [ 587.013880][T12664] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 587.043091][T12664] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 587.438249][T12683] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1870'. [ 587.623505][T12687] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1871'. [ 588.868385][ T5127] usb 5-1: USB disconnect, device number 30 [ 588.896170][ T5092] block nbd0: Receive control failed (result -32) [ 588.903019][T12685] block nbd0: shutting down sockets [ 589.104208][T12709] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 589.184820][T12712] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 589.275743][T12709] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 589.330170][T12712] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 590.331230][T12721] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 590.494599][T12724] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1882'. [ 590.755722][ T5079] libceph: connect (1)[c::]:6789 error -101 [ 590.768732][ T5079] libceph: mon0 (1)[c::]:6789 connect error [ 591.446886][T12730] ceph: No mds server is up or the cluster is laggy [ 591.464386][ T5079] libceph: connect (1)[c::]:6789 error -101 [ 591.500676][ T5079] libceph: mon0 (1)[c::]:6789 connect error [ 591.618910][T12733] qrtr: Invalid version 48 [ 591.643501][T12733] ip6t_srh: unknown srh match flags 4000 [ 591.924781][T12743] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000) [ 592.579560][ T5125] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 592.652442][ T5092] Bluetooth: hci5: SCO packet for unknown connection handle 0 [ 592.958335][ T5125] usb 4-1: Using ep0 maxpacket: 8 [ 592.975579][ T5125] usb 4-1: config 0 has an invalid interface number: 125 but max is 3 [ 593.230644][ T5125] usb 4-1: config 0 has an invalid interface number: 162 but max is 3 [ 593.240442][ T5125] usb 4-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 593.335718][ T5125] usb 4-1: config 0 has 2 interfaces, different from the descriptor's value: 4 [ 593.387916][ T5125] usb 4-1: config 0 has no interface number 0 [ 593.423209][ T5079] libceph: connect (1)[c::]:6789 error -22 [ 593.428779][ T5125] usb 4-1: config 0 has no interface number 1 [ 593.435454][ T5125] usb 4-1: config 0 interface 125 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 593.438377][ T5079] libceph: mon0 (1)[c::]:6789 connect error [ 593.452452][ T5125] usb 4-1: config 0 interface 125 altsetting 2 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 593.452510][ T5125] usb 4-1: config 0 interface 162 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 10 [ 593.452536][ T5125] usb 4-1: config 0 interface 125 has no altsetting 0 [ 593.452555][ T5125] usb 4-1: config 0 interface 162 has no altsetting 0 [ 593.453441][ T5125] usb 4-1: string descriptor 0 read error: -22 [ 593.606880][ T5125] usb 4-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd [ 593.620078][T12765] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1894'. [ 593.639733][ T5125] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 593.749057][ T5125] usb 4-1: config 0 descriptor?? [ 593.769954][ T5079] libceph: connect (1)[c::]:6789 error -22 [ 593.779008][ T5125] hub 4-1:0.125: bad descriptor, ignoring hub [ 593.779355][ T5079] libceph: mon0 (1)[c::]:6789 connect error [ 593.815446][ T5125] hub 4-1:0.125: probe with driver hub failed with error -5 [ 593.903936][ T5125] usb 4-1: Found UVC 15.ff device (17dc:0202) [ 593.951499][ T5125] usb 4-1: No valid video chain found. [ 593.995456][T12739] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 594.002653][T12769] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 594.014528][ T5125] hub 4-1:0.162: bad descriptor, ignoring hub [ 594.033393][T12739] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 594.039769][ T5125] hub 4-1:0.162: probe with driver hub failed with error -5 [ 594.174617][T12761] ceph: No mds server is up or the cluster is laggy [ 