last executing test programs: 5.971792733s ago: executing program 3 (id=4): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) r1 = syz_usb_connect(0x0, 0x2d, &(0x7f00000004c0)=ANY=[@ANYBLOB="1201410130f56920ac05190272f00102030109021b00012000100009045507010349020009058203"], 0x0) r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000002c0), 0xffffffffffffffff) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f00000003c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) connect$unix(r3, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e20}, 0x6e) r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r5 = fcntl$dupfd(r4, 0x0, r4) write$tun(r5, &(0x7f00000001c0)={@void, @void, @mpls={[], @ipv6=@tipc_packet={0x3, 0x6, "460ba0", 0x64, 0x6, 0x0, @empty, @dev={0xfe, 0x80, '\x00', 0x24}, {[@srh={0x3a, 0x6, 0x4, 0x3, 0x6, 0x18, 0xe39c, [@private2, @empty, @private0]}], @payload_mcast={{{{{{0x2c, 0x0, 0x1, 0x0, 0x0, 0xb, 0x0, 0x2, 0x5, 0x0, 0x57082eceb02ffff2, 0x4, 0x1, 0x1, 0x8, 0x4, 0xa, 0x4e22, 0x4e24}, 0x0, 0x2}, 0x1, 0x4}, 0x1}}}}}}}, 0x8c) sendmsg$DEVLINK_CMD_RATE_GET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x24, r2, 0x800, 0x70bd2a, 0x25dfdbfd, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x810) syz_usb_control_io(r1, 0x0, &(0x7f0000000180)={0x84, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000040), 0x75c, 0x10d840) ioctl$EVIOCGBITSND(0xffffffffffffffff, 0x80404532, &(0x7f0000000480)) r6 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)={0x14, 0x14, 0x1, 0x70bd2c, 0x25dfdbfe, {0x28, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x20040000) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000540)=""/67, 0x0, 0x4}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0, 0xd000}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$VHOST_SET_VRING_ENDIAN(r0, 0x4008af13, &(0x7f0000000080)={0x1, 0x4}) 5.533004974s ago: executing program 1 (id=2): r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1}) r1 = dup(r0) mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, r1, 0x0) ioctl$VIDIOC_G_OUTPUT(r1, 0x8004562e, &(0x7f0000000040)) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'syzkaller1\x00', 0x2}) r3 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x17}}) socket$igmp6(0xa, 0x3, 0x2) r4 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r4, 0x8983, &(0x7f0000000300)={0x0, 'gretap0\x00', {0x2}, 0x3}) r5 = socket$inet(0xa, 0x801, 0x84) connect$inet(r5, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r5, 0x8) r6 = accept4(r5, 0x0, 0x0, 0x0) sendto$inet(r6, &(0x7f00000002c0)="cc", 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f0000000000)={0x6, 0x0, 0x6, 0x691}, 0x10) sendto$inet6(r6, &(0x7f0000000200)='x', 0x1, 0x4000000, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r6, 0x84, 0x7b, &(0x7f00000006c0)={0x0, 0x2}, 0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r6, 0x84, 0x7b, &(0x7f00000003c0)={0x0, 0x1}, 0x8) write$tun(r2, &(0x7f0000000200)={@val={0x0, 0x80f3}, @void, @eth={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xa8c298495af9f4a6}, @val={@val, {0x8100, 0x0, 0x0, 0x20}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x8000, 0x17c2, 0x10, 0x0, @gue={{0x2, 0x1, 0x3, 0x4, 0x100}}}}}}}}, 0x3e) 3.821797472s ago: executing program 1 (id=5): r0 = socket(0x400000000010, 0x3, 0x0) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{&(0x7f0000000240)=@generic={0x21, "1aee2c4f6843c6782466293e62d4f664c2efa8906f0d97822ac0d88ecdd9d47e182b3b523c6243022c1be9fd662325c023ac48a28ae996c41561bb7e9903c408613b4d29da0b9d5af499caa7759c17c667af8acea6dc52148f1233494efd8f08aaab6382d5e33471a107ec47df5b5312764e134c68842fd1a2078151812e"}, 0x80, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb18b7d0670f8b3be16755ead6a6fb713fa618ce2cf424ea7cc84b04016b9a2afbfaf68803f1c1acb74fef", 0x87}, {&(0x7f0000000480)="4ce09043b6aa2ae5946f67306c7f73ed469dfcfc5e1f4d8123a4a8a7b9be82f67f89605cd9bbf7254c156b00437f753a248daf68c5ebdc4a6346d336a6502e98eae72777956d1ebeeb855fae46b3ccb9fb3d593651b95ee00afe0816b3c6e7f3cb3b18fb5198643daa6b9cafde584957dd72ba27cef6604f5df59f0bee60bca63d75a9d812eb699c2d665b7179b22027cf748ac63bcc212703d44cb083e962eee9b5d212523c162b42377ebd0bc624bf9425f6f4772e36c6c2fd4f69b65cc435f93c1a490cb75162251e15942b29de8d9d", 0xd1}, {&(0x7f0000000780)="8ff2f15bd0017ce4b36b6bc4335634254cffcc40c0312f5ff35991272b79d76712dc0c3cfdc0d70ce8004884e6917bed9ffee1584df7f06c7bccac71daf78bf3c68b8d5e56357654784bdbc700bceb1049c6a47d53c5ac29f83aed3ae9968f", 0x5f}, {0x0}, {&(0x7f0000000900)="a9be9b2ff3a19d5a1226e5243d37d1fd2894c1ae880dc2316aa2d5ad08944c7135eb837eff354282dd5863c051eb7b9b17be0e4fdd6560f3f2c2c04af73a6cb75b5d05d6037f91e8f4f08e90d5313fb91fbdc5acd212f7d8c800a837a0236309d25e82d5767d8df7512b2beb324c2a2fd6f4ed3a3eb7396f02d515396a3be574d721df257dbf0bc39c617c69458d721eb85d0e5372751cd2", 0x98}, {&(0x7f00000000c0)}], 0x6}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000ac0)="3eb85e3024a2953147f5444738e1388e15fef01893884c2eeb5c559f4a030ee6b08fca1e38ee56dac9cbbea3d6d43e34d9daf81d45289d2bc841e2c4c7072582b15ce7ff3e22b0f19d8a2643280daeb9791b2d0f9b216a0fda4f30804b739da3cce1691d6d88ff52d3e43b26d935d69e99673e98e92fe2fd18e63d4d5699814d9843367774e155678592d0eec07073e851f50827bde418748aa0741684fe603e34dcc960678c7b3e71e48befa166d4a5247325fa881fc7857a8caadde6a2ac9cdcc4ead01267dbb4c639d6d8a80f9637e0c2a3f9623478134b943d5fba4f7e0ceed66c93cc8b", 0xe6}, {&(0x7f0000000580)="8f966bd94d169820f6b844307d323b8c13deaeff91566b7f1725f39f", 0x1c}], 0x3, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x9a9}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x80}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x78}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, 0x0}}, {{0x0, 0x0, &(0x7f0000003a40)=[{&(0x7f0000000640)="f3f4c60f4caeeeb0b0c17aa464613c", 0xf}], 0x1}}], 0x4, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000018c0)='/sys/power/pm_test', 0x40, 0x2) linkat(r3, &(0x7f0000000040)='./file0/file0\x00', 0xffffffffffffffff, 0x0, 0x1400) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 3.494289477s ago: executing program 2 (id=3): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000240)={0x1, 0x0, [{0x40000108, 0x0, 0x2}]}) r3 = socket(0x400000000010, 0x3, 0x0) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{&(0x7f0000000240)=@generic={0x21, "1aee2c4f6843c6782466293e62d4f664c2efa8906f0d97822ac0d88ecdd9d47e182b3b523c6243022c1be9fd662325c023ac48a28ae996c41561bb7e9903c408613b4d29da0b9d5af499caa7759c17c667af8acea6dc52148f1233494efd8f08aaab6382d5e33471a107ec47df5b5312764e134c68842fd1a2078151812e"}, 0x80, &(0x7f00000009c0)=[{&(0x7f00000002c0)}, {&(0x7f0000000480)="4ce09043b6aa2ae5946f67306c7f73ed469dfcfc5e1f4d8123a4a8a7b9be82f67f89605cd9bbf7254c156b00437f753a248daf68c5ebdc4a6346d336a6502e98eae72777956d1ebeeb855fae46b3ccb9fb3d593651b95ee00afe0816b3c6e7f3cb3b18fb5198643daa6b9cafde584957dd72ba27cef6604f5df59f0bee60bca63d75a9d812eb699c2d665b7179b22027cf748ac63bcc212703d44cb083e962eee9b5d212523c162b42377ebd0bc624bf9425f6f4772e36c6c2fd4f69b65cc435f93c1a490cb75162251e15942b29de8d9d", 0xd1}, {&(0x7f0000000780)="8ff2f15bd0017ce4b36b6bc4335634254cffcc40c0312f5ff35991272b79d76712dc0c3cfdc0d70ce8004884e6917bed9ffee1584df7f06c7bccac71daf78bf3c68b8d5e56357654784bdbc700bceb1049c6a47d53c5ac29f83aed3ae9968fe8", 0x60}, {&(0x7f0000000800)="5193f0b40db29d9ce06f429ed3c2c6405967f1e559f08c35f5e63ad64c2746967cca1bbeaf6206a79c42badb4fb453f294c2932cb5552a5f9c1d633207a53c2f54d98c2f9e4323eac6c20c56e7607d212b210a0325f7c289d1a2552d7a3f2176a47e95bc46471fae9167768d58f22ff10ba3cc2050b1ee838ce9e4ac5a1544fec3e291272cfaaa4817539972fb8bb2ede331312f556ecea24236759bf0d51003477ec489820505cea6045a9939974c6f2ee3815378dc0a620982383e84178b017ba52b", 0xc3}, {&(0x7f0000000900)="a9be9b2ff3a19d5a1226e5243d37d1fd2894c1ae880dc2316aa2d5ad08944c7135eb837eff354282dd5863c051eb7b9b17be0e4fdd6560f3f2c2c04af73a6cb75b5d05d6037f91e8f4f08e90d5313fb91fbdc5acd212f7d8c800a837a0236309d25e82d5767d8df7512b2beb324c2a2fd6f4ed3a3eb7396f02d515396a3be574d721df257dbf0bc39c617c69458d721eb85d0e5372751cd2", 0x98}, {&(0x7f00000000c0)}], 