last executing test programs: 21.961763538s ago: executing program 1 (id=1182): r0 = socket(0x1d, 0x2, 0x6) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x4) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}}, 0x1c) (async) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x180000, @empty}, 0x1c) (async) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x54) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x84, &(0x7f0000000140)={r3, @in={{0x2, 0x0, @empty}}}, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000180)={r3, 0x1, 0x2, 0xe42, 0x401, 0x7}, 0x14) (async, rerun: 32) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000280)={r3, 0x200}, 0x8) (async, rerun: 32) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x48) ioctl$FIDEDUPERANGE(r4, 0xc0189436, &(0x7f00000000c0)={0x5, 0x7ff, 0x4, 0x0, 0x0, [{{r4}, 0x2}, {{r4}, 0x7fffffff}, {{r4}, 0x8}, {{r0}, 0x401}]}) (async, rerun: 32) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000020ac050f02220001828301090224000101000000090400000203010200092100050001220000090581"], 0x0) (rerun: 32) r5 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r5, &(0x7f00000001c0)={0xa, 0x4e20}, 0x1c) (async, rerun: 32) listen(r5, 0x200007) (async, rerun: 32) r6 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r6, &(0x7f0000000180)={0x2, 0x4e20, @loopback}, 0x10) (async, rerun: 32) getsockopt$inet_int(r6, 0x10d, 0x9a, &(0x7f0000000080), &(0x7f0000000000)=0x4) (async, rerun: 32) r7 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000240)='westwood\x00', 0x9) (async, rerun: 32) getsockopt$inet6_tcp_buf(r7, 0x6, 0x1a, 0x0, &(0x7f0000000380)) (async, rerun: 32) openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x0) (async) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, &(0x7f0000000200)) 20.398889892s ago: executing program 1 (id=1183): socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f00000000c0), 0x4) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, 0x0, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) getsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x20000000) 19.965808094s ago: executing program 1 (id=1185): getpid() recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000038c0), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) r1 = eventfd2(0x5, 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r1}) writev(r1, &(0x7f0000000400)=[{&(0x7f0000000040)="eebd73c460f8a4a8", 0x8}, {&(0x7f0000000100)="dda1", 0x2}], 0x2) 19.605271229s ago: executing program 1 (id=1186): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x371802, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x13, &(0x7f0000000000)=0x1, 0x4) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'wp384-generic\x00'}, 0x47) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$nl_route(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001800200000000000000000001d010000"], 0x14}}, 0xc004) write(r3, 0x0, 0x0) dup(r0) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) socket$packet(0x11, 0x0, 0x300) setxattr$incfs_metadata(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x0) 18.611450749s ago: executing program 1 (id=1188): r0 = socket(0x21, 0x5, 0x8) ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000000)) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000200), &(0x7f0000000240)='%-5lx \x00'}, 0x20) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x129203, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000340)={&(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x80000, 0x0, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000380)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x2}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x17, 0xe, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xc8c4, 0x0, 0x0, 0x0, 0x2}, [@btf_id={0x18, 0x5, 0x3, 0x0, 0x2}, @jmp={0x5, 0x0, 0x0, 0x7, 0x8, 0xffffffffffffffc0, 0x8}, @printk={@lld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xd0a7}}]}, &(0x7f00000000c0)='syzkaller\x00', 0xffffff79, 0xa8, &(0x7f0000000100)=""/168, 0x41100, 0x5c, '\x00', 0x0, 0x2c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000001c0)={0x2, 0x9, 0x1}, 0x10, 0x0, 0xffffffffffffffff, 0x2, &(0x7f0000000400)=[r1, r2, r3, r4], &(0x7f0000000440)=[{0x0, 0x2, 0x6, 0x9}, {0x0, 0x5, 0x7, 0x2}], 0x10, 0x5}, 0x90) sendmmsg$inet6(r2, &(0x7f0000002300)=[{{&(0x7f0000000540)={0xa, 0x4e23, 0x672f, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x4}, 0x1c, &(0x7f0000001580)=[{&(0x7f0000000580)="8d179c94e22f16f3e1cf9be9b288505407a124be26d17004bc81d82275f478977a92979e3737b52f15f8a9f597dae1b58bf68b7bfbfd98cd300c0022b34b04be3eb0cf72640149cacfe6fdad9477c07d36b04549ec0b952ee2482de03d5adc3aa5d6aeb612cc5d06752ec07570e0f306aadb32a3abb7ac659c86ccadb53f4c2eaaaae6c031e971fccc1cb805a76089b3fdbc45a3826a78d6c6e97dc3c69765b31b9adfd9c39d0baf2221a40035bc94367567e7592f6d85e48f9f5b42e279473e52383d486976f6bac92e7f21283454bd6026649d28a475ec842fc7b1b6562dbc11bc5e6370e6cd450ba5faba0f7045f98128247a895c940b80dc2ce1462a72fd475d5104295c9af771180d27ee7c8a7484380805f799782f9f2c86f70fdaabfd420c2ebcf741dc184325396f596def734d42647710214ea2670758c6c6f6ed32e486226b1600ee195608017ec7899b452e243c12e4096a7d788802d80d4ab6bc6ed2a846be2db2c7ebca92a0caccd888e4999a7951d185830a701a51f64d27d59dac9591723d1b652ac8ca8a9d7c05284463e218ca9b699149df93a75c567db4c7b2e485666a8cde9e39ba165b1f9888c1d216e2a08bc107568353759eafd17ce9acc0002253a8d9b23663b153db3358df9c2dceb445b6a5861ab7e73a9a2c00628d23908a6f77dd4545a412b8c83becde62329f8bcd32a12d44537aece5b734beb79c03ee86e7497c1fe28f415cd4b173d68704aa2e686ca8060ae07fa623c10cad5e5691ffc0f083542103ab341665cfcdf7983bae483b846490015402057812b86d9e08cb6ccc1bb449d0ffdcfb617dc3edae8c5b18396e772df56c92f2295dcab91e41fafd4c4d1471b5605d9fbe5d9291ce172f316f48c4ed08944263521a7c37d2b107019b7bb366b12bd703b3cb2828918f0a0b4b722bea7dd6a23b44d813d6471a14653977468d271e1cd3b3650cfcd091fc986f26cc19f770385a3e5e6f8928aefe91363516f8c45692b57c571b506cb7ceb9455f7fe319f19f09dd02c55c5fb8264282c23f205e48c44d29bda830a5fb03453ec7c3086ba91e7c5686be3cf53d967d55c3d2448936811c2d9ca610cc70736b76e9d861c508889a26e9b01ef17ba0e8319a28273215d46384e7714a86fb07eb441f4a05d75ad9f028222d30677f08f353e17f1fa07299fc87a03632f6fa9cd6eda947958ffb72d942becfc7160b27528a527b9e1c71f606766265d0b0b7ba299c78d40b80900b5be1ca8b4f8810f44775958233477684b6b0957ff448f400a969a2d47a2ca8180ae739ee933f917e24625474a9b20671e869681525bb508591dec17a1f9a72d5d842860d52bafd43c3843ab96ce3c448c13fd8f8e9daf934819ba75067ee117d685328edadc3aad334e30d29098195f6c84d41e5de27fa21b78b6255e67cb5c57915dca12e971088e1e37882d9648b42a63e299ca0dd80fe9dd3d81647e33908fd06d95da6331f194c1ead4d89b5a03ce179c3177fd33731466f4c520f62cd41d4c5110a01d5f672e53189c45cbea095c6cf8b54cdbc35b1aa219735f90c8529cebb3e3d39217de1e6530c8cd7d7ebcf234d1845d471447493fb905c5b1dc294b71323c0bc61b077abacf199d7b7b4a6712aaec1248a37592fccda268387497cfcc968021dfd1460cdc41deca47908a37a88aa269d209aaab892d982691544f99a4534213367b54dd1dff333307ff8119335d417dc6ae92fb30c4928c20126279bdbbb10cb9be1fbcffd4e0d0193c61431337b507e3dceb61fa70ef8a7e023d03ba161182cf83c605b2fd2ef7d05988878de22d971bf94a9f808af917a499de58105aeb3c54fdb1235d3ead0db9e76ef8555212ac95e02d95eac9d90667a55a919e33e207637fa79b408ae6cb157261b6b926d42b0fdd83bb1adf4923006dd1cec4c8dc74a0a52b3076ef3dcbf308da2566a614f0aaa94e958cf2b6e51df5f85f60dfe37374f122da62d23b88f70f126189f846e47b7699cbbcbf7f6713191a5cf9457df29a3932bac114cfac6f62146039d009bf81899ea4e760cb37b9febe2e63858713da948ec350a0e789eda0c4b6ffdab04d2ea22dfea4ab3ffb4c08b53f25dc123a0ec5e31a4488e7c6f3885ddd8315bb058bf9b8a6472d1c83aa9acd1fc6a220f8f10bbf218731cb8aaae510c3aa3b687d37d7dcd3e1daaf18aefda71cbffeb74946f03572d32c11c753e925e2459fe988dbf835daddd2352bfed1cde42ad42cfed743137bc6bd5a712fb711df75bc91c487159b104165e95e8661da03048339bdac186ba1e292fcef6bb48835a16e92da4ca09f087df853bc0f8398ba830c808822ac4e107051db524f11b40feb9247e0b6e80589cf280331a5db2c6ec2aa986443d2a4ecd458f54b511c757755ae8249b5e553e4c444646064c1fef0141da3abc76fa7f3e5a02e38a666f0f30fe7e2ce3821edbe8c5676995616fc35e93be68668261cd8cdbe48ab66967fd7da11fe6aed8458efe7e6e1204b9b482a6413379ad6d20694f815e7642434d265aa691c0302abb7385f2f585ceeea7ec516fc5e9ef89ca4eac3250da7182016ea79f16c8df7e9fb664775a841d9c652e3ae069c9336fba535bfceb25e586024d12befec00cbb2a50decb637c8735ccacbe5973f61484d1b4e1d706dc9a81ef957e5221a55b6e6a7ec2cebba91894a1ca8909c9af7c80dc3ec471b060d936e8bee0ca5b91668403228da496832f799b35243dd99bb505e735614a5e318b41781e595a6d5a