594.217490][T12769] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 595.530416][T12790] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 595.639446][T12790] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 595.809449][ T5092] Bluetooth: hci5: SCO packet for unknown connection handle 0 [ 596.273064][T12809] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1906'. [ 596.528472][ T5126] usb 4-1: USB disconnect, device number 34 [ 596.785590][T12819] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1909'. [ 597.886615][T12829] qrtr: Invalid version 48 [ 597.935365][T12829] ip6t_srh: unknown srh match flags 4000 [ 599.982905][T12836] qrtr: Invalid version 48 [ 600.085052][T12836] ip6t_srh: unknown srh match flags 4000 [ 600.304669][T12848] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 600.524094][T12848] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 601.343480][ T29] audit: type=1326 audit(1720933006.235:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12849 comm="syz.1.1919" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f73e2b75bd9 code=0x0 [ 601.654261][T12871] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 601.783026][T12871] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 601.804650][T12871] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 601.882685][T12871] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 602.703080][T12889] qrtr: Invalid version 48 [ 602.763332][T12889] ip6t_srh: unknown srh match flags 4000 [ 603.095614][ T5092] Bluetooth: hci5: SCO packet for unknown connection handle 0 [ 604.039316][ T11] bridge_slave_1: left allmulticast mode [ 604.085750][ T11] bridge_slave_1: left promiscuous mode [ 604.104260][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 604.114607][ T11] bridge_slave_0: left allmulticast mode [ 604.122565][ T11] bridge_slave_0: left promiscuous mode [ 604.131625][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 604.141525][ T5127] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 604.261131][T12909] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 604.341704][ T5127] usb 2-1: New USB device found, idVendor=07ca, idProduct=a835, bcdDevice=21.fa [ 604.363164][T12913] 9pnet_virtio: no channels available for device syz [ 604.366669][ T5127] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 604.387396][T12909] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 604.436861][ T5127] usb 2-1: config 0 descriptor?? [ 604.665036][T12897] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 604.709256][T12897] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 604.769075][ T5127] usb 2-1: string descriptor 0 read error: -71 [ 604.797386][ T5127] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 604.827478][ T5127] dvb_usb_af9035 2-1:0.0: probe with driver dvb_usb_af9035 failed with error -22 [ 604.859590][ T5127] usb 2-1: USB disconnect, device number 23 [ 605.038187][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 605.062416][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 605.080177][ T11] bond0 (unregistering): Released all slaves [ 605.199181][ T11] tipc: Left network mode [ 605.258854][T12931] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1942'. [ 605.293096][ T11] ------------[ cut here ]------------ [ 605.299564][ T11] WARNING: CPU: 0 PID: 11 at net/mac80211/iface.c:515 ieee80211_do_stop+0x18d2/0x1ec0 [ 605.309353][ T11] Modules linked in: [ 605.313258][ T11] CPU: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 605.323432][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 605.333979][ T11] Workqueue: netns cleanup_net [ 605.339329][ T11] RIP: 0010:ieee80211_do_stop+0x18d2/0x1ec0 [ 605.345257][ T11] Code: fd ff ff e8 a0 9a a7 f6 4c 89 ef e8 f8 45 0c 00 48 8b 5c 24 60 e9 9f fd ff ff e8 89 9a a7 f6 e9 95 fd ff ff e8 7f 9a a7 f6 90 <0f> 0b 90 e9 e9 ea ff ff e8 71 9a a7 f6 90 43 0f b6 04 27 84 c0 0f [ 605.365135][ T11] RSP: 0018:ffffc90000107380 EFLAGS: 00010293 [ 605.371311][ T11] RAX: ffffffff8aee8cb1 RBX: 0000000000000002 RCX: ffff8880176b3c00 [ 605.379347][ T11] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 605.387321][ T11] RBP: ffffc900001074e8 R08: ffffffff8aee7790 R09: 1ffffffff1f58d25 [ 605.395378][ T11] R10: dffffc0000000000 R11: fffffbfff1f58d26 R12: dffffc0000000000 [ 605.403558][ T11] R13: ffff88806c808e20 R14: 0000000000000001 R15: ffff88802a436750 [ 605.411619][ T11] FS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 605.420787][ T11] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 605.427387][ T11] CR2: 000000110c3a7ba5 CR3: 000000006d6fc000 CR4: 00000000003506f0 [ 605.435814][ T11] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 605.444074][ T11] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 605.452184][ T11] Call Trace: [ 605.455465][ T11] [ 605.458434][ T11] ? __warn+0x163/0x4e0 [ 605.462592][ T11] ? ieee80211_do_stop+0x18d2/0x1ec0 [ 605.467917][ T11] ? report_bug+0x2b3/0x500 [ 605.472497][ T11] ? ieee80211_do_stop+0x18d2/0x1ec0 [ 605.477798][ T11] ? handle_bug+0x3e/0x70 [ 605.482237][ T11] ? exc_invalid_op+0x1a/0x50 [ 605.486932][ T11] ? asm_exc_invalid_op+0x1a/0x20 [ 605.492043][ T11] ? ieee80211_do_stop+0x3b0/0x1ec0 [ 605.497260][ T11] ? ieee80211_do_stop+0x18d1/0x1ec0 [ 605.502645][ T11] ? ieee80211_do_stop+0x18d2/0x1ec0 [ 605.508013][ T11] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 605.514373][ T11] ? __pfx_ieee80211_do_stop+0x10/0x10 [ 605.519934][ T11] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 605.526289][ T11] ? wiphy_work_cancel+0x15c/0x1f0 [ 605.531496][ T11] ieee80211_stop+0x436/0x4a0 [ 605.536598][ T11] ? __pfx_ieee80211_stop+0x10/0x10 [ 605.542254][ T11] __dev_close_many+0x219/0x300 [ 605.547131][ T11] ? __pfx___dev_close_many+0x10/0x10 [ 605.552657][ T11] dev_close_many+0x24e/0x4c0 [ 605.557383][ T11] ? __pfx_lock_acquire+0x10/0x10 [ 605.562532][ T11] ? __pfx_dev_close_many+0x10/0x10 [ 605.567749][ T11] ? __pfx_lock_release+0x10/0x10 [ 605.572841][ T11] ? do_raw_spin_lock+0x14f/0x370 [ 605.577907][ T11] dev_close+0x1c0/0x2c0 [ 605.582306][ T11] ? do_raw_spin_unlock+0x13c/0x8b0 [ 605.587532][ T11] ? __pfx_dev_close+0x10/0x10 [ 605.592440][ T11] cfg80211_shutdown_all_interfaces+0xbb/0x1d0 [ 605.598102][ T5127] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 605.598679][ T11] ieee80211_remove_interfaces+0x106/0x700 [ 605.612015][ T11] ? __pfx___mutex_lock+0x10/0x10 [ 605.617048][ T11] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 605.622975][ T11] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 605.629343][ T11] ieee80211_unregister_hw+0x5d/0x2c0 [ 605.634716][ T11] mac80211_hwsim_del_radio+0x2c2/0x4c0 [ 605.640719][ T11] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 605.646806][ T11] hwsim_exit_net+0x5c1/0x670 [ 605.651810][ T11] ? __pfx_hwsim_exit_net+0x10/0x10 [ 605.657023][ T11] ? __ip_vs_dev_cleanup_batch+0x239/0x260 [ 605.663027][ T11] cleanup_net+0x802/0xcc0 [ 605.667453][ T11] ? __pfx_cleanup_net+0x10/0x10 [ 605.672414][ T11] ? process_scheduled_works+0x945/0x1830 [ 605.678156][ T11] process_scheduled_works+0xa2c/0x1830 [ 605.683710][ T11] ? __pfx_process_scheduled_works+0x10/0x10 [ 605.689742][ T11] ? assign_work+0x364/0x3d0 [ 605.694327][ T11] worker_thread+0x86d/0xd50 [ 605.698988][ T11] ? __kthread_parkme+0x169/0x1d0 [ 605.704055][ T11] ? __pfx_worker_thread+0x10/0x10 [ 605.709225][ T11] kthread+0x2f0/0x390 [ 605.713314][ T11] ? __pfx_worker_thread+0x10/0x10 [ 605.718521][ T11] ? __pfx_kthread+0x10/0x10 [ 605.723124][ T11] ret_from_fork+0x4b/0x80 [ 605.727531][ T11] ? __pfx_kthread+0x10/0x10 [ 605.732183][ T11] ret_from_fork_asm+0x1a/0x30 [ 605.736971][ T11] [ 605.740408][ T11] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 605.747677][ T11] CPU: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.10.0-rc7-syzkaller-00256-gd0d0cd380055 #0 [ 605.757742][ T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 605.767795][ T11] Workqueue: netns cleanup_net [ 605.772585][ T11] Call Trace: [ 605.775894][ T11] [ 605.778819][ T11] dump_stack_lvl+0x241/0x360 [ 605.783548][ T11] ? __pfx_dump_stack_lvl+0x10/0x10 [ 605.788756][ T11] ? __pfx__printk+0x10/0x10 [ 605.793345][ T11] ? vscnprintf+0x5d/0x90 [ 605.797671][ T11] panic+0x349/0x860 [ 605.801581][ T11] ? __warn+0x172/0x4e0 [ 605.805731][ T11] ? __pfx_panic+0x10/0x10 [ 605.810150][ T11] ? ret_from_fork_asm+0x1a/0x30 [ 605.815096][ T11] __warn+0x346/0x4e0 [ 605.819074][ T11] ? ieee80211_do_stop+0x18d2/0x1ec0 [ 605.824352][ T11] report_bug+0x2b3/0x500 [ 605.828688][ T11] ? ieee80211_do_stop+0x18d2/0x1ec0 [ 605.833959][ T11] handle_bug+0x3e/0x70 [ 605.838099][ T11] exc_invalid_op+0x1a/0x50 [ 605.842674][ T11] asm_exc_invalid_op+0x1a/0x20 [ 605.847511][ T11] RIP: 0010:ieee80211_do_stop+0x18d2/0x1ec0 [ 605.853388][ T11] Code: fd ff ff e8 a0 9a a7 f6 4c 89 ef e8 f8 45 0c 00 48 8b 5c 24 60 e9 9f fd ff ff e8 89 9a a7 f6 e9 95 fd ff ff e8 7f 9a a7 f6 90 <0f> 0b 90 e9 e9 ea ff ff e8 71 9a a7 f6 90 43 0f b6 04 27 84 c0 0f [ 605.872998][ T11] RSP: 0018:ffffc90000107380 EFLAGS: 00010293 [ 605.879052][ T11] RAX: ffffffff8aee8cb1 RBX: 0000000000000002 RCX: ffff8880176b3c00 [ 605.887006][ T11] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 605.894963][ T11] RBP: ffffc900001074e8 R08: ffffffff8aee7790 R09: 1ffffffff1f58d25 [ 605.902922][ T11] R10: dffffc0000000000 R11: fffffbfff1f58d26 R12: dffffc0000000000 [ 605.910894][ T11] R13: ffff88806c808e20 R14: 0000000000000001 R15: ffff88802a436750 [ 605.918885][ T11] ? ieee80211_do_stop+0x3b0/0x1ec0 [ 605.924082][ T11] ? ieee80211_do_stop+0x18d1/0x1ec0 [ 605.929396][ T11] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 605.935715][ T11] ? __pfx_ieee80211_do_stop+0x10/0x10 [ 605.941187][ T11] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 605.947507][ T11] ? wiphy_work_cancel+0x15c/0x1f0 [ 605.952609][ T11] ieee80211_stop+0x436/0x4a0 [ 605.957273][ T11] ? __pfx_ieee80211_stop+0x10/0x10 [ 605.962477][ T11] __dev_close_many+0x219/0x300 [ 605.967316][ T11] ? __pfx___dev_close_many+0x10/0x10 [ 605.972680][ T11] dev_close_many+0x24e/0x4c0 [ 605.977353][ T11] ? __pfx_lock_acquire+0x10/0x10 [ 605.982456][ T11] ? __pfx_dev_close_many+0x10/0x10 [ 605.987638][ T11] ? __pfx_lock_release+0x10/0x10 [ 605.992647][ T11] ? do_raw_spin_lock+0x14f/0x370 [ 605.997662][ T11] dev_close+0x1c0/0x2c0 [ 606.001907][ T11] ? do_raw_spin_unlock+0x13c/0x8b0 [ 606.007090][ T11] ? __pfx_dev_close+0x10/0x10 [ 606.011848][ T11] cfg80211_shutdown_all_interfaces+0xbb/0x1d0 [ 606.018010][ T11] ieee80211_remove_interfaces+0x106/0x700 [ 606.023803][ T11] ? __pfx___mutex_lock+0x10/0x10 [ 606.028816][ T11] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 606.034692][ T11] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 606.041014][ T11] ieee80211_unregister_hw+0x5d/0x2c0 [ 606.046379][ T11] mac80211_hwsim_del_radio+0x2c2/0x4c0 [ 606.051925][ T11] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 606.058016][ T11] hwsim_exit_net+0x5c1/0x670 [ 606.062700][ T11] ? __pfx_hwsim_exit_net+0x10/0x10 [ 606.067908][ T11] ? __ip_vs_dev_cleanup_batch+0x239/0x260 [ 606.073737][ T11] cleanup_net+0x802/0xcc0 [ 606.078151][ T11] ? __pfx_cleanup_net+0x10/0x10 [ 606.083122][ T11] ? process_scheduled_works+0x945/0x1830 [ 606.088844][ T11] process_scheduled_works+0xa2c/0x1830 [ 606.094415][ T11] ? __pfx_process_scheduled_works+0x10/0x10 [ 606.100426][ T11] ? assign_work+0x364/0x3d0 [ 606.105047][ T11] worker_thread+0x86d/0xd50 [ 606.109654][ T11] ? __kthread_parkme+0x169/0x1d0 [ 606.114671][ T11] ? __pfx_worker_thread+0x10/0x10 [ 606.119791][ T11] kthread+0x2f0/0x390 [ 606.123846][ T11] ? __pfx_worker_thread+0x10/0x10 [ 606.128944][ T11] ? __pfx_kthread+0x10/0x10 [ 606.133542][ T11] ret_from_fork+0x4b/0x80 [ 606.137957][ T11] ? __pfx_kthread+0x10/0x10 [ 606.142574][ T11] ret_from_fork_asm+0x1a/0x30 [ 606.147344][ T11] [ 606.150605][ T11] Kernel Offset: disabled [ 606.155026][ T11] Rebooting in 86400 seconds..