0x6}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000ac0)="3eb85e3024a2953147f5444738e1388e15fef01893884c2eeb5c559f4a030ee6b08fca1e38ee56dac9cbbea3d6d43e34d9daf81d45289d2bc841e2c4c7072582b15ce7ff3e22b0f19d8a2643280daeb9791b2d0f9b216a0fda4f30804b739da3cce1691d6d88ff52d3e43b26d935d69e99673e98e92fe2fd18e63d4d5699814d9843367774e155678592d0eec07073e851f50827bde418748aa0741684fe603e34dcc960678c7b3e71e48befa166d4a5247325fa881fc7857a8caadde6a2ac9cdcc4ead01267dbb4c639d6d8a80f9637e0c2a3f9623478134b943d5fba4f7e0ceed66c93cc8b", 0xe6}, {&(0x7f0000000580)="8f966bd94d169820f6b844307d323b8c13deaeff91566b7f1725f39f", 0x1c}], 0x3, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x9a9}}, @timestamping={{0x14, 0x1, 0x25, 0x101}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x80}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x78}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, r3, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, 0x0}}, {{0x0, 0x0, &(0x7f0000003a40)=[{&(0x7f0000000640)="f3f4c60f4caeeeb0b0c17aa464613c", 0xf}], 0x1}}], 0x4, 0x20000044) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x550, 0x280, 0x1000, 0x0, 0x1, 0x0, {0x0, 0x9}, {0x350, 0x20002, 0xfffffffd}, {0xf4ef}, {0x4, 0x0, 0x7fe}, 0x1, 0x100, 0x0, 0xd614, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00'}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r6 = accept4(r5, 0x0, 0x0, 0x800) r7 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local}], 0x10) sendmsg$inet_sctp(r7, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x1) r8 = dup(r7) readv(r8, &(0x7f0000000dc0)=[{&(0x7f0000000740)=""/199, 0xc7}], 0x1) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r3) sendmsg$NL80211_CMD_CONNECT(r8, &(0x7f0000000740)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000700)={&(0x7f0000000680)={0x80, r9, 0x100, 0x70bd26, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@device_b}, @NL80211_ATTR_BSS_SELECT={0x14, 0xe3, 0x0, 0x1, {0x10, 0x0, [@NL80211_BSS_SELECT_ATTR_RSSI_ADJUST={0x6, 0x3, {0x0, 0x1}}, @NL80211_BSS_SELECT_ATTR_RSSI={0x4}]}}, @NL80211_ATTR_WIPHY_FREQ_HINT={0x8, 0xc9, @random=0x16ee}, @crypto_settings=[@NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x507}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x6002}, @NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x2}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}, @NL80211_ATTR_CIPHER_SUITE_GROUP={0x8, 0x4a, 0xfac05}, @NL80211_ATTR_CONTROL_PORT={0x4}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}], @NL80211_ATTR_PREV_BSSID={0xa}, @NL80211_ATTR_WANT_1X_4WAY_HS={0x4}, @NL80211_ATTR_DISABLE_VHT={0x4}]}, 0x80}, 0x1, 0x0, 0x0, 0x52d96d2f5a852297}, 0x80081) sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r10, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r11, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r12, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 3.016578367s ago: executing program 0 (id=1): ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000240)={0x5, 0x8, 0x3, 0x0, 0x5e, 0x5c, &(0x7f0000000100)="2e8d43d95585f2011aa605ecafe6dc2ccdda00f8000ac3b705bf1b3b4e588e4b91994efc3b9a82070212d1fbb259cb5b9ceba855d383994db4dbc419070b53387df332ab3beaeabf9b266f6694e122d98214d60295f74f11bcccd2875004"}) r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f00000003c0)={0x55, 0x8000, 0xfffd, {0x0, 0x1}, {0x4f, 0x2}, @cond=[{0x1ff, 0x5388, 0x6f5, 0x800, 0xc7, 0x8}, {0xffff, 0x5, 0x1, 0x46, 0x6, 0xfd}]}) write$char_usb(r1, &(0x7f0000000040)="e2", 0x2250) setsockopt$WPAN_SECURITY(r0, 0x0, 0x1, &(0x7f0000000040)=0x2, 0x4) sendmsg$802154_dgram(r0, &(0x7f00000001c0)={&(0x7f00000000c0), 0x14, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000) r2 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000380), 0x121682, 0x0) read$nci(r2, &(0x7f0000000100)=""/107, 0x6b) syz_genetlink_get_family_id$nl80211(0x0, r2) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x1eb401, 0x0) ioctl$SNAPSHOT_FREE_SWAP_PAGES(r3, 0x3309) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(0xffffffffffffffff, 0xc0045540, 0x0) read$FUSE(r2, 0x0, 0x0) r4 = socket$nl_sock_diag(0x10, 0x3, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r6 = accept4(r5, 0x0, 0x0, 0x800) sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cd", 0x3f}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000540)=""/74, 0x4a}], 0x2}, 0x0) sendmsg$DCCPDIAG_GETSOCK(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c00000012000301000000000000000000009db7000000000000010004000000000000000000000000000000000000000000000000000000691d0f76e77044d1eb94e56239"], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) 2.775368954s ago: executing program 1 (id=6): mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='.\x00', &(0x7f0000000000), 0x4, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYRESOCT=r0, @ANYRESOCT=r1], 0x64}, 0x1, 0x0, 0x0, 0x4000080}, 0x2400c000) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c000000480001ffffffe000000000000a0000000000000000000000140001800d2a79075827af5aa534d6815c2e93f10c0002"], 0x3c}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x10) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@index_off}, {@nfs_export_on}]}) 2.473421952s ago: executing program 0 (id=7): syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f8100000000000000000006241a0000000905810300000000000904010000020d00000904010102020d000009058202000000000009050302"], 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r0, &(0x7f0000001300)="92", 0x4) 2.37899653s ago: executing program 1 (id=8): getrandom(&(0x7f0000000380)=""/300, 0xcebaa945, 0x0) r0 = syz_create_resource$binfmt(&(0x7f0000000100)='./file1\x00') r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) close(r1) execveat$binfmt(0xffffffffffffff9c, r0, 0x0, &(0x7f0000004780)={[], 0xf000}, 0x1000) (fail_nth: 3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 2.267330129s ago: executing program 3 (id=9): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0) read$FUSE(r1, &(0x7f0000005200)={0x2020}, 0x2020) read$FUSE(r1, &(0x7f0000002c00)={0x2020}, 0xa23) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_GUEST_MEMFD(r2, 0xc040aed4, &(0x7f00000001c0)={0x10000, 0x3}) ioctl$KVM_SET_USER_MEMORY_REGION2(r2, 0x40a0ae49, &(0x7f0000000080)={0x0, 0x4, 0x5000, 0x2000, &(0x7f0000ffd000/0x2000)=nil, 0x4000000000, r3}) dup3(r2, r3, 0x80000) 1.461666843s ago: executing program 2 (id=10): r0 = socket(0x400000000010, 0x3, 0x0) sendmmsg$sock(0xffffffffffffffff, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f00000002c0)="f973085a6ea39ea1b25a1c6b351e11245900557d1c8e9f86bae5e5c64e50ef25afb0295d0c303850b4bff4d088bf9df67e013836e2882dad3f7698b52997f7efa9eb96f09be1c3019445927c6b2fe32d38ae2bcad2ac0d85ebd42914fb18b7d0670f8b3be16755ead6a6fb713fa618ce2cf424ea7cc84b04016b9a2afbfaf68803f1c1acb7", 0x85}, {&(0x7f0000000380)="82f294054d05973abfac6a6f31050418457d017c5fd68b034cf51b9f6a6d71daa5c776bca90037bc7c3d88b151fbf856f69ebd05e750f13f02af646b284953b6640a08c827c6f2ff4ad8e84077f9f03f94792aa17c4743cba3f355bb9c5b04b91ed70d253db68e17cdd561fab504479f723388dda974e2a9fb1bcda474c08d6222179b19e902009ea3cb3e42408bab6c1f29cb62d0", 0x95}, {&(0x7f0000000480)="4ce09043b6aa2ae5946f67306c7f73ed469dfcfc5e1f4d8123a4a8a7b9be82f67f89605cd9bbf7254c156b00437f753a248daf68c5ebdc4a6346d336a6502e98eae72777956d1ebeeb855fae46b3ccb9fb3d593651b95ee00afe0816b3c6e7f3cb3b18fb5198643daa6b9cafde584957dd72ba27cef6604f5df59f0bee60bca63d75a9d812eb699c2d665b7179b22027cf748ac63bcc212703d44cb083e962eee9b5d212523c162b42377ebd0bc624bf9425f6f4772e36c6c2fd4f69b65cc435f93c1a490cb75162251e15942b29de8d9d", 0xd1}, {&(0x7f0000000700)="8ff2f15bd0017ce4b36b6bc4335634254cffcc40c0312f5ff35991272b79d76712dc0c3cfdc0d70ce8004884e6917bed9ffee1584df7f06c7bccac71daf78bf3c68b8d5e56357654784bdbc700bceb1049c6a47d53c5ac29f83aed3ae9968fe8", 0x60}, {&(0x7f0000000800)="5193f0b40db29d9ce06f429ed3c2c6405967f1e559f08c35f5e63ad64c2746967cca1bbeaf6206a79c42badb4fb453f294c2932cb5552a5f9c1d633207a53c2f54d98c2f9e4323eac6c20c56e7607d212b210a0325f7c289d1a2552d7a3f2176a47e95bc46471fae9167768d58f22ff10ba3cc2050b1ee838ce9e4ac5a1544fec3e291272cfaaa4817539972fb8bb2ede331312f556ecea24236759bf0d51003477ec489820505cea6045a9939974c6f2ee3815378dc0a620982383e84178b017ba52b", 0xc3}, {&(0x7f0000000900)="a9be9b2ff3a19d5a1226e5243d37d1fd2894c1ae880dc2316aa2d5ad08944c7135eb837eff354282dd5863c051eb7b9b17be0e4fdd6560f3f2c2c04af73a6cb75b5d05d6037f91e8f4f08e90d5313fb91fbdc5acd212f7d8c800a837a0236309d25e82d5767d8df7512b2beb324c2a2fd6f4ed3a3eb7396f02d515396a3be574d721df257dbf0bc39c617c69458d721eb85d0e5372751cd23cc88571", 