841d79dcfbc2d7bf5a922eb4a30221322fee115cac3f21057694ee765a6290e5e4515f524f69c954c3e9ec651c2e36b57bf5afc4090c7ef6da87878763e3010520cf1e1d9883d255bc470e3791d580488a4203f29f4b78350825ffb81fa7dc2c9147576edf5c34da162e25335eb218cf697817f07d936a9360da3a16e9fd7398d31268b4986031059bfdd6f3cb68c3b7b43db043fff3f3c9bda37a3e5f9590c289cffa1ec62cc525cf9157feb734ce8ed1c8ae43c4fb830e2bd842065075e14773915210d28bc991cb75f2ba956ac7b5155ec698b084ea31e7aaf3c62387a1576e00de8a1ce7c3704df5142a6c239a480698bcc08e634ba87fa1979291ee59210c0fb7ec4cbfdf4797a8e1a9668cf6471b0ad798062a90ce7ba31689cb8d30c6fd38df983c317be1feb01f96a6226b130fa83366576d1eee45de2aeb1e41ac4123fc4e4bb6893f99538d4e73b20d6945434a1dec6228d78766849f83917af91ca6df814f36e6917f81281500f9fae199a28bc795c9e23fbe41853d5532dcdefc518754ffb5e4fd00f4cf9d99aaa765da1b34e0f5907debe76e03fa5395eb4e728ff9cbaec26d05f8837126217f930f3e2fa93849a025a307681cb7b2a549f4feb88c3b3335b98052fdd2c59475165ed0d03de0fe4222663a14cde3995aab32a734b4152a0f0b0908ce4dd92da68c51d4c729543986070da9f6504226e96ae3a60430e99b8bf2e0d2de4c4e56eb05e46ea6dec498c3529b7ac8863e60fc883251b586889a66c1d3a8621d6d9f92953cad47da76a309ec925417e66fff6102b4d29812cbc10beef04e68e0144f28f8dc62470b31af9614bacadaccaba7ce1f67ed62bd2719af39e8321a95384386b3ad280ab83c2d8f57ec07136f9e6f638adfc5ea02dd16ff923603a82dea598468925af2004b5e0b34dbd7887c57017cabad85aa3a51797963d2a72f7c3a8b291533d8b492eb6bfa3ba30e1e822a46c85bbfa085871718a5d4ffb9358e501664be185e77cf7cb9c6a04ce12c37e9af91e9af31e339f2795f74270137eac1af021d63e6e4e4f8141d03d5c6ac488b38c3374fdaa4c1481b664b2cdc3a4e4efa5bb7f9b56fb373ad960f000bab20539ecbcd4c5700f8ee96248ce467efbb41d3cac43e47af7c1e391f51f3bb5355e3902733ecaaae2564928bcd5ce0492c11db22fb4bba6a54d25924569670efff73a53d821ae871fef87d6f765b5272bc761234c46683f73a552d43400764d5311e03d0b779aa60e950795f0a39eab832064591ce9eef6e1e6935831e807ce1d318099a30aab657404c02e84bcd2f65d6f00a0ee6f1f1d0c726b4a150eb392ccf00cb062231dab835e222518bba243633822340a9f5622c4c1de0fae593413f73e482f343ba6ae6cbcf329ec3a041b1cad09356f7c4ca66c32e83f64a5b9604323e569a518ff3e0b093ba8223fb5837d26a0accd2767e83dc0ae8400a5395f9f200f4434fb6b141aae6a9661761fdde71b4c9b52a9d1d95e1f731b98ac7f834d3549b7ffd6b72fbc5a62d442859c1092c83891d7808b3d4025feb9a987753308b52fa4606a250ea54ef5e4c052975bc3e565faa22f0c0c73597bcd00bf024d9b01d729b67151c0980d5bcee17e96a8143d1b0980c64c185d78c5a65f25f50d12732684746a036023adf7424746ce85df62341017793f2c188f0e216a315a8fb107ebe2975d354aef7e1d6ed8a8305ce6412877eb34b3c92f563727a3d93cd94d5a3e6ae206fe0640a631c7331e83c6e29cc68eb859eac6b322adb66799b28bd09cb4d3f047d6e04b83ca8e6c9f28b123ebe676bce2a4486cc1b8df6253119db611832668b73fb069bf4b0bd40c38923490965b25cae2d81bd64ad49b3f88d35c72046b2645c8156885b56a5e08bffe3f68257b9e2e45057f4d9c4301aee0509946546c16c53ac741c1ec637c675b1a17e86adb23fbb11035e01866e4d10d5960fdc222cf779f1b8b6cbbb49b473e0df1a84e836daaec59827b9f40de1d33cbf64d4f8e385b713e6e96a1828c2d2a87ce202556393000a8bd59403cbbbe45ce8d09c60c31c6004f0ba065f5872f588647123b38290f9cb8f04242416f4ee5936ec68e33ff85eac25e36ec37db3284b009a1b34b44c0fdefecd40e73bf4aeca0f87336799963cf5ecb734122633a800ffad13d93330f64e362b6cddf8d1021e5a130ac48a9da8e27a68ef6d18b049684d5d8559dc5cee9f47237bef96508202fc07ccfda86dc794f950ef0271e9f4aa57065b773e762fc344850b51a001779031214c1ca849d5c400eaae5ce82c7226d8739f311937ebd6887f045fd08a5c6fa4a273c9fd68f0fdbcea08689dd04bee474bd8924cca140fd2b0e7844610ada8b334b603e5a24daa8a3f55fe1c67a2dc6943eef171eb398b1646d504b19f160234cfdd485c05e3eb5f7a33e008f530a19a3e2f4683b4dc27398876d76a4997cf3982e4bf1a97ac024c64c0133c005f6f9c079d01f0a4bae383b23ed4b5dc04f9723302637a54831218dd42645ba7dc0bc133c935de2c88fe7edc9a4ab53bdba4117d6c3d4e0785a54517015a687cd7d0836d9b8977d5d93bd8dddb69aaab7edd3ef04334794c3c53a9ab40ef217f8cf12cc96fb882471932c6232b567c0d12b2b422539a7bbbe5347c802df21b938d8acff089b7ebd28d5b911c77a58119454d88f0a606bd8c32f1717d30c1a094147fb9ae072526ab9672bb2097511c965e80b667918bf7a84b6b972d068d65d110909e358c6fe5c9f2a49e640386180a6dac71cf89af5ec498aea8340c0ccb2651b881ba7c90881817e64a6001a22d19cbc6b077615c3efca695dd0543bf8bde2977e9bd6a1a99c95d452a0558cdf50f3c1ed470008087a7b7a1cdedca6696878580dc758866f67b5f0ee7ace10d1f4004c5dc5d948d513f3079b8843cf2bdaac340153531eecd47d314a96a3c184f56d50dbdec50da82d682fe1e46a1591dd2f67f785924f88089", 0x1000}], 0x1}}, {{&(0x7f00000015c0)={0xa, 0x4e21, 0x9, @remote, 0x67f}, 0x1c, &(0x7f0000001800)=[{&(0x7f0000001600)="c7fc87cb71091b5fe95e26c31db1e89dd9b4135493b507c480899056cb8292ab0e498362ac2b7a14ed6dc7122297108785abb092ed4090c2ab23093a1040b68711decf02266c8ff1a37fa78fdc6241b2ea5234b8bb8ef28e4dc0ebb28b314520", 0x60}, {&(0x7f0000001680)="e6499b212eac93dd972795f65af4847af87915d3d052c99e72780812118809ad26530b7846c5898ad03986dcaca0c050bde674e8847f04753597eca662c262716cc033cde7a2f27b06ad8aba4fbabde46cd966be891b8dea0250e19e040ca417412e666a012e5ba73b5579fcc2f9f44c867a4a1f79697e7818aec671155aed407e3cb905b15d1b563621cc69b27bbc9f4c049c4219634dee23c0da0bcf42950f35d7bd", 0xa3}, {&(0x7f0000001740)="45eb8d64c91f8fcc054a8e50164f326143c6a29bee355539622ce92dcf8ee5a0ea343bd4a9c082ef42c3cf9fffd42655dc8e469f13c3d9f73e2ef7ac2006b3ee019f164dc3f4d9daac5a8be75ae80f1f959b3b1c6631313ca13d0746171f0f06f24105f8d9b936c717bf2f193a0c9e5e6e3371aba64ea4621aab268febd0f468a3e534d0", 0x84}], 0x3, &(0x7f0000001840)=[@dontfrag={{0x14, 0x29, 0x3e, 0x80000001}}, @rthdrdstopts={{0xa8, 0x29, 0x37, {0x3b, 0x11, '\x00', [@jumbo={0xc2, 0x4, 0x8}, @pad1, @enc_lim={0x4, 0x1, 0x80}, @generic={0x3, 0x71, "c036046fdb02f4aebda257650c75cc4a46fc83c0b01f8abdba03cd1692166568e213e7c4437045eee78564cc63b92d148d16e3bf7425d137738855cc9ae216db75e836dd87f37cc3b2debba1a9de3ae2b31bac1283effa716d2f2785b66864cfe64e6650753f2076039550a4de55c0bbd2"}, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}}}, @hopopts_2292={{0x28, 0x29, 0x36, {0x2c, 0x1, '\x00', [@enc_lim={0x4, 0x1, 0xc}, @padn={0x1, 0x1, [0x0]}, @jumbo={0xc2, 0x4, 0x800}]}}}], 0xe8}}, {{0x0, 0x0, &(0x7f0000001b80)=[{&(0x7f0000001940)="c34df9da20beb8d0c05e913c8c240a008ded34b30a01e9408ac4245e23bcd56177cc9502b9d16d4559b8ed05040ae650f6d0bd4edba09896480d888b85c7804a7a6b5a944ffa0c26805508bb2ed44f13ad99661fae7b1771def6758780d057731527c201b04626f4e1ccbe227d0e636dc861a8a119610c74b8a8b1e8656f778e580ad1259d8896d145e4384ebf00f94742bf12579003e82830330cdf281a20138f351f600a08facfbe210b4178037a7dd1738acb44f32a476d0b75fc2f5c448848351c04c429e5f8ca5f6975f1639c1f4e8c826a9b9e7ce473bd11c68ac20c7b1114b5d052a49a", 0xe7}, {&(0x7f0000001a40)="0f4d67d8490c414ddd81df2a38e79240e2e9be070fe79220bc71de4bf0dd2f28d49b069dd64734c7e93cf3840ca7f380389c0cceb91a3564aaee978e46d4cdef8d44edf0c120f0c8e3e4351b1434e8f4a7225b3d6d123a24", 0x58}, {&(0x7f0000001ac0)="7c8acdd11db6480d74094419196a2fbaa4d79b6d2069cc9525137e0b5ab96dd29d7db7882bb96a605b7cb2fefc81ab11cfdbc1", 0x33}, {&(0x7f0000001b00)="ef54b9b0a1740e79c8b01f544e7ab0826a1e2c8636be7245dec4fcf7ca43f08b86f2221ba56dd1aae24bf9a6cd5d012dcb59", 0x32}, {&(0x7f0000001b40)="6901f4c207575be92b9eeb3052b013209781fe9e18ccf947c70f4fd3721acd05", 0x20}], 0x5}}, {{&(0x7f0000001c00)={0xa, 0x4e22, 0x0, @mcast1, 0x6}, 0x1c, &(0x7f0000001cc0)=[{&(0x7f0000001c40)="d4a3dcef2bef8ef8d8f9409892824d1724730794edd723250c51a7b061ab70e80d7dcbd5e285cfc9fd43655a0fa2bcebca7d7941808a63e1d96d2beef579d61b06", 0x41}], 0x1, &(0x7f0000001d00)=[@hoplimit={{0x14, 0x29, 0x34, 0x5}}, @rthdrdstopts={{0x60, 0x29, 0x37, {0xa, 0x8, '\x00', [@ra={0x5, 0x2, 0x4}, @calipso={0x7, 0x20, {0x1, 0x6, 0x7f, 0x8, [0x10000, 0x3, 0x1000]}}, @jumbo={0xc2, 0x4, 0x1}, @generic={0xf, 0x7, "7bad89dd2735bd"}, @jumbo={0xc2, 0x4, 0xafdc}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}]}}}, @rthdr_2292={{0x68, 0x29, 0x39, {0xc, 0xa, 0x1, 0x68, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, @private2={0xfc, 0x2, '\x00', 0x1}, @mcast1, @dev={0xfe, 0x80, '\x00', 0x28}]}}}, @rthdr_2292={{0x28, 0x29, 0x39, {0x2b, 0x2, 0x1, 0x0, 0x0, [@private1={0xfc, 0x1, '\x00', 0x1}]}}}, @flowinfo={{0x14}}, @rthdrdstopts={{0x20, 0x29, 0x37, {0x1d, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0xd8}]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x11}}, @rthdrdstopts={{0x20, 0x29, 0x37, {0x2e, 0x0, '\x00', [@ra={0x5, 0x2, 0x4}]}}}, @rthdrdstopts={{0x88, 0x29, 0x37, {0x62, 0xd, '\x00', [@pad1, @generic={0xbf, 0x45, "d1f8ceb6e5e53cd9105d2bbbebcdc26d4b53d9012561bce01660ce16e54b750ba7d36937e8e290b211ebaeb41e6c08c4c87fb8a27a6cfb44e3bbede190d40dcdd68b28e733"}, @pad1, @jumbo={0xc2, 0x4, 0x2}, @padn={0x1, 0x1, [0x0]}, @enc_lim={0x4, 0x1, 0x2}, @calipso={0x7, 0x10, {0x0, 