0x9c}, {&(0x7f00000000c0)}], 0x7}}, {{&(0x7f0000000a40)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha256\x00'}, 0x80, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000ac0)="3eb85e3024a2953147f5444738e1388e15fef01893884c2eeb5c559f4a030ee6b08fca1e38ee56dac9cbbea3d6d43e34d9daf81d45289d2bc841e2c4c7072582b15ce7ff3e22b0f19d8a2643280daeb9791b2d0f9b216a0fda4f30804b739da3cce1691d6d88ff52d3e43b26d935d69e99673e", 0x73}, {&(0x7f0000000bc0)="61275006ed747229311198ab94c7e6699587b0d033c2f17d1ccbd45cba520b6888fbad95d4d6ae3cc7172b392f90693e992e52408ba7f1874d1767303d6acb170f216f71908f53a3be1833a25eb1fb2ba3913dcc1de30c5c7e914b13514dea44fb2b964aaa280d5a85512fede48830ca6e", 0x71}, {&(0x7f0000000580)="8f966bd94d169820f6b844307d323b8c13deaeff91566b7f1725f39f", 0x1c}], 0x4, &(0x7f0000000cc0)=[@mark={{0x14, 0x1, 0x24, 0x9a9}}, @mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x301}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x84}}, @txtime={{0x18, 0x1, 0x3d, 0x9d}}], 0x90}}, {{&(0x7f0000000d80)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e23, @local}, 0x2, 0x3, 0x1, 0x3}}, 0x80, &(0x7f0000000f00)=[{&(0x7f0000000e00)="abc662f2a7dc713d226b612e712df36db5547daf508fb74a679224eba0fe5f05c53081ff6ebac83c264c6deeec6d4546fe7d00337f488ecee46577d71b39e24cdef94f16295eb7", 0x47}], 0x1}}], 0x3, 0x20000044) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'vlan1\x00', 0x0}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000780), 0x16fa43, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r7, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x400000f2, 0x0, 0xfffffffffffffffd}]}) close_range(r4, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f0000000380)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280\x00'}, 0x58) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) socket$inet6_mptcp(0xa, 0x1, 0x106) r9 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="5201000000000008ec13060000000000000109022400010000200209040000090300000009210b0002012225000905810308"], 0x0) syz_usb_control_io(r9, &(0x7f0000000400)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="200629000000a94b9f7c68ab79826e311a48f804a661552fdfc565b0b0"], 0x0, 0x0, 0x0, 0x0}, 0x0) r10 = accept4(r8, 0x0, 0x0, 0x800) sendmmsg$alg(r10, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r10, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r11 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000006c0)={'syztnl2\x00', &(0x7f0000000640)={'syztnl1\x00', 0x0, 0x2f, 0x5, 0xca, 0x2, 0x14, @mcast2, @mcast2, 0x37, 0x0, 0x6, 0x400}}) sendmsg$ETHTOOL_MSG_COALESCE_GET(r2, &(0x7f0000001140)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40180}, 0xc, &(0x7f0000001100)={&(0x7f0000001840)=ANY=[@ANYBLOB="c718aec9", @ANYRES16=0x0, @ANYBLOB="02002bbd7000fedbc125130000001c0001800800010012a1d33b10ef43593d287d256fb8fe11774db6c67dbe42c825fc0ba0322b0baafc07ddd1587732930242f9a1a46b8a1668e1a68911c6853b2d75e344dbb1c3f04e5cc3867052457e7b01fa7f730e2ac4929f5477d7cfa5582e3b0757f4bffd314a444f02a949b6d83c9e", @ANYRES32=r1, @ANYBLOB="080003000200000008000100", @ANYRES32=r1, @ANYBLOB="6800018008000100", @ANYRES32=r1, @ANYRES64, @ANYRESOCT=r1, @ANYRESOCT=r0, @ANYRES32=r12, @ANYBLOB="14000180000000000300000008000100", @ANYBLOB="87ae5c7ff3a619388e618947ff0928724bfdb318f6eb", @ANYBLOB="5c00010508001ca352ee8dc90610a171", @ANYRESOCT, @ANYBLOB="08000100", @ANYRES32=r1, @ANYBLOB="140002006970365f76746930000000000000000008000100", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r1, @ANYBLOB="140002007767300000000000000000000000000008000300000000000400018054000180080003000200000008000100379e0c920ca149e6dc4b3b03513ca7d7773d356b146773db195101ad224958fead03e6f6e12caf4dba83d2358a8396fdf116df729e6771f2645b8df6c50a258e2d62627d42b7f4c83712949e5e0347ecfb6e82373e5c4c16f79f5ca3393e50e3373fecda05994a808ae48fd29149cb87835fe7af148ecc139a7e1503b8ea2fe76972f0da5f104ab77bc7141571b2", @ANYRES32=r1, @ANYBLOB="080003000400000008000100", @ANYRES32=r1, @ANYBLOB="08000300020000001400020076657468305f746f5f62617461647600140002007465616d3000"/48, @ANYRES64=r8], 0x160}, 0x1, 0x0, 0x0, 0x4040810}, 0x24000000) r13 = syz_usb_connect(0x5, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="1201000006c055080a115014cb62010203010902120001fe0000000904"], 0x0) syz_usb_control_io$sierra_net(r13, &(0x7f00000000c0)={0x14, 0x0, 0x0}, &(0x7f0000000240)={0x1c, 0x0, 0x0, 0x0}) r14 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r11, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r14, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r15, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 1.007302548s ago: executing program 1 (id=11): syz_usb_connect(0x3, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0) timer_create(0x0, 0x0, &(0x7f0000000140)) timer_create(0x7, 0x0, &(0x7f0000000180)=0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000280)={0xa, 0x4e22, 0xd, @loopback, 0x6}, 0x1c) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000080)=0x40, 0x4) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c) setsockopt$inet6_int(r1, 0x29, 0x42, &(0x7f0000000100)=0x80000001, 0x4) r2 = dup(r1) sendmmsg$inet(r2, &(0x7f000000d4c0)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000380)="9e3b07", 0x3}], 0x1}}], 0x1, 0x95) write$binfmt_elf32(r2, &(0x7f0000000500)=ANY=[], 0x258) read$FUSE(r2, &(0x7f0000002a00)={0x2020}, 0x2020) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) timer_delete(r0) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r4 = epoll_create(0x1) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000000)={0x80000000}) 781.771193ms ago: executing program 3 (id=12): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001800)=ANY=[@ANYBLOB="180000002500010324bd7002ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0) recvmmsg(r0, &(0x7f0000006900)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f00000003c0)=""/4092, 0xffc}, {&(0x7f00000013c0)=""/232, 0xe8}, {&(0x7f0000001700)=""/161, 0xa1}], 0x3}, 0x5}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, &(0x7f0000001c40)=[{&(0x7f0000001b80)=""/130, 0x82}, {&(0x7f0000001e40)=""/4105, 0x1009}, {&(0x7f0000001840)=""/165, 0xa5}, {&(0x7f0000001980)=""/155, 0x9b}, {&(0x7f0000002e80)=""/251, 0xfb}, {&(0x7f0000001500)=""/245, 0xf5}, {&(0x7f0000001d40)=""/249, 0xf9}, {&(0x7f0000000040)=""/114, 0x72}, {&(0x7f0000001a40)=""/19, 0x13}, {&(0x7f0000001a80)=""/85, 0x55}], 0xa}, 0x81}], 0x4, 0x40012032, 0x0) 624.519466ms ago: executing program 0 (id=13): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$HDIO_GETGEO(0xffffffffffffffff, 0x301, &(0x7f0000000540)) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0) preadv2(r3, &(0x7f0000000800)=[{&(0x7f0000000600)=""/121, 0x79}, {&(0x7f0000000680)=""/188, 0xbc}, {&(0x7f0000000740)=""/169, 0xa9}], 0x3, 0x8, 0x3e, 0x14) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) r5 = socket(0x10, 0x3, 0x0) write(r5, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000000", 0x41d) recvmmsg(r5, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000ec0)=""/246, 0xf6}, {&(0x7f0000000000)=""/166, 0xa6}, {&(0x7f0000000fc0)=""/4108, 0x100c}], 0x3}, 0x8}, {{0x0, 0x0, 0x0}, 0x2}], 0x2, 0x40000020, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000280)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x48, 0xff55, &(0x7f0000000300)={@flat=@handle={0x73682a85, 0xa, 0x1}, @flat=@weak_binder={0x77622a85, 0x1100, 0x2}, @fd}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) r6 = socket$inet6(0xa, 0x3, 0xfffffffe) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000980)={0x2c, 0x0, &(0x7f0000000840)=[@register_looper, @dead_binder_done, @acquire_done={0x40106309, 0x2}, @decrefs={0x40046307, 0x2}], 0xcd, 0x0, &(0x7f0000000880)="eda9489af850a895612d3b4f97aeab0fb147bd5754e25233fc94e9f87e8796186b48a9e387c8f8126f2941dd17d57389b0757b690d25ca4507fd9e562817f37f834edaca6ea5acad1bc1b6b336c29841362c7eabfb4128548c7f8ddd61f2ec000d242f106bcaf1e3795a81c7c8df827100d1fae4ab1bd1fb021c5977019ddf1b0757b84a06ad936a80c871032438cfda91823caa1edd2af88886601a98436a93708ef2b33df82ec6960974786513b40a83dc43327498258c57b408a813fdf84bc60987be63a68c7ff78c95fd6f"}) ioctl$FITRIM(r1, 0xc0185879, &(0x7f0000000180)={0x222446f4, 0x8, 0x3}) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000440)=[@in6={0xa, 