0x2, 0xfd, 0x0, [0x867]}}]}}}], 0x200}}, {{&(0x7f0000001f00)={0xa, 0x4e21, 0x1ff, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x30}}, 0x1}, 0x1c, &(0x7f0000002100)=[{&(0x7f0000001f40)="cc127c90d1f21787ba124a497c3be3901b0c49c13ab06c8f98891941de6ec04022f842c3f6db1af3b07d3de80919633d40c9d71474e4f07b3ce8d91523ef5792eafb07d3", 0x44}, {&(0x7f0000001fc0)="bb6271e316e0c9216898556e383e7867ce0f135962a6928973c24c1075d7dc40ac8c98c07ac7ec1d6cbb1970613a5d2493ef8f89ab4e8aa2a940494c091d3e18c0de05b85757a7151c7860e3d47b45eeeefbc59b4b7a8df87ca16318d69b67debbaa0b8bbe7fdd007aa78d18ada0564bcccfc7", 0x73}, {&(0x7f0000002040)="32bbde12eee17cbe2f82fb11f4b015313dd9b8ae70157d8be8b25490852619baf7c360726ee97bd60474f2841e22a0d8614923f6bb365c5b5800fcc98b748c25797d0800eb0417d8ec38045ec6768460c6b962ea1da09c4a4784ec8b2cebadffd90875a30f973735af48668df47e09e1040e2c8030bcb180d3e396a13a5b641ec60de1d1400454948a196a983f1fd44f", 0x90}], 0x3, &(0x7f0000002140)=[@hopopts={{0x188, 0x29, 0x36, {0x2c, 0x2d, '\x00', [@enc_lim, @calipso={0x7, 0x20, {0x1, 0x6, 0x8, 0x1, [0xf4e0, 0xa, 0xe]}}, @generic={0x9c, 0xb0, "f8c8626c6725e963614b2e5ef00839d6bafb4201cd25abeca26471066476c06b491130807e99abcb414e48eaf349b0cc0749bb8298252801701ae708a7ee25286465f5a3f2068c033f264db6fe38e0f6318a258e6994a47b3382c8dec1b379f141062f1bc5da46bee3f523a96dabda66aed4b1c410fe4263c3fb24db10a2773587b970e1675f99d5f8d1ee63152038a822d0d849ab2c34024e79ace2ed3f952ba562e7fd6a9df1f3f7a6315018609828"}, @calipso={0x7, 0x10, {0x3, 0x2, 0xff, 0x8, [0x4]}}, @jumbo={0xc2, 0x4, 0xa6c}, @generic={0x6, 0x72, "63db40d722623574aae208e8f55199e7e5d0ca6124f776ef881033fcac23661c7dc18a779b4bf4351282bcfd50768f43712f70d3335d7f01d6c256c51bb8b9ff5121f037989fa11a537a1ced9bc46469667a1a24e0ddd8d573891aceefa3baf440e6bc40182b89977fe27147cf35d9ee543f"}, @pad1, @padn={0x1, 0x1, [0x0]}]}}}], 0x188}}], 0x5, 0x880) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r2, 0xc05064a7, &(0x7f0000002700)={&(0x7f0000002440), &(0x7f0000002480)=[{}, {}, {}, {}, {}, {}, {}], &(0x7f0000002680)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000026c0)=[0x0, 0x0, 0x0], 0x7, 0x5}) syz_io_uring_setup(0x196d, &(0x7f0000002780)={0x0, 0x17b3, 0x2, 0x1, 0x114, 0x0, r3}, &(0x7f0000002800), &(0x7f0000002840)) r6 = openat$capi20(0xffffffffffffff9c, &(0x7f0000002880), 0x60800, 0x0) ioctl$CAPI_GET_SERIAL(r6, 0xc0044308, &(0x7f00000028c0)) r7 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000002900), 0x4a0082, 0x0) r8 = syz_open_dev$usbmon(&(0x7f0000002940), 0x0, 0x4000) poll(&(0x7f0000002980)=[{r6, 0x20}, {r7, 0x40}, {r2}, {0xffffffffffffffff, 0x40}, {r2, 0x424}, {r8, 0x11}, {r0, 0x4048}, {r2, 0x431a}], 0x8, 0x9) r9 = syz_usb_connect$printer(0x1, 0x36, &(0x7f00000029c0)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0xe7, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x6, 0x20, 0x9, [{{0x9, 0x4, 0x0, 0x5, 0x2, 0x7, 0x1, 0x2, 0xe3, "", {{{0x9, 0x5, 0x1, 0x2, 0x200, 0x7, 0x8}}, [{{0x9, 0x5, 0x82, 0x2, 0x10, 0xe, 0x3, 0x3f}}]}}}]}}]}}, &(0x7f0000002d80)={0xa, &(0x7f0000002a00)={0xa, 0x6, 0x201, 0x5, 0x6, 0x5, 0xff, 0x4}, 0x19, &(0x7f0000002a40)={0x5, 0xf, 0x19, 0x1, [@ss_container_id={0x14, 0x10, 0x4, 0x7f, "da74f8b5668a59a531566f232b02f4d9"}]}, 0x7, [{0x4, &(0x7f0000002a80)=@lang_id={0x4, 0x3, 0x445}}, {0x4, &(0x7f0000002ac0)=@lang_id={0x4, 0x3, 0x40d}}, {0x39, &(0x7f0000002b00)=@string={0x39, 0x3, "0319d76ef8e632707231e9a86f0d912ff01fa8df26ce49c3dcd6a9e9cca19459f5f366db71f378c9998a9fb7a7f6b2ca283252a8ff7298"}}, {0x86, &(0x7f0000002b40)=@string={0x86, 0x3, "2e872c8fe4bb9f9f17001ca6ec040891dc7bdd82ba360811822489eb0705e3dbe7d96bcfa51f8e5a3b2d267f95ff83df8bc5adc3569b1386c402306e2c94dd3009812a5a412c386d875cc9f6c69fb35874eb2506babc788479909d6419bf0e84536d4e7fe2e74a61c07edfa856e83cd5ec726fdc8a48421602dbedbbb8da298b1d306d11"}}, {0x4, &(0x7f0000002c00)=@lang_id={0x4, 0x3, 0x1407}}, {0x4, &(0x7f0000002c40)=@lang_id={0x4, 0x3, 0x449}}, {0xf7, &(0x7f0000002c80)=@string={0xf7, 0x3, "8ad6ac3b0b0104fac072d8c9fc2ec27bcfb4d25db21734dae193ffabacf8122296c1b7de4b656960b7fd5e9982aed4ff6109b3266c852ac2036295a59967eceef4ad8fc9742f89a2be4ef0e75dcb008b9a22da7e73e241518723ce534dae9bdcff4487e81ede6b40d222b997f87ace0e77697dc8ac6e45332b8df366f517645756a0654bfa27b215120fd6ffeb20d952f214a211f43ea73448c3a75d74938fe06efc59a57fe529d21ae734c12d10074deb1c01685d56b744b00ed87be0f415c9300b0a8c049f2783d1c163c0fe806143b5c3c298eec40107323cd118684ea199e132625a2ef037904b276079fbec45f234e357a9ce"}}]}) syz_usb_control_io(r9, &(0x7f00000030c0)={0x2c, &(0x7f0000002e00)={0x20, 0x21, 0xd, {0xd, 0x8, "a8c286bf6d149fb05e0c1b"}}, &(0x7f0000002e40)={0x0, 0x3, 0x5d, @string={0x5d, 0x3, "b2131022360781beee4f04fdd980e67703d06b9857d263238f5233a6f1d64be4566febe44c39f853afd15282c36d41d1ad4fa66c82afc3d2eaf7643d1b18278eaf3169fe37a0d53eb60102d49531d2e6b2e74baec78ea18e74c584"}}, &(0x7f0000002ec0)={0x0, 0xf, 0x15b, {0x5, 0xf, 0x15b, 0x6, [@ssp_cap={0x24, 0x10, 0xa, 0x7f, 0x6, 0x20, 0xf0f, 0xf, [0xc000, 0xffffff, 0xf, 0xff50, 0xc0c0, 0xf]}, @ss_container_id={0x14, 0x10, 0x4, 0x37, "f0b5691e5e10e127e35986b1f3b68a7f"}, @wireless={0xb, 0x10, 0x1, 0x2, 0x82, 0x4, 0x6, 0x81, 0x1}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x1, 0x6, 0x33, 0x3}, @generic={0xff, 0x10, 0xb, "29838f286144b185b620015dc1a39f491d1d224e210a32fb6663500d6ad36086ad66adc845e6f65ac0a0c324367d62ccc7c5774bd029c54a99c268ff03c492afec6fb23913ef4736ebf2f4dfa45f6417aeac0adee8386adfd4e91f2a09bea078a3fc25ed994d5fed2ca23a5f74fbb0102b779c283f047b7a3a2ff330677e7ef1a2013980b8cfef69f0af66d2e1be61c1d1de31b25401bdb18b2a2dee536881ef0951a6314e9a97b648832f9609c12cd1d5de3b384544a354f461d49d0fb7f3ddc0e7d69af13853f50516fff8c5af8e19e4c0f668aa024924f327cd3f9a285ec6cd3ce7e427e845387f5df3d03fd08c1a3873d1b17d0ca04fc171b10a"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0xd, 0x1, 0xa, 0x5}]}}, &(0x7f0000003040)={0x20, 0x29, 0xf, {0xf, 0x29, 0x75, 0x8, 0x2e, 0x8f, "33de3ec9", "1658dd6e"}}, &(0x7f0000003080)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xe5, 0x1, 0x1, 0x2, 0x9, 0x81, 0x6}}}, &(0x7f0000003580)={0x84, &(0x7f0000003100)={0x40, 0xd, 0x83, "0d384714ed8eba1700e4f55d0c27bf4a675507ee69e2d829049cabe4c3e1d8b193225453f56fdba6356d853d8429f2777835d609a7451c111110582a3cc36ec6243ced189e13a8b3a45efc0e372c2cfa861dc6040439ad5fd45355eaaee21612b32366119e048157580e8c59ba3484042026706d9affee6693af94f30838b6c7d91e69"}, &(0x7f00000031c0)={0x0, 0xa, 0x1, 0x7f}, &(0x7f0000003200)={0x0, 0x8, 0x1, 0xd}, &(0x7f0000003240)={0x20, 0x0, 0x4, {0x0, 0x1}}, &(0x7f0000003280)={0x20, 0x0, 0x4, {0x0, 0x40}}, &(0x7f00000032c0)={0x40, 0x7, 0x2, 0x2}, &(0x7f0000003300)={0x40, 0x9, 0x1, 0xd}, &(0x7f0000003340)={0x40, 0xb, 0x2, "e822"}, &(0x7f0000003380)={0x40, 0xf, 0x2, 0xfbff}, &(0x7f00000033c0)={0x40, 0x13, 0x6, @random="c676123e7e2e"}, &(0x7f0000003400)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x25}}, &(0x7f0000003440)={0x40, 0x19, 0x2, "80e6"}, &(0x7f0000003480)={0x40, 0x1a, 0x2, 0xa}, &(0x7f00000034c0)={0x40, 0x1c, 0x1, 0x9}, &(0x7f0000003500)={0x40, 0x1e, 0x1, 0x1}, &(0x7f0000003540)={0x40, 0x21, 0x1, 0x1}}) ioctl$TIOCSIG(r3, 0x40045436, 0x37) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000003740)={&(0x7f0000003640)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000003680)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000036c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000003700)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, 0x9, 0x5, 0x8}) bind$netlink(r3, &(0x7f0000003780)={0x10, 0x0, 0x25dfdbfb, 0x100000}, 0xc) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r3, 0xc0189378, &(0x7f00000037c0)={{0x1, 0x1, 0x18, r2, {r2}}, './file0\x00'}) ioctl$BTRFS_IOC_WAIT_SYNC(r11, 0x40089416, &(0x7f0000003800)) r12 = syz_usb_connect$cdc_ncm(0x1, 0x7a, &(0x7f0000003840)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x68, 0x2, 0x1, 0x9, 0x80, 0x5, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x2, 0x16e, 0x3e72, 0x93}, {0x6, 0x24, 0x1a, 0x3, 0xa}, [@mbim={0xc, 0x24, 0x1b, 0x979, 0x6, 0x8c, 0x0, 0xa5b, 0x90}]}, {{0x9, 0x5, 0x81, 0x3, 0x8, 0x2, 0x8, 0xe6}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0xca, 0x8, 0x7}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x3, 0x1, 0x7}}}}}}}]}}, &(0x7f0000003b80)={0xa, &(0x7f00000038c0)={0xa, 0x6, 0x300, 0x6b, 0xab, 0xc, 0x40, 0xff}, 0x8, &(0x7f0000003900)={0x5, 0xf, 0x8, 0x1, [@ptm_cap={0x3}]}, 0x6, [{0x4, &(0x7f0000003940)=@lang_id={0x4, 0x3, 0x1897}}, {0x55, &(0x7f0000003980)=@string={0x55, 