0x9, 0x3f, @loopback, 0x7b6a}, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x3e}}, @in6={0xa, 0x4e20, 0x7, @remote, 0x13}], 0x48) setsockopt$inet6_int(r6, 0x29, 0x33, &(0x7f0000000040)=0x7, 0x4) r8 = syz_open_dev$amidi(&(0x7f0000000240), 0x0, 0x0) fsetxattr$security_ima(r8, &(0x7f0000000380), &(0x7f00000003c0)=@md5={0x1, "d524df6ad0e859928fdbec78bc3fe88e"}, 0x11, 0x1) 163.186096ms ago: executing program 0 (id=14): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001800)=ANY=[@ANYBLOB="180000002500010324bd7002ffdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0) recvmmsg(r0, &(0x7f0000006900)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f00000003c0)=""/4092, 0xffc}, {&(0x7f00000013c0)=""/232, 0xe8}, {&(0x7f0000001700)=""/161, 0xa1}], 0x3}, 0x5}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, &(0x7f0000001c40)=[{&(0x7f0000001b80)=""/130, 0x82}, {&(0x7f0000001e40)=""/4105, 0x1009}, {&(0x7f0000001840)=""/165, 0xa5}, {&(0x7f0000001980)=""/155, 0x9b}, {&(0x7f0000002e80)=""/251, 0xfb}, {&(0x7f0000001500)=""/245, 0xf5}, {&(0x7f0000001d40)=""/249, 0xf9}, {&(0x7f0000000040)=""/114, 0x72}, {&(0x7f0000001a40)=""/19, 0x13}, {&(0x7f0000001a80)=""/85, 0x55}], 0xa}, 0x81}], 0x4, 0x40012032, 0x0) (fail_nth: 3) 0s ago: executing program 3 (id=15): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x20}, 0xc) r1 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33) recvmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/4125, 0x101d}], 0x1}, 0x40002022) sendmsg$TIPC_CMD_SET_NETID(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x24, 0x0, 0x1, 0x70bd2c, 0x25dfdbfb, {{}, {}, {0x8, 0x2, 0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x8000) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r3, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x3, 0x5}, 0x3f, [0x9, 0x2, 0x18, 0x2, 0x2, 0x400, 0x80400000, 0x0, 0x8, 0x0, 0x6, 0x2, 0xfffffffb, 0x39, 0x747d5e13, 0x10800, 0xfffffb9a, 0xfffffffe, 0x0, 0xfffffffb, 0x2004, 0xe4, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x10001, 0x1ff, 0x8003, 0x0, 0x3, 0xde3, 0x3, 0xba55, 0x8da8, 0x4, 0x200, 0x2, 0x4, 0xe, 0x4, 0x2, 0x6f, 0x8, 0x9, 0x1, 0x8001, 0x6, 0x2, 0x9, 0xfffbffff, 0x4, 0x6, 0x1000, 0x5, 0x3d, 0x8, 0xa, 0x5], [0x1, 0x1e, 0x3, 0x8000, 0xfffffffd, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x8, 0x7fff, 0x72c, 0x1c32, 0x3, 0x6, 0x10000, 0x400, 0x7ffd, 0x3, 0x1, 0xf, 0x5, 0x0, 0x981, 0x4, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x7, 0x1, 0xffffffff, 0x6, 0x8, 0x800, 0x7, 0x6, 0x96, 0xfffffff9, 0x2, 0x0, 0x2, 0x411, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x7, 0x200, 0x3], [0x401, 0x4d, 0xffff, 0xcd3, 0x7, 0x1f, 0x404, 0x4, 0x4008, 0xc, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x8, 0x3f92, 0x1000, 0x0, 0x10, 0x1, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x5, 0x4, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x9, 0x8001, 0x10000, 0x0, 0x7, 0x400004, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0x0, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x400, 0x4, 0xea, 0x9, 0x20000005, 0x3, 0xd9, 0x0, 0x7d, 0x5d7, 0x7], [0x108e, 0xffff, 0x7, 0x3, 0x88, 0x2, 0x4000000, 0x4, 0x4c, 0x2, 0x763, 0xb, 0x402, 0x1, 0x9, 0x4001000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x6, 0x4, 0xe47, 0x4, 0x3, 0x4, 0x2, 0x2851, 0x3b, 0x20000001, 0x5, 0x5, 0xa80a, 0x65f413f9, 0x4, 0x20006, 0x8a5, 0x86, 0x44, 0x409, 0x3, 0x4, 0x4, 0x10, 0xe, 0xffffffff, 0x7fff, 0xffff8a33, 0xfffffff9, 0x401, 0x3, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x2, 0xf, 0xf, 0x136, 0x7fffffff]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) writev(r3, &(0x7f0000001300)=[{&(0x7f0000001180)="a180d4c7f8d5d7a5062f6d4c136adc99d0e272075960560028ab9f419a675cf55f142a699e6ae8e2ca758b8b36acb04b020382665ecb0f3497b11869b892d6ddf8965c44f244ae5ace6452b5526f1f1d75158c8bb7a39af451baeac36d7746dc54fba21dfcb312737aea22fde68a26", 0x6f}, {&(0x7f0000001200)="d2d2612666d92f75368aa831c9a7babbb0fa94ca274c678066ed67e69b863777687966f34a67c6fd8d450588f2aaaf5359c1699052a82f91ed5710472fd03589f9555de1d55e22828a645e176fd08c9d41fc3b237f908b0c045c0a9428879c8febaa7ca550345f651dde761490cd1529257fcba80508e2a6f63f17d5fb1532294998daeea160b9f051b794ff5dc2568650494df6f429a8ada466067a4d3a72a5c0013d67a7da06de0ab490268a7a03ba03aa9e3eb677efa0046c9a961f996bccb8d5bf030a3750cca9547ef5559e918ae4dcc947bcf7cdd0f2880a0e33735942fc352f591ca00bf0820009eb0a1bab1875753f686cb8c887773c1cf6", 0xfc}], 0x2) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.2' (ED25519) to the list of known hosts. [ 82.917609][ T5817] cgroup: Unknown subsys name 'net' [ 83.159159][ T5817] cgroup: Unknown subsys name 'cpuset' [ 83.214516][ T5817] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 85.126345][ T5817] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 89.107214][ T60] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 89.109371][ T5837] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 89.133093][ T60] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 89.134234][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 89.143993][ T5837] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 89.163174][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 89.173404][ T5841] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 89.175470][ T5841] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 89.176746][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 89.202428][ T5841] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 89.202749][ T5841] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 89.233022][ T5149] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 89.257121][ T5834] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 89.294432][ T5834] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 89.301554][ T5834] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 89.305109][ T5834] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 89.355057][ T5149] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 89.355186][ T5149] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 89.356095][ T5842] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 89.357659][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.111870][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 90.348066][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 90.359410][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 90.441564][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 90.524383][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.525250][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.525690][ T5830] bridge_slave_0: entered allmulticast mode [ 90.528300][ T5830] bridge_slave_0: entered promiscuous mode [ 90.600093][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.600318][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.600716][ T5830] bridge_slave_1: entered allmulticast mode [ 90.603091][ T5830] bridge_slave_1: entered promiscuous mode [ 90.765183][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.821312][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.821709][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.821930][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.822118][ T5829] bridge_slave_0: entered allmulticast mode [ 90.832384][ T5829] bridge_slave_0: entered promiscuous mode [ 90.875964][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.876206][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.876389][ T5831] bridge_slave_0: entered allmulticast mode [ 90.879037][ T5831] bridge_slave_0: entered promiscuous mode [ 90.921141][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.921353][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.921933][ T5829] bridge_slave_1: entered allmulticast mode [ 90.927731][ T5829] bridge_slave_1: entered promiscuous mode [ 90.975752][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.976066][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.976328][ T5831] bridge_slave_1: entered allmulticast mode [ 90.980460][ T5831] bridge_slave_1: entered promiscuous mode [ 91.085039][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.085254][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.085437][ T5832] bridge_slave_0: entered allmulticast mode [ 91.087865][ T5832] bridge_slave_0: entered promiscuous mode [ 91.133159][ T5830] team0: Port device team_slave_0 added [ 91.154034][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.154361][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.154638][ T5832] bridge_slave_1: entered allmulticast mode [ 91.157247][ T5832] bridge_slave_1: entered promiscuous mode [ 91.205019][ T5830] team0: Port device team_slave_1 added [ 91.209744][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.244941][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.282198][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.296582][ T60] Bluetooth: hci1: command tx timeout [ 91.318043][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.361767][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 91.378661][ T60] Bluetooth: hci0: command tx timeout [ 91.397753][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.397768][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.397795][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.454077][ T60] Bluetooth: hci3: command tx timeout [ 91.454173][ T60] Bluetooth: hci2: command tx timeout [ 91.482425][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 91.507830][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.507845][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.507869][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.520790][ T5829] team0: Port device team_slave_0 added [ 91.573709][ T5831] team0: Port device team_slave_0 added [ 91.590948][ T5829] team0: Port device team_slave_1 added [ 91.613087][ T5831] team0: Port device team_slave_1 added [ 91.642799][ T5832] team0: Port device team_slave_0 added [ 91.687215][ T5832] team0: Port device team_slave_1 added [ 91.730189][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.730200][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.730219][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.784533][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.784544][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.784562][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.828776][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.828821][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.828908][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.897171][ T10] cfg80211: failed to load regulatory.db [ 91.909768][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.909780][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.909800][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.941475][ T5830] hsr_slave_0: entered promiscuous mode [ 91.948233][ T5830] hsr_slave_1: entered promiscuous mode [ 91.984232][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.984246][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.984270][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 92.046510][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 92.046525][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 92.046552][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 92.564335][ T5829] hsr_slave_0: entered promiscuous mode [ 92.565954][ T5829] hsr_slave_1: entered promiscuous mode [ 92.567317][ T5829] debugfs: 'hsr0' already exists in 'hsr' [ 92.567398][ T5829] Cannot create hsr debugfs directory [ 92.607776][ T5831] hsr_slave_0: entered promiscuous mode [ 92.609400][ T5831] hsr_slave_1: entered promiscuous mode [ 92.610655][ T5831] debugfs: 'hsr0' already exists in 'hsr' [ 92.610680][ T5831] Cannot create hsr debugfs directory [ 92.674759][ T5832] hsr_slave_0: entered promiscuous mode [ 92.676144][ T5832] hsr_slave_1: entered promiscuous mode [ 92.677316][ T5832] debugfs: 'hsr0' already exists in 'hsr' [ 92.677338][ T5832] Cannot create hsr debugfs directory [ 93.374620][ T5842] Bluetooth: hci1: command tx timeout [ 93.455232][ T5842] Bluetooth: hci0: command tx timeout [ 93.475862][ T5830] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 93.526023][ T5830] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 93.531850][ T5830] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 93.544054][ T5842] Bluetooth: hci2: command tx timeout [ 93.544084][ T5842] Bluetooth: hci3: command tx timeout [ 93.587160][ T5830] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 93.592405][ T5830] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 93.613595][ T5830] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 93.638145][ T5830] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 93.668262][ T5830] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 93.770574][ T5831] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 93.799471][ T5831] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 93.801888][ T5831] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 93.831283][ T5831] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 93.848649][ T5831] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 93.890622][ T5831] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 93.913585][ T5831] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 93.959435][ T5831] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 94.071974][ T5832] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.108377][ T5832] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 94.121562][ T5832] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.150041][ T5832] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 94.156864][ T5832] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.201091][ T5832] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 94.238126][ T5832] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.267730][ T5832] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 94.397806][ T5829] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.437769][ T5829] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 94.452279][ T5829] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.491066][ T5829] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 94.518328][ T5829] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.547789][ T5829] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 94.562525][ T5829] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.588392][ T5829] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 94.678013][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.776826][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.821295][ T3505] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.821752][ T3505] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.846055][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.880922][ T3505] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.881165][ T3505] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.961537][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.992409][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.013073][ T85] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.013242][ T85] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.065821][ T3505] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.066116][ T3505] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.131617][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.169926][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.196959][ T1472] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.197060][ T1472] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.312383][ T1431] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.314950][ T1431] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.411107][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.454852][ T60] Bluetooth: hci1: command tx timeout [ 95.545723][ T60] Bluetooth: hci0: command tx timeout [ 95.569981][ T1472] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.570104][ T1472] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.614117][ T60] Bluetooth: hci3: command tx timeout [ 95.614145][ T60] Bluetooth: hci2: command tx timeout [ 95.647409][ T1472] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.648067][ T1472] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.818166][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.027083][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.156905][ T5830] veth0_vlan: entered promiscuous mode [ 96.268540][ T5830] veth1_vlan: entered