0x3, "acde2b3a3292ba7e64c90936b604ae6777f6759c60de688021734e320c7cd0b81b4b3abff87604b09e6c003b50de9aa720e66de2f09dc3e4930352a09c3f2dd5179e133fade941a133e38a2dfd51cf08ba37cb"}}, {0x2d, &(0x7f0000003a00)=@string={0x2d, 0x3, "3d3d17140063c32c7bae69336ea7dacc7cdee64b7fcfb25a51f919368347c92d80772f238a90a5a0b91b0e"}}, {0x4, &(0x7f0000003a40)=@string={0x4, 0x3, '0W'}}, {0x4, &(0x7f0000003a80)=@lang_id={0x4, 0x3, 0xc0a}}, {0x9a, &(0x7f0000003ac0)=@string={0x9a, 0x3, "3d8f546f0024d106bff303b3cd75cedc844a1c79801a64dfe056abeb3db409b89228f71a70103b79015d23bc14abddeac3495b16bbdda6cc33e021edd20512c1c593012e6fef8afaa9cd08c7bc77253124aa16f1a4973f35945c4124acee6e8f0ce50a1dca5cf10ca0e3f4a630c67f75c0ded19681979afcac7d6769581955d0461f6a6f5f7081d1351096e5d29b79ea8bc677ebca31a197"}}]}) syz_usb_control_io$cdc_ncm(r12, &(0x7f0000003c80)={0x14, &(0x7f0000003c00)={0x40, 0xc, 0xf, {0xf, 0x24, "fd952ec6af1bd60653a0a8dc38"}}, &(0x7f0000003c40)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000003f80)={0x44, &(0x7f0000003cc0)={0x20, 0xe, 0xc7, "fab5c0bbb777c9b1a55f6bb89427123e41bc33b6ef0ccdfab80748d362ba0cc4c8a38911fd74529cb4d821a1812cddce059f11d5470ce6842a99dc60e6fd78ba921db4d32b889470281f909b2aa40867537cd2fb812afd63a0096dd3dc75ab108aaf55c8c9ecb055d49fca404586f2db1642ae1a6f2f485f8a32b01cbca914d32414d2b8b3baf2db5746e1c9de2876ccf4193d4bd91a9617526a6a26872f14b7f5956b47e4386ab01d06b5b0b850fb4d4fd0ea2f24ff4c8e275a26fb4947d0eed084b9f9c7b061"}, &(0x7f0000003dc0)={0x0, 0xa, 0x1, 0xc}, &(0x7f0000003e00)={0x0, 0x8, 0x1, 0xde}, &(0x7f0000003e40)={0x20, 0x80, 0x1c, {0x1ff, 0x8, 0x7, 0x9, 0x6, 0x7c51, 0x7, 0xeb, 0x0, 0x7ff, 0x4, 0x8}}, &(0x7f0000003e80)={0x20, 0x85, 0x4, 0x200}, &(0x7f0000003ec0)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000003f00)={0x20, 0x87, 0x2, 0x3}, &(0x7f0000003f40)={0x20, 0x89, 0x2}}) r13 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000004000), 0x200800, 0x0) r14 = ioctl$UDMABUF_CREATE(r13, 0x40187542, &(0x7f0000004040)={r10, 0x1, 0x10000, 0xfffff000}) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x10, r14, 0xedede000) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000004080)=0x0) timer_create(0x3, &(0x7f00000040c0)={0x0, 0x4, 0x2, @tid=r15}, &(0x7f0000004100)) ioctl$TUNSETFILTEREBPF(r11, 0x800454e1, &(0x7f0000004140)=r5) 17.443847508s ago: executing program 2 (id=1194): bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0x5, 0x1, 0xb, 0x2, 0x800, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffdff}, 0x48) r0 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) r1 = socket$nl_rdma(0x10, 0x3, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240), 0x0, 0x100, 0xf6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeec, 0x8010, r0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) socket$inet6(0xa, 0x4, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4b, &(0x7f0000000100)=0x4, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e20, 0x2, @private1, 0x9}, 0x1c) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) remap_file_pages(&(0x7f0000491000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000300)='net/mcfilter6\x00') sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a38000000160a05000000000000000000020000000c00054000000000000000010900020073797a373dece33d7e6a315040c7bd3c40362932000000000900020073797a300000000030000000020a0102000000000000bce16e23309733000005000000080002400000000008000240000000010c0004400000000000000003140000"], 0x90}, 0x1, 0x0, 0x0, 0x40040}, 0x48810) read$char_usb(r4, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000080)=0x1) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)=0xfffffffc) r5 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x242, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r5, 0x80045017, 0x0) r6 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x2, 0x1c1ca4) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r6, 0x4112, 0x0) r7 = syz_open_dev$usbmon(&(0x7f0000000900), 0x0, 0x0) ioctl$MON_IOCT_RING_SIZE(r7, 0x80089203, 0x200000000000000) write$binfmt_elf32(r6, &(0x7f0000000240)=ANY=[@ANYRESHEX=r1], 0x1000) r8 = openat$proc_capi20(0xffffff9c, &(0x7f0000000740), 0x0, 0x0) read$FUSE(r8, &(0x7f0000004dc0)={0x2020}, 0x2020) 16.774777233s ago: executing program 2 (id=1195): socket$inet_tcp(0x2, 0x1, 0x0) socket$igmp(0x2, 0x3, 0x2) socket$inet6_udp(0xa, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="40000500", @ANYRES16=0x0, @ANYBLOB="000028bd70000c0000001000000024000280080004000300000006000b000200000006000e004e24000006000f00020000000800050004000000"], 0x40}, 0x1, 0x0, 0x0, 0x4010}, 0x60080810) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x40400, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0) open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000480)='vegas\x00', 0x6) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) r2 = socket$inet6(0x10, 0x2, 0x4) sendto$inet6(r2, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000004c0)=ANY=[@ANYRES8=0x0, @ANYBLOB=',rootmode=00000000000000000100000,user_id', @ANYRESDEC=0x0, @ANYBLOB=',group_i']) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000200), 0xfffffd9d) setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f00000000c0)='westwood\x00', 0x9) sendfile(r3, r4, 0x0, 0x8000002b) socket$kcm(0x2, 0xa, 0x2) 15.448222644s ago: executing program 1 (id=1200): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) setrlimit(0x0, &(0x7f0000000080)={0x3, 0x80000001}) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(0xffffffffffffffff, 0x28, 0x1, &(0x7f0000000380), 0x8) listen(0xffffffffffffffff, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newtaction={0x74, 0x30, 0xb, 0x0, 0x0, {}, [{0x60, 0x1, [@m_vlan={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c}, @TCA_VLAN_PUSH_VLAN_ID={0x6}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x74}}, 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x0, @empty}], 0x10) socket$kcm(0x10, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10) socket$kcm(0x10, 0x3, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000004640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a34000000140a0703000000000000000002000000080003400000000a0900010073797a3000000000090002"], 0x5c}}, 0x0) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/oops_count', 0x880, 0xa0) ioctl$AUTOFS_IOC_FAIL(r3, 0x4c80, 0xffffffffffffffe4) 15.30050552s ago: executing program 2 (id=1202): r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SNDCTL_DSP_GETBLKSIZE(r0, 0x5015, 0x0) 14.887047266s ago: executing program 2 (id=1205): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0xc8, r2, 0x705, 0x0, 0x0, {}, [@ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}]}, @ETHTOOL_A_STRSET_STRINGSETS={0x88, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0xffffffffffffffba}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}]}, {0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}]}, {0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}]}]}]}, 0xc8}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_TTL={0x5, 0x1f}]}]}, 0x28}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a30"], 0x7c}}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="3400000011000100000000000000000007000000", @ANYRES32=r7, @ANYBLOB="000000000000000014001a80100004800c0004800800"], 0x34}}, 0x0) getxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)=@known='user.incfs.id\x00', 0x0, 0x0) r8 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000080)='.pending_reads\x00', 0xc2242, 0x0) dup3(r8, r4, 0x0) 14.534721393s ago: executing program 2 (id=1207): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf22, 0x0, 0x1}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0x1, 0x0, 0x1}, 0x48) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r2, 0xfff) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4}, 0x1c) listen(r3, 0x1000000) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x89f0, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000340)=@ethtool_regs={0x12, 0x0, 0xd, "fbdbf978590aa1b88c44306d20"}}) sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000240)=@abs={0x1}, 0x6e, &(0x7f0000000cc0)=[{&(0x7f0000000440)="ff915a45d7c5f7c8568ebdc57386a19e302e55f53d1b2a9388fd12ad903c29d3e976d8100612cd0800000000000000d7a274b8c2401413676458fa504e09e887ef6ff0cdd758010df00f564a11c1713dbcabd72ba811021faee1ac8d79bebdc3fe43f43c66e89dd70c176a25738767a6a417a9ef94cf1b85c3d2", 