promiscuous mode [ 96.367665][ T5831] veth0_vlan: entered promiscuous mode [ 96.382027][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.446867][ T5831] veth1_vlan: entered promiscuous mode [ 96.486852][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.494570][ T5830] veth0_macvtap: entered promiscuous mode [ 96.538822][ T5830] veth1_macvtap: entered promiscuous mode [ 96.630068][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.631112][ T5831] veth0_macvtap: entered promiscuous mode [ 96.668456][ T5832] veth0_vlan: entered promiscuous mode [ 96.686172][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.687111][ T5831] veth1_macvtap: entered promiscuous mode [ 96.751335][ T1180] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.771116][ T5832] veth1_vlan: entered promiscuous mode [ 96.776085][ T1180] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.798533][ T1180] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.827569][ T1180] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.833207][ T5829] veth0_vlan: entered promiscuous mode [ 96.939381][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.031053][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.040115][ T5829] veth1_vlan: entered promiscuous mode [ 97.222086][ T3527] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.245962][ T3527] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.270807][ T3527] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.290454][ T3527] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.350831][ T5832] veth0_macvtap: entered promiscuous mode [ 97.472999][ T5832] veth1_macvtap: entered promiscuous mode [ 97.503269][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.503286][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.544844][ T5842] Bluetooth: hci1: command tx timeout [ 97.622622][ T5842] Bluetooth: hci0: command tx timeout [ 97.706003][ T5842] Bluetooth: hci2: command tx timeout [ 97.706031][ T5842] Bluetooth: hci3: command tx timeout [ 97.747166][ T5829] veth0_macvtap: entered promiscuous mode [ 97.798054][ T5829] veth1_macvtap: entered promiscuous mode [ 97.815744][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.817113][ T1180] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.817129][ T1180] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.932551][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.969330][ T3527] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.969351][ T3527] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.023586][ T3527] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.038391][ T3527] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.055262][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.056180][ T3527] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.085158][ T3527] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.147105][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.203147][ T3505] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.203165][ T3505] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.267973][ T1472] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.272473][ T1472] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.347010][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.347787][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.204853][ T5927] syz.1.2 uses obsolete (PF_INET,SOCK_PACKET) [ 99.335151][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 99.361965][ T3527] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.361983][ T3527] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.433501][ T5927] syzkaller1: entered allmulticast mode [ 99.510476][ T1180] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.510493][ T1180] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.544535][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 99.559754][ T9] usb 4-1: config 32 has an invalid interface number: 85 but max is 0 [ 99.559783][ T9] usb 4-1: config 32 has no interface number 0 [ 99.559817][ T9] usb 4-1: config 32 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 99.559836][ T9] usb 4-1: config 32 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0 [ 99.559853][ T9] usb 4-1: config 32 interface 85 has no altsetting 0 [ 99.562134][ T9] usb 4-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 99.562161][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.562175][ T9] usb 4-1: Product: syz [ 99.562184][ T9] usb 4-1: Manufacturer: syz [ 99.562194][ T9] usb 4-1: SerialNumber: syz [ 99.835359][ T1180] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.835376][ T1180] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.019674][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.019695][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.168332][ T5931] sg_write: data in/out 418780/98 bytes for SCSI command 0x0-- guessing data in; [ 100.168332][ T5931] program syz.3.4 not setting count and/or reply_len properly [ 100.238741][ T9] appletouch 4-1:32.85: Failed to read mode from device. [ 100.238964][ T9] appletouch 4-1:32.85: probe with driver appletouch failed with error -5 [ 101.258760][ T9] usb 4-1: USB disconnect, device number 2 [ 101.502469][ T5947] 9pnet_virtio: no channels available for device syz [ 101.578300][ T5946] random: crng reseeded on system resumption [ 101.642613][ T5947] overlayfs: conflicting options: nfs_export=on,index=off [ 102.111880][ T5955] FAULT_INJECTION: forcing a failure. [ 102.111880][ T5955] name failslab, interval 1, probability 0, space 0, times 1 [ 102.111926][ T5955] CPU: 1 UID: 0 PID: 5955 Comm: syz.1.8 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 102.111944][ T5955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 102.111959][ T5955] Call Trace: [ 102.111966][ T5955] [ 102.111977][ T5955] dump_stack_lvl+0xe8/0x150 [ 102.112000][ T5955] should_fail_ex+0x46b/0x600 [ 102.112026][ T5955] should_failslab+0xa8/0x100 [ 102.112050][ T5955] kmem_cache_alloc_noprof+0x87/0x680 [ 102.112072][ T5955] ? alloc_empty_file+0x5b/0x1d0 [ 102.112092][ T5955] alloc_empty_file+0x5b/0x1d0 [ 102.112110][ T5955] path_openat+0x11b/0x38a0 [ 102.112132][ T5955] ? unwind_next_frame+0xa6/0x2550 [ 102.112156][ T5955] ? unwind_next_frame+0xa6/0x2550 [ 102.112177][ T5955] ? is_bpf_text_address+0x26/0x2b0 [ 102.112207][ T5955] ? __pfx_path_openat+0x10/0x10 [ 102.112228][ T5955] ? is_bpf_text_address+0x292/0x2b0 [ 102.112248][ T5955] ? is_bpf_text_address+0x26/0x2b0 [ 102.112270][ T5955] ? kernel_text_address+0xa5/0xe0 [ 102.112292][ T5955] ? __kernel_text_address+0xd/0x30 [ 102.112320][ T5955] ? do_raw_spin_lock+0x12b/0x2f0 [ 102.112344][ T5955] do_file_open+0x23e/0x4a0 [ 102.112365][ T5955] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 102.112385][ T5955] ? __pfx_do_file_open+0x10/0x10 [ 102.112427][ T5955] ? do_open_execat+0xad/0x590 [ 102.112452][ T5955] do_open_execat+0x12b/0x590 [ 102.112475][ T5955] ? __pfx_do_open_execat+0x10/0x10 [ 102.112505][ T5955] alloc_bprm+0x28/0x5c0 [ 102.112529][ T5955] do_execveat_common+0x175/0x690 [ 102.112554][ T5955] ? do_getname+0x151/0x250 [ 102.112572][ T5955] __x64_sys_execveat+0xc7/0xf0 [ 102.112597][ T5955] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.112614][ T5955] do_syscall_64+0x15f/0xf80 [ 102.112629][ T5955] ? trace_irq_disable+0x3b/0x140 [ 102.112646][ T5955] ? clear_bhb_loop+0x40/0x90 [ 102.112664][ T5955] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.112680][ T5955] RIP: 0033:0x7f943c85c819 [ 102.112705][ T5955] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 102.112718][ T5955] RSP: 002b:00007f943aa95028 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 102.112736][ T5955] RAX: ffffffffffffffda RBX: 00007f943cad6090 RCX: 00007f943c85c819 [ 102.112747][ T5955] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 102.112758][ T5955] RBP: 00007f943aa95090 R08: 0000000000001000 R09: 0000000000000000 [ 102.112769][ T5955] R10: 0000200000004780 R11: 0000000000000246 R12: 0000000000000001 [ 102.112778][ T5955] R13: 00007f943cad6128 R14: 00007f943cad6090 R15: 00007ffcb7c43e78 [ 102.112800][ T5955] [ 102.440804][ T5954] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 102.468980][ T5904] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 102.644187][ T5904] usb 1-1: Using ep0 maxpacket: 