0x7a}, {&(0x7f0000000500)="06bab070b09e636fc7e486e1c1f34a4c06c3a6a3630fbb1ed4b84bb6e674968e67310078013dc9f2503b01004c93ba0f4ca556bae048a362dd2f00"/74, 0x4a}, {&(0x7f0000000c40)="ec32075af1322e1c7e56eb9fcbba3252033944c118ac35c5373bec014f4bdb6c4de024a1b6565077626daaac314db078b7568221bd5e8259c1e32a3af2c680a86a67ff0df9", 0x45}, {&(0x7f00000013c0)="a9ef4d07e893054155829967a251655a0f074e8c92d77db90c391c6fc8e119ad2021b5aa814e26805a1de486be6a34e7d46dfe23ed511e7c000084272cbef991ce0b0b6600e9c680beae8e6bf430af34c60f7b2083256d2d5e91ca2ceb9d2492c2f507bbf77adbfffda6b088582edb495fb2526892750995e30868b8c897cc972329a6ddef3ba1922141981efdd51c2a495a181d1de8a9d0b3f461a1f28506fec8f77e3b222c", 0xa6}, {&(0x7f00000006c0)="057fd08656a165bd0dccb631c436c81971cae814c374abb2401493d87b7ecdf51e98b91c95c1d78878911c02c326cec93b8bfa168428fce1e9eeed0444eacbe8a3c5992f844221b9651a50fbe693675fcdbabc590979027e059bf227e65108bbb0a9f337a3f110fd12cb4141d126d600cd4b5aeed5019bb1d589523b61ef61cde70d51f84d9d719b300084552c3ba2d9c799de1c75e1049889dc118828b7764e30291077aefb1535d1a1d51dd8beb2435713b5eff84397a4a4c03db093dfc74840835bb91d4dffea1051fdc62f6b81da8336aee50300b2b2922323ed021d", 0xde}], 0x5, &(0x7f0000000800)=ANY=[@ANYRES8, @ANYRES32, @ANYBLOB="92e58f85c9cb98dbfd140e13c0b2121f1c039f13af64a68d0751135db097479c0d4a925be660c2230e5b49126ed89a8bd98bdab7547eb3048646839bace09a6c97a6167d130a650db45897adce5ea0d4d4776e7c76939526133a873b41544e86d824fe094f0990a528813d68120355d478cb419fc8e96fd023c503000039363f2b9a600a5e844de28fe013976ea65fbcff75cb00"/157, @ANYRES8=r5, @ANYRES32=0xee00, @ANYRES8=r4, @ANYRESHEX=r5, @ANYBLOB="84e4a386d000"/15, @ANYRES32, @ANYRES8=0xffffffffffffffff, @ANYBLOB="000000001cf8fe961a00000000000000000000003b23ae645bf1c385a2556f8637d97aef6e4ba95ab8ee31488b4f9bd2e737e5abda190300894ed9dc6dfaaa0ae8564310db9033e45b10ddf8d23b9cdbe6fd26e5fa80322543fd6ac43b818728b6fa8a8bdb79c631e55ae52f26a4c8705b0337bb06a6b806dfcf5ad1a5bf4fc33ea56ef4750ad9c04fc6d06c21a4de8b227c25779633752320db8394189b0d9d3cc610b2920cd7751d13933baafc7bfd581bec18de092fd9237d9857accfdc12f56f8bea6c4764765bcee38d38325dd2b5efa23424f5d7547733e099c3a2ef4e53f83ed022b78a02e4d089c70985514d17b60bd0", @ANYRES32=0x0, @ANYRESDEC, @ANYRESOCT=r4], 0xa0}, 0x20000041) setsockopt$inet6_int(r4, 0x29, 0x38, &(0x7f0000000180)=0x5, 0x4) syz_extract_tcp_res$synack(&(0x7f0000000000)={0x41424344}, 0x1, 0x0) pipe(&(0x7f0000001080)={0xffffffffffffffff}) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010000100000000000080000000000000", @ANYBLOB, @ANYRES32=r7, @ANYBLOB="0a001b000000000000"], 0x2c}, {&(0x7f0000002bc0)=ANY=[@ANYRES32, @ANYRESDEC, @ANYRESHEX, @ANYRESOCT, @ANYRES32=r3, @ANYRES8=r6, @ANYRESOCT=r7, @ANYRESOCT=r4, @ANYRES64], 0x200}, {&(0x7f00000030c0)=ANY=[@ANYRES8, @ANYRES16=r8, @ANYRESHEX, @ANYRES32, @ANYBLOB="0400290014007100fcc9000000000000000000000000000000001400560020010000000000000000000000000000d2008a8008004200", @ANYRES32, @ANYRESOCT], 0x3b0}, {&(0x7f00000011c0)=ANY=[@ANYBLOB="6c01001b4971e6a35656afe75d074b437887acc9122b08edd78735e40b661dd47fc0f8970eff8cd61b868901800000000000009db7bd4dad9ca28eb6424af33a078751df7756e14f14e985f9ba15ed68113473eaefae72d7912631fa71dd450114002500000000000000c4d1cbe918706519000108006d00000000000200000000000000", @ANYRES32, @ANYBLOB="0d0007002f5d3a402dd34bcfd20000003c1334834595d3f4e4e63f5d3b7ad1c6d138330cf1e89df2bac44aede49d496ac1cad9609428c0a064dbce92af3f22b51484d8f121b065fc4b5ce25004591bd045208ffebf1a54355ed0712aea727f932e35d956b8db0b82484b79a61ff29dd0fe1170231abbe632a75af5f43a85e41c401df58a7a2497e3b5231f5a37eee344adfcdd5181569d0a4a195af10d6dd8dcc234469e00b19feeb94b2f72d824e0a2b99e34aaf3d39af4105c4bd413e03a647da81523dfe9333f936010da3278a64a505cd104c8d4f7c41b904804c87e2de405f8f688acfd39991d58caf457dc03e97b2edb2492b32469a2a8228baeb7006114e6379fd0476cbceb1bec9b01babafbfd7d4bee5b76e8e1f42b39f9f84f555ae3a4cbc0f982dee80af161adf46506beeed0bbe67e9a067879a79767698917d6b39bf59332d43ec6b6ec1385182f776ca3d0956b05cbed"], 0x16c}], 0x4}, 0x0) syz_emit_ethernet(0x56, &(0x7f0000000a00)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0000f5", 0x20, 0x6, 0x0, @local, @local, {[], {{0x0, 0x0, r7, 0x41424344, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, {[@mptcp=@add_addr={0x1e, 0xa, 0x2, 0xa, 0x0, @local}]}}}}}}}}, 0x0) syz_emit_ethernet(0xfffffffffffffebb, &(0x7f0000000380)={@local, @broadcast, @void, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x0, 0x2, @broadcast, @ipv4={'\x00', '\xff\xff', @local}, @local, @empty}}}}, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b", 0x5a, 0x0, 0x0, 0x0) syz_emit_ethernet(0x5a, &(0x7f00000001c0)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x24, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @generic={0x4, 0x3, "aa"}, @sack_perm={0x4, 0x2}]}}}}}}}}, 0x0) r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xd, 0x5, 0x4, 0x6, 0x0, r1}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r10, &(0x7f00000001c0), &(0x7f0000000300)=@udp6=r0}, 0x20) 13.916131679s ago: executing program 2 (id=1212): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = syz_io_uring_setup(0x1f87, 0x0, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index, 0x0, &(0x7f0000000140)=[{0xffffffffffffffff}, {0x0}, {&(0x7f0000000040)="7bbf5dacc2e9747b909d1cdd3a2393"}], 0x100000000000038e}) io_uring_enter(r2, 0x50, 0x0, 0x0, 0x0, 0xfffffffffffffff4) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r5, 0x84, 0x10, &(0x7f0000000000)=@sack_info={0x0, 0x0, 0x6}, 0xc) r6 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r7, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendto$inet6(r8, &(0x7f0000000080)="b3019c28", 0x62, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) recvmmsg(r8, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}}, {{&(0x7f00000000c0)=@nl, 0x0, &(0x7f0000000240)=[{&(0x7f0000000180)=""/186}, {0xffffffffffffffff}], 0x0, &(0x7f0000000280)=""/239}}, {{&(0x7f0000000e80)=@vsock={0x28, 0x0, 0x0, @host}, 0x0, &(0x7f0000000680)=[{&(0x7f0000000400)=""/18}, {&(0x7f0000000440)=""/110}, {&(0x7f00000004c0)=""/165}, {&(0x7f0000001540)=""/4096}, {&(0x7f0000000580)=""/245}], 0x0, &(0x7f0000000700)=""/27}}, {{&(0x7f0000000740)=@nfc, 0x0, &(0x7f0000000c00), 0x0, &(0x7f0000000cc0)=""/180}}], 0x4000000000001f1, 0x10162, 0x0) r9 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_RESET_LINK_STATS(r6, &(0x7f0000000180)={0x0, 0xfd61, &(0x7f00000001c0)={&(0x7f0000000240)={0x30, r9, 0x1, 0x0, 0x0, {{}, {0x0, 0xb}, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}}, 0x0) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) r11 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r11, 0x117, 0x1, 0x0, 0x0) r12 = accept4(r11, 0x0, 0x0, 0x0) sendmmsg$alg(r12, &(0x7f0000003540)=[{0x0, 0x0, &(0x7f0000000ec0)=[{&(0x7f0000000180)="31ab732abda0ad89281b2f0df75394f09d985dd88bd336d236badceecf9ebad6deec5e01719baf69fd8bc43b57e2f5b16ade367cb54ffcc32e05471802c7950ae6379e85ef52b5ad39fa52ec8baa546d0463d6f353c0df6af4d3adb451aa8e20b3885fc7e5bc06ddb24132ab4db0e7b25ccd34a2a29a400d2c9a7510", 0x7c}, {&(0x7f0000000280)="4abb1d8fb9ec59d06d02cc053ce6ac1168d484bfc91789aaedda7f345881d8e3299cca7bf6eb1730423b84df251adc5a6a3df5fbcdaba7541a96a745211d458ecbd25f7adabff10c56381424f96521b18ab8e2a5f92b0fc2997ff7102298726aff76f6f46139d32dadd2bf29ffa86c4902dc74bb62d15481c333ccb19d37853c99140d", 0x83}], 0x2}], 0x1, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) recvmmsg(r12, &(0x7f00000038c0)=[{{0x0, 0x0, &(0x7f0000000d80)=[{&(0x7f0000000840)=""/245, 0xf5}, {&(0x7f00000009c0)=""/157, 0x9d}], 0x2}}], 0x1, 0x0, 0x0) sendto$inet6(r5, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) writev(r5, &(0x7f0000000540)=[{&(0x7f0000000500)='y', 0x1}], 0x1) mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x6, 0x13, r1, 0x0) 9.573242887s ago: executing program 4 (id=1227): prlimit64(0x0, 0x2, &(0x7f0000000040), 0x0) brk(0xfffffffffffffff9) r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) creat(0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING(r2, 0x4068aea3, &(0x7f0000000180)={0xc0, 0x0, 0x2000}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x3, 0x2, 0x4, 0x2000, &(0x7f0000000000/0x2000)=nil}) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000140)="3cb7d692", 0x4}], 0x1) 9.174736893s ago: executing program 4 (id=1228): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000) write$vhost_msg_v2(r0, &(0x7f0000000180)={0x2, 0x70, {&(0x7f0000000340)=""/112, 0x70, 0x0, 0x3, 0x2}}, 0x48) 9.07610051s ago: executing program 4 (id=1229): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) setrlimit(0x0, &(0x7f0000000080)={0x3, 0x80000001}) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(0xffffffffffffffff, 0x28, 0x1, &(0x7f0000000380), 0x8) listen(0xffffffffffffffff, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newtaction={0x74, 0x30, 0xb, 0x0, 0x0, {}, [{0x60, 0x1, [@m_vlan={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c}, @TCA_VLAN_PUSH_VLAN_ID={0x6}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x74}}, 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x0, @empty}], 0x10) socket$kcm(0x10, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10) socket$kcm(0x10, 0x3, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000004640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a34000000140a0703000000000000000002000000080003400000000a0900010073797a3000000000090002"], 0x5c}}, 0x0) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/oops_count', 0x880, 0xa0) ioctl$AUTOFS_IOC_FAIL(r3, 0x4c80, 0xffffffffffffffe4) 7.909330074s ago: executing program 4 (id=1232): syz_usb_connect(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="120100003d36d840890457e0d65600000001090224000300000000090400ff0045f727b61b3f2700000c15e700090400000060843500"], 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d443a67467893b9bf0d1c8130ae6b226900000635376413c29f7c6f7b7e29b9a0c64e68328661f0c06e21f7d7dc22174ea4447a6f60edef3a4168d40200fbc71104512efe8e5d7d934aa289b4bd2b870000000000000000000007000000002000000000009b777883a02f0593dfc4cb4114b9f9cf4ad155110cc6ace2b322ac31bfa27847c799c8009a1ea5b98e525e6383ad7fd9795170e7b11e247603c2ff49a11459c7f606d729d3979676bffb3049166bb84a0f061991bd57c2566c10c282352aba05b6164ef876915a3f2491e4793e590dcc71de10da96366c1e992c0068c940dd4422c9882d3aa0f8a797b8fea6efcfb5276b7679f15559edaa977504cc0b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd04000000de17e1e13b93669b79556abb722d9c085b189b5fd1f30e8dc813f608830b110001732135e8e7262f290000923bfb6b41ff3792cee2fc37eee739c3e36a4bc80112968ec0d8902eced1fe552018014a463abbbf7ccd6a92a5734e3ebfca9b6e88e031f31de2183652e77c164c646a1cfd3710aa4205d8d4d4f974133ccb1e49feb42664eccd809c0ba8917eda87489e8946d5c8156197bcb66fd5606c63e3389ee9e8552381646365066ef9a36a449c96485c22ad1aa423b7b89efbc6cd54000bb0ea5f4f1e8773144fb6ac9a44d43593d77e66aa7ed7f3d4e7b211590c738888d02b2dbb0b2ba73ec72e1d8d7360a128499dd19e1e7b9b0671f4f58515b45ecb9964f3c4ddb8234391d514f8d996d8d6dd7f8fadfee2d7a0035638ce27c2936cb04b30a0eb0cde0000000000000040000000ec3c12ecee8fc3a40000000000000000e215b00ce2570b930723cbadb4033d1b8aaa2cfb3fb89e4a6e89737fd6232218a9e0c099d1eb59d60b3cca089785642f327139bc4394fb6d547a9b3c22599e780c1da7433fb47615d372e3fffe9703e37d5c87d513165278650738efcc04d27b766cf7f60066edd292f6c8a2174f391ed164bb1816819ceb3e378e776d422bc946cd9501accebeac3a5b31d8abc68ae537cd44a04e6bc21c35a7beab2610c51e593676bf635a20f597f4631b91454d182f826071f5210bd6d93173589929b23801e63c2266fde13b5a04b8d48be057c752bc415a756ea9b4d34156c4f73dd5e5924ef101a5fcdaf37c7ba2c4a9de9b000000000000000000000000000000a73b862e4b63c245616b522345587d0ee65a6902bdd0abd941e8aba37510b222ae544f395edd1b92ad53fc68f08ea00edc5e10d768836169dd296d56b306e8b75778c37571792a6c3d8b02ef378ebd59422cdd008bef6f80a80a68641ea5ed4f1126bb676098c10bf663eb3fb8c839364d28fd046dc64b35f9c3397ce6f4ad357b0000000000090000000088c7a8e2638f650a6f04a6f33a090f59414d6ebcbc687e66d600000000bd0a58ea6d36fc2cf9b9a71c137a2a22adb1006f371d4faf47285fd66fe0389afb96854bb360edcdf11b4ff6dd578bba93e949d240cde9b5836cb46032484dc19c93db7b6e5afa10547c78e76a3111557346e52566df196fd630561bb908fff4d2e19562aabd43742a26a43799f8636fa04ceb40c9e4ca1cfbbc7b949cd245a3ee118fd0d4f639444539af8766028d4ac4d4c548e290199e0dacbb4f6796b39bf32934d941ba2f88e3ebd0cf8e24f99eca86e4ca9b2cd2b54044a7fc4631572a6378a32df288785f146275c1f548e2a0c1016744e05f9de5044373d7650125027547eefe7b2d8c8871bb65395fae99d8456883705bfdfb00001854b2e5efa8aaf25827d659f592b1575281ec125de7fb91cd81d91dcb19f5cdf1e1e2b4a8a1389753a09110538689e38e07fb2dc72bd4fd11d7bc16aac5d85c6101bb722895248e463a5fb45ce0e564e90cb19d5993b471687ae4165e29cf2f58082115f5f8569896eedfd798733223e6d6584997510c374912ab798bd4af4654c01bb2c411bc36468ddd62b4eba5cfc8953526e0e5b1359797956152d0098ce47c62c3fe5a23219389622b7f65bf03527d25c3941b9cf1ffeedf6d99082bb57ea871c12213cc40900f83033bc18c529171fae324c315bc6ce358831d0230412212acfd5fc8d5cb0d028cf568e8bb40e27befe2ff01f7c6674a4d86d900633ea36641e0a781ea0ea7f2d928b8b22e2f97dd13348927375baea6863bef4acf4299096ada5cdd2a0eaafaa760a79d102d1e0c0000000000000000007926653b8d79ce16a432f124786a0bc3c5b7d196822492ae1ccf91aeac16406ad6f9cd3d96d57fceba8360ae49f73351814c9c2972f11064aaf3739d9100f9c0e4d0cb17d50c82e305ba7d62cf1cc6da26e34982a8c74dd8122cf5b5e7c34fd2712a0cef05e4d8ec7dd363219676bd9b19943185b132eb35a695e208dfa5cecdb1d6425c8879063c0f11bd64291a4209ee6dc1d9e9010013f6148c603e6a335e298efd6ab5cccc47a2c568c6afec54f8251bd840752addf200371361c9eedf05ed98585cf6d99e9e56055064bda2d373369761238c278147cd0eb7799f6b9c9fcaa3fd282154994f5b25420c86db9b6401e885de1c615a719a1c83e8fbbb181282dbaf3313a4e4a4877e9f37607e2cd6da0cf6371ec06a75f5a4206b2418ad8897ae149085d63f01f22eca44033234b3930b4d5da756669a1d59d69e7de54abf439988ed7ec33c2d0a901bb0985a24878984d8a4340fa9a356d100926fb5f2ef9976366a61b8cc2bcb1c072b0e9c564852388e1edff10d75b3832792e471cc15b40380f94d834243080158603fbc9134d6983c540525447478984611c0d9666941bfc0a30db47a8828b6e5c51aee2094599b4ce52795750e1764f1657ca8c5633c71287239dddf5c651496f7bbd148c937f083d2e4e0197dbc6ff0649c749707b17399b1d7efad23abb8b40b38704737e15662ae4913a4a001cd3b71c7af75b5ffad9780650c800a40ca80ddc41987919142fd28dbf22db5f4c435415a03455e1d55d1783ccef97d7e4655cf839d06f06e137bbe462a03b3100231914b19739dd57b4f12d026ad0c7fd3"], &(0x7f00002bf000)='GPL\x00', 0x4, 0x436, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffc95}, 0x48) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000180)={r0, r1}) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0) r4 = syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000002080)='./file0\x00', 0x0, &(0x7f00000020c0)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) syz_fuse_handle_req(r3, &(0x7f0000002180), 0x2000, &(0x7f00000003c0)={&(0x7f0000004200)={0x50}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000000000000000000000bf9180"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_fuse_handle_req(r3, &(0x7f0000006340)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ddff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f061823030d9b29f00", 0x2000, &(0x7f0000006280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r4, 0x40806685, &(0x7f0000000040)) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x46f, 0x0, &(0x7f0000000140)="2b7393b7c6347cd49978d5023a81022d1e7baeea09c5d463b04397f7a66a0f0b769bc097d48d09754d7e15e59224486b3df2c3fc8b3379a1a30fee142bb1a32d4c3b32006571f5de9d846e7e8b8e64c79a66e2ba19f7eca5d0e0517dcd4eba1ab882af481e477e362ceb1fd11c9d50b5e3afd7f60aa6881b2681c53ee87badeeba28eba948324721a382f000917a4a6f6f76d04e0b19396feccdbae7795aaa45818dce2d1f7b4642b09dd40bf4bef9854b631eb821b13a7e475d5c9a9d4bbb3fd9b07650683a35d9557d1e7e6496dd6f6f5ca57a5c43b9863819829430e1607ebf0dbb2308a8181ef5ccdcf1eb157470d54635a1a5b7075c77dfdb97155af8fa282fcc5ca5bad36839e0cad1304c542be170a44da4089a32bc3f35a85a6e30b8d233809335a4274938505517a26728b643c2f04917afe55c68759adea3bb70f5b5c3c59fc24d6e3835c110420cfd6de096f8dec90f5f577744d2d0f3ec21819253cdb102d50678293328726f1c4f7163e28e79ab4767e3054dfa9a11b1fdafb8757b2a91f8283ad01712062048b52b5cfcaf648fe760a98ee82fbb1836c88434e0b36f9b56c4d3cd8b42566cba88ddb7418762cd8495a4ec8de7952789c2a6d37cdbbecde53ffea86db893181d9b5c7d4663d1bd78c9cb87af7cbfa54a1b2c98432ef5ba6f43c358ae873495f46850d56d83f3d7d376b3b6120ffe93c8ab6b6f214316d8c3376a5a65d173b6e4243326c729163050547d49338a737bc894f487bc9b51e75ac2031ea714ed6c917f13e3cc0ee85a75e9a98a42f9aad6f1e244c1daa06ee55b205e11aa3a2982387210bccd26c5108f2a548b06dd0a0520ca8f99532ab0a4fd8c33f0f01ad40b74ef4e9f0d01b7bbc8aa69296cca1f19d92c5be8ffa3264e3951dd318363e02d36fa69ecaa3978b6c471c9dde0052632d1ebe277982fb0c900dd3f461257ad46a69b8f1e9bc36d8992426aa4adddc024bb74a39539f1cf801502cbd0d7acb8b2c5d9778a8253d2c8746d5b252a32f67c94cb8916a6310c1af0c0eb6f09a07d5020948a9c0f147c01d4a8b3af25686eadef9eaed2623cb012521ab86453e71bf351c130b6d33ffc388afdb5b2b7c16c1002a0640dd73e7a7e6a852dd2c75209d711a50363e46116ad2a14483c3729a81e4ef2fed2f18732f0038e079e561eea96eb665219070f42139c627dd5f185d23fdc316d38eb99826bcb63938d6cd1af3b5274f57009f87854ad98bef03025c32e7aa4a721d28e94ec5feff3a279c2e1c18002e39eaaefec3dfd1eae45a61e4283e8a7ef1eaf70d93a0333a9ff9ef048332f3fcc797076f8c02858548418e34a9967282de2eb4cc6438f0b6c9dcc204cdd732dd88624b39c16e8f80819cb72be6ab07492ed05ade4caf1ae3d723830523e32c02786c50ac1f47b994ed49fc4b9b318a4c86b4f7fb0d3c6a8763ef27cd52936cc55ef5ac50935a7f706464be90ea4b5f894ad92910de17889a6236a4bda8aac5e1daa70a8fcf248360cdd4e86f854f23e3e4792d91c85f1ed6cf7c36bbe9d879fc86b55e55e0566b6451aad55b1b24156d5735d1ee7064b07bde3a7643cb7631057"}) r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x16b601, 0x0) write$sequencer(r5, &(0x7f0000000100)=[@e={0xff, 0xb, 0xc, 0x5a, @generic=0xa, 0xc, 0x85, 0x3}], 0x8) r6 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010200000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f14000000020a01026a8bc4252981b703eb0b2792d1caac0a000000000000000000000000140000001000010000000000000000000000000a"], 0x98}}, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) syz_usb_connect$cdc_ncm(0x0, 0x89, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x77, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}, [@country_functional={0x10, 0x24, 0x7, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}, @call_mgmt={0x5}, @country_functional={0x6, 0x24, 0x7, 0xff}]}}}}}]}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r7, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r8, @ANYRES64=r3], 0x6f4}}, 0x0) sendmmsg$inet(r2, &(0x7f0000001500)=[{{0x0, 0xffffffcf, &(0x7f0000000b00)=[{&(0x7f00000002c0)="89", 0x28000}, {0x0}], 0x2, &(0x7f0000000e40)=ANY=[], 0xd0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0) close(r2) syz_usb_connect$printer(0x3, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0xf7, 0x10, 0x3, [{{0x9, 0x4, 0x0, 0x3, 0x2, 0x7, 0x1, 0x1, 0x7f, "", {{{0x9, 0x5, 0x1, 0x2, 0x8, 0x9, 0x4, 0x7}}}}}]}}]}}, &(0x7f0000000380)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x310, 0x8, 0x0, 0x4, 0x8, 0x7}, 0x7e, &(0x7f0000000080)={0x5, 0xf, 0x7e, 0x5, [@generic={0x2a, 0x10, 0xb, "e9dc92086158a83dded55c48391e740bd11785917c74dfb1ee2474f9bd968b8c08d7b28df8bc94"}, @ssp_cap={0x1c, 0x10, 0xa, 0xdc, 0x4, 0x3, 0xf00f, 0x7, [0x3f0f, 0xff0000, 0xff00, 0xc0]}, @ssp_cap={0xc, 0x10, 0xa, 0x2, 0x0, 0x6abf, 0xf000, 0xf}, @wireless={0xb, 0x10, 0x1, 0xc, 0x0, 0x1, 0x3, 0x8, 0x9}, @ssp_cap={0x1c, 0x10, 0xa, 0x3, 0x4, 0x0, 0xf00f, 0x2, [0xffc0, 0xc000, 0xf0, 0xc0]}]}, 0x5, [{0x8d, &(0x7f0000000140)=@string={0x8d, 0x3, "b0ba53d07298ec2bcd618f6c1a649caa58002d8f21cc79888859c606e4c29a6606c6b5032147df4e83291b854e3b6151f0f30b4062e91be20d567ab6c155de3589f50936a56a4dd1145de799b1776627da815b2fcd4987944e6178bee3171158c70acf1e3e1d1808bb41e3f21a60b563616e7c6f09e95738cd246f153949618ae8b88d936abfc52864f750"}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x340a}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x406}}, {0xb0, &(0x7f0000000280)=@string={0xb0, 0x3, "e4c251d1de47b5769fb7bd7b28eb3af3cd0f541f62513aff79469884104d3e73ce71eaa1e26ce4e8ff805e5d7526c8ab404d6dfcf85c6eb8580eadd639b07c7362ca83328d1c6e94206457a7c203723a26f9588deed3a6855b7ea56c9c3ac3ed06618045a1e7db1f2bcee380f98627464efd9a2194f3f84dcaa7bf531502b767bec1c060d13caba789797fc56894ac10b7314b3c29fa8462d83d9ba50dc8ae3ee3a71b82075b0c9fb75eda1b1713"}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x804}}]}) syz_open_dev$sndpcmc(&(0x7f0000000440), 0x6, 0x200040) r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000006c0), 0x6a8000) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r9, 0x40505330, &(0x7f0000000100)={{0x0, 0x1}, {0xe}, 0x7}) 5.667911412s ago: executing program 3 (id=1238): socket$qrtr(0x2a, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0xbaa}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r0}, 0x38) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), r1) r2 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="180200000000000000000000000056a8850000001700000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x69}, 0x90) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r4, r3, 0x25, 0x2, @val=@tracing}, 0x40) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000ffffffff7a0af0fff8ffff5979a4f0ff00000000b7060000ffffffff2d6405000000000065040400014741001404000001007d60b7030000000000006a0a00fe40000900850000001f000000b70000000004000095000000000000006623848adf1dc9a764ab51a064e0ff0c9b27a26293fddf0180000071ff31f1622271d5518193e09483c5a020c334f8c76334d8ce8303b01ddaa52e8756ad60a07d6f27c125e16d024098f755d8583da60f27c162dbba0700002ac9170f50f2568836077b7f711a18eb7608d87b885297b6a79819782748b376358c33c9f53bfd989b1ca58949a54d5827df14feecea46408a05d572077f1252fbb72c3d099c501bc4ded6fca17a3447222c95edb47b77aafa63b9dd5fa5c53e9c37251709f1ff7f0000f07bf7f53ce129a9ecd3b4dd15100f2b450f98526a0d8cac7c97fc2f64015306a1bd7e43fe1ca8345710fb6379b4c53cf55eefb4c0974486a8d25a363adbd83b49e13fbd1777b27020bd9b8cff3f48c9411670c34f23ab8caf7851b290feb3045a1b622f20c4383a0280f040de7667f8b1d08428353b1c358ebe73af41e5b5b924275cb1749289b44e9728e7a73f148ac8206afe120c1437490d99000000110000fdffffffffffffffaf580278e1342aabd1b623f6c4f128858e4eb6b42f2173184c2b99b645f6ec0e14e5d7c95a0008000000f30f6c0000000000ff0000b8f5001a1d2a34dc0973ec302bc23211d3e3b6e6dad65a51e5497a3419cecec38126247b27113ad4c7915c8f82c333a7b350802f0311807010d1ed50c18411aa6900daccc02f4ba4b078f07e41f781eee222c7d071d5a94d82ca9a0846c1af59cee16639b4970f8f0a82c6a712fd5722d637d406160ffaffffffb4e0bde6749aa52c408b74250c14c5d3255fd88a42e7ebb69ebcd8eee623e51dbb1f1b548c91a6825c0686fdc16be1cbb72c217fda18bd746253ca66093daf35923300b600000013887ad6d2d440fedce51a3aa57b00ac376e0a4649a8a84e1d293a6b109c5e59b366bca5cc3d936c53d4a48c05099e6fc36d5aa23bff8cce0600fcff00000300a568a8532623d12b40b50ac26f2e8255470a04bfbe7acb581b90991d965a01d1f84cb6b973558e1e3f8118c77ccf0b3c6eb6443870004da10c75723b65f83769ad1f0e4ef6b9ef1cec23264fd8fdac6264af1cb467020bdc12b797b6c156c439105829d2ae1c45f7cfa40df68fd36a03353a55e68ec7c01bd5a2028a8fc107007f3deb1f200abe1f753754678dae8b4e3ba3d086d4b95dfc5817e3dafae2d38b522f942cc750399d90296171fdb1e05882f8a4b8fbd219ccac3a895828b4f22b6527ce31ceb02b7b2b44925129677b7b3d2f8e7792c7827862eae80134552f0b076b168394f8417f25cc82ae04007193cbe69de8bf35e4bebd15412426b2e20ab1f05fc44ae9ae094c1b81d3ef947692b44d2afb09c7498d357836f03e8a7c392e535694a3ead2de11e6b1781e2a018c0ada7bc7f0eb2d678f23c07ac341fda2e563ee95085742f5fee9f95f4741b226e428d20b00bc140000e4b2f5efd0a0b1ceba000830ba8634b5aa26bdbe91614e92fae3c7349531df9bf4c01ebf5d8eb7d53e5f30647661623fbdb3f60033fc32f68ea86a2df1e76fe27dfdff1cf9194849c4cc0da9533e5983693e526a7dc0d8728f3b573ca4427bdb44df9341e9b8050e896598a156c935c800436a312e7ae3c011e46851ac599f0427729ab9c55ae0ab4c0000000000000000000000000000c87bcc2ac5aed9247b51d92e0993af4beaf1f3f47dcdfab9165f98155d93e383d6b85158b54675c1585037508c1e9461a1c3d1a6e2402045cae150a7016f1a90716eebbdf6afc4414d900be0bdf19f4a273f44f4357380b4387f1c8b104f0e406b2f04e5ed88631be6411f9927fe9f83412b7c5a676ceec8b454ebf6481c98e86b6933a02daea0b4ec0be5b3d916bd70208b4588626c277648475002e2c62681bd07331422a6e47bbd40857d52c4894944fae5c500000000000000ff00000000de784314b8fd419216b48d0f353c11ae185749fa9ac7dfa16bc5c23a23f74b17a7f1b2d799480f33faa3537a910d6ca02f48b0e69beb1119f106ea59195dbc72e17a5dc8c3d131d82f067e29dc39665dff39fb6347b374aaaf6e65efde3fc6202bf29ccfcb08caf18d668a462493aa82e76affba9c9af31d1c23237aa6eccfadfaf794bb1004c07b21ac6ed77718098b2f722bd05fea3561b86b2838a8de5b4f91d6aba95dc9f4464a024be4d0d8d04f5023e7e19e503624d39a43c7b310de519b40738ff9a623065c06d69d16d4a46ff300022fee47803989b7e916254e0fb9e1c8b07d8a4b8b692a75a32e6ed2caeaa7c258c47fe6143cd9e90b801eff78cd4e402374e0e4ca07b7f17254e3d2f0a2a1bac6fde8a15e3ef3588065524d41966fb3915e804c53201efee751ec294584d23d9008bdf046f55c030ab941a0b8723412127efb3eac0ccf68133c76770d5e7dabcc48d47685404cc540535ed70df75c24660d85f9c9a245185c7da217d1c3743db85db67b9b8a8f00af02367429f6f0b53c169c4356751bf68745dbde055e1722ae256ae53ae637a1431855d16dfa91d82a021a4b2dbb50bf6d59fdd0c9bc84cd7d544de2523b6ce8aaeb94bfba75079f7455204ccca02bd389d8409b2effe9b88e301ac4fe28752386a0678a3f54b2bdf56f927ddd6b0ac98b2b505f668597455ada51ba95ab852b49373a11ff31dcd82474b51498f65e0601bcdd23acb4c01bcd2f3e1ad378d14c07d923087d3518369710b70ffb0b523dc4f00f275c381fe1c091e478b04d5e4a9f75b4072acb005a83c25625ab7a351a68977177e27a1bf112114eb10250c2b9dca234f8967f0439696a2345e747b5f1d8c4bec86d8e8f2eb121ea0159615e7d475d45837921c2c0c3f9e683ac8000214a657c9f0a000000000000009e0b1a8c8f55f30e7c25275ed49b71828b375be03ef903cc8244b1269376d01b674cff9cb82eef0fe55c8b751053004ca6cef28d9a52c3771e9c73d03fdf74f48306560fb6cd86658afa895efa47f3a43e686df5b727ba4ec99620270334fce56c9f86b8a2c8aaede5a48a29b75734fbe1f59e43dc5a39b083848b0ebb14d845df7606e4d58f1a03f2dd337c3a10f3b15d388e43059aa88b42d26d4ccda6d60f996ed444d7f40e0cdbf69e11252a6c0e2d882d93b4f22dc95a191b1e6ff59d7880b4ce587f7ef05c46088268805cf089c4b3cd60cd3fc0c6d81fb2f961abcb0133f3f7a594b8475d6853b2e4fafc52a6851e8cfe1aebe3a4539634a54728921621dd17d6b5a98bf7fb50a5ed93d26ad1e8e5cf8b861ffb2937ca88f129ad24e9a6ef29507e534a9cb594c9274084dcc5b3fcbc267504dcf1b7878d7dc2fe1d23903b622ed2359480c29dd3301e0e"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000880), 