8 [ 102.671403][ T5904] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 102.671433][ T5904] usb 1-1: config 0 has no interface number 0 [ 102.671479][ T5904] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 102.671514][ T5904] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 102.671535][ T5904] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.802117][ T5904] usb 1-1: config 0 descriptor?? [ 103.213066][ T5904] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 103.258399][ T5904] usb 1-1: USB disconnect, device number 2 [ 103.564080][ T10] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 103.707024][ T5905] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 103.746400][ T5971] binder_alloc: 5970: binder_alloc_buf size 65440 failed, no address space [ 103.746489][ T5971] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 103.747950][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 103.747982][ T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 103.748021][ T10] usb 3-1: New USB device found, idVendor=13ec, idProduct=0006, bcdDevice= 0.00 [ 103.748045][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.753718][ T5971] binder: 5970:5971 ioctl c0185879 200000000180 returned -22 [ 103.867695][ T10] usb 3-1: config 0 descriptor?? [ 103.880034][ T5905] usb 2-1: Using ep0 maxpacket: 8 [ 103.897432][ T5905] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 103.897456][ T5905] usb 2-1: config 0 has no interface number 0 [ 103.897493][ T5905] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 103.897514][ T5905] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 103.897538][ T5905] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 103.897562][ T5905] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 103.897600][ T5905] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 103.897621][ T5905] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.021720][ T5905] usb 2-1: config 0 descriptor?? [ 104.154702][ T5905] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 104.567185][ T5962] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 104.591480][ T5962] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 104.646351][ T5832] ================================================================== [ 104.646364][ T5832] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0x40/0x60 [ 104.646389][ T5832] Read of size 1 at addr ffff88803efc0288 by task syz-executor/5832 [ 104.646403][ T5832] [ 104.646413][ T5832] CPU: 0 UID: 0 PID: 5832 Comm: syz-executor Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 104.646433][ T5832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 104.646448][ T5832] Call Trace: [ 104.646455][ T5832] [ 104.646462][ T5832] dump_stack_lvl+0xe8/0x150 [ 104.646483][ T5832] print_address_description+0x55/0x1e0 [ 104.646503][ T5832] ? _raw_spin_lock_irqsave+0x40/0x60 [ 104.646529][ T5832] print_report+0x58/0x70 [ 104.646549][ T5832] kasan_report+0x117/0x150 [ 104.646575][ T5832] ? _raw_spin_lock_irqsave+0x40/0x60 [ 104.646598][ T5832] ? rt_mutex_slowunlock+0xbf/0x8b0 [ 104.646628][ T5832] __kasan_check_byte+0x2a/0x40 [ 104.646658][ T5832] lock_acquire+0x84/0x350 [ 104.646685][ T5832] ? preempt_schedule_common+0x82/0xd0 [ 104.646707][ T5832] ? preempt_schedule_thunk+0x16/0x30 [ 104.646738][ T5832] ? rcu_is_watching+0x15/0xb0 [ 104.646771][ T5832] _raw_spin_lock_irqsave+0x40/0x60 [ 104.646793][ T5832] ? rt_mutex_slowunlock+0xbf/0x8b0 [ 104.646842][ T5832] rt_mutex_slowunlock+0xbf/0x8b0 [ 104.646878][ T5832] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 104.646911][ T5832] ? __rcu_read_unlock+0x83/0xe0 [ 104.646936][ T5832] ? rt_spin_unlock+0x160/0x200 [ 104.646970][ T5832] shrink_dentry_list+0x2e3/0x5e0 [ 104.647003][ T5832] shrink_dcache_tree+0xe9/0x5d0 [ 104.647035][ T5832] ? __pfx_select_collect+0x10/0x10 [ 104.647056][ T5832] ? __pfx_shrink_dcache_tree+0x10/0x10 [ 104.647087][ T5832] ? reacquire_held_locks+0x104/0x190 [ 104.647136][ T5832] ? rt_spin_lock+0x1e0/0x400 [ 104.647168][ T5832] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 104.647201][ T5832] ? rt_spin_unlock+0x14f/0x200 [ 104.647236][ T5832] ? rt_spin_unlock+0x160/0x200 [ 104.647268][ T5832] d_invalidate+0xde/0x210 [ 104.647297][ T5832] ? __pfx_d_invalidate+0x10/0x10 [ 104.647328][ T5832] ? rt_spin_unlock+0x160/0x200 [ 104.647362][ T5832] proc_invalidate_siblings_dcache+0x3d3/0x6c0 [ 104.647395][ T5832] ? proc_invalidate_siblings_dcache+0x2b/0x6c0 [ 104.647425][ T5832] release_task+0x1207/0x16f0 [ 104.647457][ T5832] ? wait_consider_task+0x1966/0x2e30 [ 104.647489][ T5832] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 104.647523][ T5832] ? __pfx_release_task+0x10/0x10 [ 104.647547][ T5832] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 104.647576][ T5832] ? rt_spin_unlock+0x160/0x200 [ 104.647602][ T5832] wait_consider_task+0x1966/0x2e30 [ 104.647639][ T5832] ? __do_wait+0x155/0x740 [ 104.647665][ T5832] ? __pfx_wait_consider_task+0x10/0x10 [ 104.647690][ T5832] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 104.647718][ T5832] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 104.647745][ T5832] __do_wait+0x155/0x740 [ 104.647768][ T5832] ? rt_spin_unlock+0x160/0x200 [ 104.647794][ T5832] do_wait+0x1e7/0x510 [ 104.647818][ T5832] ? do_wait+0x17d/0x510 [ 104.647843][ T5832] kernel_wait4+0x232/0x2b0 [ 104.647867][ T5832] ? count_memcg_event_mm+0x21/0x260 [ 104.647892][ T5832] ? __pfx_kernel_wait4+0x10/0x10 [ 104.647919][ T5832] ? __pfx_child_wait_callback+0x10/0x10 [ 104.647945][ T5832] ? handle_mm_fault+0xed/0x14c0 [ 104.647981][ T5832] __x64_sys_wait4+0x166/0x240 [ 104.648014][ T5832] ? __pfx___x64_sys_wait4+0x10/0x10 [ 104.648055][ T5832] ? do_user_addr_fault+0xc6f/0x1340 [ 104.648083][ T5832] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.648107][ T5832] do_syscall_64+0x15f/0xf80 [ 104.648130][ T5832] ? trace_irq_disable+0x3b/0x140 [ 104.648154][ T5832] ? clear_bhb_loop+0x40/0x90 [ 104.648180][ T5832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.648200][ T5832] RIP: 0033:0x7f5f819cd04e [ 104.648218][ T5832] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 104.648235][ T5832] RSP: 002b:00007ffe64529f68 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 104.648256][ T5832] RAX: ffffffffffffffda RBX: 0000555559523500 RCX: 00007f5f819cd04e [ 104.648271][ T5832] RDX: 0000000040000001 RSI: 00007ffe6452a00c RDI: ffffffffffffffff [ 104.648287][ T5832] RBP: 00007ffe6452a00c R08: 0000000000000000 R09: 0000000000000000 [ 104.648300][ T5832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001388 [ 104.648311][ T5832] R13: 00000000000927c0 R14: 0000000000019687 R15: 00007ffe6452a060 [ 104.648346][ T5832] [ 104.648354][ T5832] [ 104.648359][ T5832] Allocated by task 5976: [ 104.648368][ T5832] kasan_save_track+0x3e/0x80 [ 104.648393][ T5832] __kasan_slab_alloc+0x6c/0x80 [ 104.648418][ T5832] kmem_cache_alloc_lru_noprof+0x33c/0x680 [ 104.648450][ T5832] __d_alloc+0x37/0x6f0 [ 104.648491][ T5832] d_alloc_parallel+0xe6/0x1610 [ 104.648525][ T5832] __lookup_slow+0x152/0x440 [ 104.648547][ T5832] lookup_slow+0x53/0x70 [ 104.648569][ T5832] link_path_walk+0x1273/0x18d0 [ 104.648591][ T5832] path_openat+0x2d5/0x38a0 [ 104.648615][ T5832] do_file_open+0x23e/0x4a0 [ 104.648637][ T5832] do_sys_openat2+0x113/0x200 [ 104.648656][ T5832] __x64_sys_openat+0x138/0x170 [ 104.648674][ T5832] do_syscall_64+0x15f/0xf80 [ 104.648690][ T5832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.648707][ T5832] [ 104.648711][ T5832] Freed by task 21: [ 104.648719][ T5832] kasan_save_track+0x3e/0x80 [ 104.648741][ T5832] kasan_save_free_info+0x46/0x50 [ 104.648759][ T5832] __kasan_slab_free+0x5c/0x80 [ 104.648781][ T5832] kmem_cache_free+0x187/0x6c0 [ 104.648808][ T5832] rcu_cpu_kthread+0x99e/0x1470 [ 104.648832][ T5832] smpboot_thread_fn+0x541/0xa50 [ 104.648850][ T5832] kthread+0x388/0x470 [ 104.648870][ T5832] ret_from_fork+0x514/0xb70 [ 104.648886][ T5832] ret_from_fork_asm+0x1a/0x30 [ 104.648908][ T5832] [ 104.648912][ T5832] Last potentially related work creation: [ 104.648918][ T5832] kasan_save_stack+0x3e/0x60 [ 104.648938][ T5832] kasan_record_aux_stack+0xbd/0xd0 [ 104.648954][ T5832] call_rcu+0xee/0x890 [ 104.648977][ T5832] __dentry_kill+0x4a9/0x690 [ 104.649006][ T5832] finish_dput+0xc9/0x480 [ 104.649023][ T5832] proc_invalidate_siblings_dcache+0x3db/0x6c0 [ 104.649046][ T5832] release_task+0x1207/0x16f0 [ 104.649067][ T5832] do_exit+0x1674/0x22c0 [ 104.649089][ T5832] do_group_exit+0x21b/0x2d0 [ 104.649112][ T5832] get_signal+0x1284/0x1330 [ 104.649127][ T5832] arch_do_signal_or_restart+0xbc/0x830 [ 104.649152][ T5832] exit_to_user_mode_loop+0x86/0x480 [ 104.649172][ T5832] do_syscall_64+0x33e/0xf80 [ 104.649188][ T5832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.649205][ T5832] [ 104.649209][ T5832] The buggy address belongs to the object at ffff88803efc01b8 [ 104.649209][ T5832] which belongs to the cache dentry of size 376 [ 104.649223][ T5832] The buggy address is located 208 bytes inside of [ 104.649223][ T5832] freed 376-byte region [ffff88803efc01b8, ffff88803efc0330) [ 104.649241][ T5832] [ 104.649246][ T5832] The buggy address belongs to the physical page: [ 104.649265][ T5832] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3efc0 [ 104.649283][ T5832] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 104.649297][ T5832] memcg:ffff88803574c601 [ 104.649304][ T5832] flags: 0x80000000000040(head|node=0|zone=1) [ 104.649326][ T5832] page_type: f5(slab) [ 104.649342][ T5832] raw: 0080000000000040 ffff88801c2f4640 dead000000000100 dead000000000122 [ 104.649358][ T5832] raw: 0000000000000000 0000000800120012 00000000f5000000 ffff88803574c601 [ 104.649374][ T5832] head: 0080000000000040 ffff88801c2f4640 dead000000000100 dead000000000122 [ 104.649390][ T5832] head: 0000000000000000 0000000800120012 00000000f5000000 ffff88803574c601 [ 104.649405][ T5832] head: 0080000000000001 ffffffffffffff81 00000000ffffffff 00000000ffffffff [ 104.649419][ T5832] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000002 [ 104.649429][ T5832] page dumped because: kasan: bad access detected [ 104.649444][ T5832] page_owner tracks the page as allocated [ 104.649452][ T5832] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5208, tgid 5208 (udevd), ts 53842214369, free_ts 0 [ 104.649486][ T5832] post_alloc_hook+0x231/0x280 [ 104.649513][ T5832] get_page_from_freelist+0x27d6/0x2850 [ 104.649548][ T5832] __alloc_frozen_pages_noprof+0x18d/0x380 [ 104.649575][ T5832] allocate_slab+0x77/0x660 [ 104.649591][ T5832] refill_objects+0x33c/0x3d0 [ 104.649607][ T5832] __pcs_replace_empty_main+0x373/0x720 [ 104.649626][ T5832] kmem_cache_alloc_lru_noprof+0x433/0x680 [ 104.649651][ T5832] __d_alloc+0x37/0x6f0 [ 104.649673][ T5832] d_alloc_parallel+0xe6/0x1610 [ 104.649695][ T5832] __lookup_slow+0x152/0x440 [ 104.649716][ T5832] lookup_slow+0x53/0x70 [ 104.649735][ T5832] path_lookupat+0x3f5/0x8c0 [ 104.649753][ T5832] filename_lookup+0x256/0x5d0 [ 104.649770][ T5832] vfs_statx+0xfc/0x200 [ 104.649785][ T5832] vfs_fstatat+0x11b/0x170 [ 104.649800][ T5832] __x64_sys_newfstatat+0x151/0x200 [ 104.649818][ T5832] page_owner free stack trace missing [ 104.649824][ T5832] [ 104.649828][ T5832] Memory state around the buggy address: [ 104.649837][ T5832] ffff88803efc0180: fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb fb [ 104.649849][ T5832] ffff88803efc0200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 104.649861][ T5832] >ffff88803efc0280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 104.649870][ T5832] ^ [ 104.649879][ T5832] ffff88803efc0300: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fa fb [ 104.649890][ T5832] ffff88803efc0380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 104.649899][ T5832] ================================================================== [ 104.649916][ T5832] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 104.649931][ T5832] CPU: 0 UID: 0 PID: 5832 Comm: syz-executor Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 104.649951][ T5832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 104.649962][ T5832] Call Trace: [ 104.649970][ T5832] [ 104.649978][ T5832] vpanic+0x56c/0xa60 [ 104.650008][ T5832] ? __pfx_vpanic+0x10/0x10 [ 104.650038][ T5832] panic+0xc5/0xd0 [ 104.650060][ T5832] ? __pfx_panic+0x10/0x10 [ 104.650098][ T5832] ? _raw_spin_lock_irqsave+0x40/0x60 [ 104.650116][ T5832] ? rcu_is_watching+0x15/0xb0 [ 104.650142][ T5832] ? _raw_spin_lock_irqsave+0x40/0x60 [ 104.650160][ T5832] ? _raw_spin_lock_irqsave+0x40/0x60 [ 104.650178][ T5832] check_panic_on_warn+0x89/0xb0 [ 104.650205][ T5832] ? _raw_spin_lock_irqsave+0x40/0x60 [ 104.650224][ T5832] end_report+0x73/0x170 [ 104.650248][ T5832] ? _raw_spin_lock_irqsave+0x40/0x60 [ 104.650264][ T5832] kasan_report+0x128/0x150 [ 104.650292][ T5832] ? _raw_spin_lock_irqsave+0x40/0x60 [ 104.650312][ T5832] ? rt_mutex_slowunlock+0xbf/0x8b0 [ 104.650338][ T5832] __kasan_check_byte+0x2a/0x40 [ 104.650362][ T5832] lock_acquire+0x84/0x350 [ 104.650383][ T5832] ? preempt_schedule_common+0x82/0xd0 [ 104.650400][ T5832] ? preempt_schedule_thunk+0x16/0x30 [ 104.650425][ T5832] ? rcu_is_watching+0x15/0xb0 [ 104.650453][ T5832] _raw_spin_lock_irqsave+0x40/0x60 [ 104.650470][ T5832] ? rt_mutex_slowunlock+0xbf/0x8b0 [ 104.650495][ T5832] rt_mutex_slowunlock+0xbf/0x8b0 [ 104.650536][ T5832] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 104.650565][ T5832] ? __rcu_read_unlock+0x83/0xe0 [ 104.650583][ T5832] ? rt_spin_unlock+0x160/0x200 [ 104.650607][ T5832] shrink_dentry_list+0x2e3/0x5e0 [ 104.650631][ T5832] shrink_dcache_tree+0xe9/0x5d0 [ 104.650655][ T5832] ? __pfx_select_collect+0x10/0x10 [ 104.650671][ T5832] ? __pfx_shrink_dcache_tree+0x10/0x10 [ 104.650695][ T5832] ? reacquire_held_locks+0x104/0x190 [ 104.650724][ T5832] ? rt_spin_lock+0x1e0/0x400 [ 104.650750][ T5832] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 104.650775][ T5832] ? rt_spin_unlock+0x14f/0x200 [ 104.650800][ T5832] ? rt_spin_unlock+0x160/0x200 [ 104.650826][ T5832] d_invalidate+0xde/0x210 [ 104.650849][ T5832] ? __pfx_d_invalidate+0x10/0x10 [ 104.650874][ T5832] ? rt_spin_unlock+0x160/0x200 [ 104.650901][ T5832] proc_invalidate_siblings_dcache+0x3d3/0x6c0 [ 104.650929][ T5832] ? proc_invalidate_siblings_dcache+0x2b/0x6c0 [ 104.650956][ T5832] release_task+0x1207/0x16f0 [ 104.650981][ T5832] ? wait_consider_task+0x1966/0x2e30 [ 104.651008][ T5832] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 104.651042][ T5832] ? __pfx_release_task+0x10/0x10 [ 104.651063][ T5832] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 104.651089][ T5832] ? rt_spin_unlock+0x160/0x200 [ 104.651115][ T5832] wait_consider_task+0x1966/0x2e30 [ 104.651146][ T5832] ? __do_wait+0x155/0x740 [ 104.651168][ T5832] ? __pfx_wait_consider_task+0x10/0x10 [ 104.651193][ T5832] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 104.651220][ T5832] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 104.651244][ T5832] __do_wait+0x155/0x740 [ 104.651266][ T5832] ? rt_spin_unlock+0x160/0x200 [ 104.651292][ T5832] do_wait+0x1e7/0x510 [ 104.651313][ T5832] ? do_wait+0x17d/0x510 [ 104.651336][ T5832] kernel_wait4+0x232/0x2b0 [ 104.651357][ T5832] ? count_memcg_event_mm+0x21/0x260 [ 104.651379][ T5832] ? __pfx_kernel_wait4+0x10/0x10 [ 104.651402][ T5832] ? __pfx_child_wait_callback+0x10/0x10 [ 104.651427][ T5832] ? handle_mm_fault+0xed/0x14c0 [ 104.651452][ T5832] __x64_sys_wait4+0x166/0x240 [ 104.651477][ T5832] ? __pfx___x64_sys_wait4+0x10/0x10 [ 104.651506][ T5832] ? do_user_addr_fault+0xc6f/0x1340 [ 104.651538][ T5832] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.651557][ T5832] do_syscall_64+0x15f/0xf80 [ 104.651572][ T5832] ? trace_irq_disable+0x3b/0x140 [ 104.651590][ T5832] ? clear_bhb_loop+0x40/0x90 [ 104.651608][ T5832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.651623][ T5832] RIP: 0033:0x7f5f819cd04e [ 104.651637][ T5832] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 104.651652][ T5832] RSP: 002b:00007ffe64529f68 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 104.651669][ T5832] RAX: ffffffffffffffda RBX: 0000555559523500 RCX: 00007f5f819cd04e [ 104.651682][ T5832] RDX: 0000000040000001 RSI: 00007ffe6452a00c RDI: ffffffffffffffff [ 104.651694][ T5832] RBP: 00007ffe6452a00c R08: 0000000000000000 R09: 0000000000000000 [ 104.651704][ T5832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001388 [ 104.651714][ T5832] R13: 00000000000927c0 R14: 0000000000019687 R15: 00007ffe6452a060 [ 104.651731][ T5832] [ 104.652792][ T5832] Kernel Offset: disabled