0xfffffffffffffddd}, 0x48) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r5, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x48, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) r7 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000080)={r6}, 0x4) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000840)={r7, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xffe4, 0xfffffffffffffda0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x17}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r8}, 0x90) r9 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'macsec0\x00', 0x0}) sendmsg$nl_route(r9, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r11}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ENCRYPT={0x5}]}}}]}, 0x3c}}, 0x0) r12 = socket$packet(0x11, 0x2, 0x300) r13 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00', 0x0}) sendmmsg$inet6(r13, &(0x7f0000002780)=[{{&(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c, 0x0, 0x0, &(0x7f0000000440)=[@pktinfo={{0x24, 0x29, 0x32, {@empty, r14}}}, @pktinfo={{0x24, 0x29, 0x32, {@private2, r14}}}], 0x50}}], 0x1, 0x0) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(r1, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x84, 0x0, 0x0, 0x70bd26, 0x25dfdbfc, {}, [@HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vxcan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r11}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan0\x00'}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000880}, 0x4c00) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0xbd}, [@ldst]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd96, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd56, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r15 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r15, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x2c, 0x11, 0x0, 0x1, @meta={{0x9}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8}, @NFTA_META_KEY={0x8}, @NFTA_META_SREG={0x8}]}}}]}], {0x14, 0x10}}, 0xb0}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000002c0)={'ip6gre0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="1810f4ff6700e9780083a0ca1ae7d46bb4e3000000000000000a00000000002000"], 0x18}}, 0x0) r16 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX_80211(r16, 0x8933, &(0x7f0000000340)={'wlan1\x00'}) 5.426938757s ago: executing program 4 (id=1239): syz_emit_ethernet(0x6e, &(0x7f0000000a80)={@link_local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x38, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @dest_unreach={0x1, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "edb56b", 0x2c, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}, @remote, [@routing={0x2c}]}}}}}}}, 0x0) 5.370943968s ago: executing program 3 (id=1240): syz_usb_connect(0x0, 0x56, &(0x7f0000000040)=ANY=[], 0x0) 4.963531453s ago: executing program 4 (id=1241): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'ip6erspan0\x00'}) getpid() openat$full(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r1, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x103140, 0x0) ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r2, 0x3b70, &(0x7f0000000680)={0x60, 0x0, 0x0, 0x0, {}, {{}, 0x0, 0x0, [{}, {}, {}]}}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup/syz1\x00', 0x200002, 0x0) syz_open_procfs(0x0, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000800)=@newsa={0x144, 0x10, 0x633, 0x0, 0x0, {{@in6=@loopback, @in=@multicast2}, {@in6=@loopback, 0x0, 0x32}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {}, {}, {0x80000}, 0x0, 0x0, 0xa, 0x1}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @mark={0xc, 0x15, {0x35075a, 0x200000}}]}, 0x144}}, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0) write$sysctl(r4, &(0x7f0000000100)='7\x00', 0x2) socket(0x1e, 0x2, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="6e65772064656661756c7420757365723a73797a2030303030303030303030303030303030343016a20b"], 0x2a, 0x0) r5 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000400), &(0x7f0000000100), 0x0, 0xfffffffffffffffa) keyctl$read(0xb, r5, &(0x7f0000000480)=""/78, 0x4e) sendmmsg$sock(r4, &(0x7f00000016c0)=[{{&(0x7f0000000200)=@tipc=@name={0x1e, 0x3}, 0x80, 0x0}}, {{&(0x7f0000000140)=@tipc=@name={0x1e, 0x2, 0x1, {{0x41}, 0x1}}, 0x80, 0x0}}], 0x2, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) io_setup(0x200280, &(0x7f0000000340)) openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x48400, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r8 = socket$qrtr(0x2a, 0x2, 0x0) getsockopt$sock_int(r8, 0x1, 0x2c, 0x0, &(0x7f0000005ac0)=0x51) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r9, @ANYBLOB="30003300c0000000080211000001080211000000505050505050"], 0x4c}}, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) 4.338734148s ago: executing program 0 (id=1244): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'crc32-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet(r1, &(0x7f0000002c40)=[{{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f0000000100)="8fc51ea43bc38fdc672ff8a38c366bb16b506f6b0a9054452a7000538d993be36813c4d7ed5cf342504aab2192e5e9ede74ddeb93cc59ec6ff6fce6466a68433b79ac0c778d805cfff9bc09c7d7b7cbc7c77db378a8b572e5336a1a8936789c4694807f9c1d426c2fb9a8999f8dbf6c923be405a2920d2d866d69e11161d7e632359cc3b69be59a6b3d32c3ca818b2f2e5acb0925815d7ea48ccb7536c48481f4d76b35e7f3a9988c44f4c118e3dfb03943ef583d29c1c6f02a7d652a17e1ffb3ff69cac5f3f6dfcf9399d054fe8cca2a46a1d73a52b149f238d3fd0ed0d8bdba7fef94d59217c3271770853", 0x7ffff000}, {&(0x7f0000000040)="dc", 0x1}], 0x2}}, {{0x0, 0x0, &(0x7f0000002340)=[{&(0x7f0000001f80)="14", 0x1}, {&(0x7f0000002200)="c0ad27f445e63ff2a01471046193", 0xe}], 0x2}}], 0x2, 0x0) (async) r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8000000007, 0x2) ioctl$PIO_FONTRESET(0xffffffffffffffff, 0x4b6d, 0x0) (async) ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f00000001c0)={0x8, 0x1, 0x0, "272406000000d8200000100000e8e2ffffffffffff0100000000ae246d9500"}) (async) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010100000000105801000100000000000109022400010000002009040000010300000009210000000122dc0109058903"], 0x0) eventfd2(0x0, 0x800) r4 = syz_io_uring_setup(0x70ca, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000300)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x3, 0x0, &(0x7f0000000340)=[{0x0}, {0x0}], 0x2}) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) (async) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r9, &(0x7f0000000440)={'#! ', './file0', [{0x20, '\b\x9dF\xd8\b\xb3~u\xa5\x81\xb1\x8aSpA\xd4\x98\x85D\x89>N\x8ar\x17\x00\x00\x00\x00\xe2{mn\xcc\xbf2\xc0\x90kn\xe8\xfe/\x9e\xee\xe7\xd7E\xe9\t\x83\xdeNX\xec\xe66\x1b\x97\xe7\xe6\x97\xf9\xb3\xf6\xbb\v\xb5$\xee\x84\x1cn,Bd8\x13\xcd\xb90\x95\xc0v\xd5?\xe5E:+Pm\x1d\xfb&3\xb9\xb5\xda\xb4\xb8k\x11\x00B\xe1\x99#\\R\xb9\x96\x11\xf5\x7fVN\xbf\xd4Ndq\x9a\x1b\xaa\x16\xab\r\xdd\xa2\xfdK\x02u\x1f\xadI\x9c\t\x00\x97\x8f\xa8vU\xa0\xcb'}]}, 0x1c58f0df8a1740e3) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r9, 0x0) preadv(r9, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) (async) ioctl$KVM_CREATE_IRQCHIP(r8, 0xae60) r10 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r10, 0x4400ae8f, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, '\x00', 0x1}) ioctl$KVM_RUN(r10, 0xae80, 0x0) io_uring_enter(r4, 0x5113, 0x0, 0x0, 0x0, 0x0) syz_open_dev$video(&(0x7f0000000200), 0x1, 0x2) (async) syz_usb_control_io$hid(r3, 0x0, 0x0) r11 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010921"], 0x0) syz_usb_control_io$hid(r11, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002380)={{0x14}, [@NFT_MSG_NEWTABLE={0x44, 0x0, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_TABLE_USERDATA={0x24, 0x6, "68066a9bc97a840a2ceb26c58e27075f1ed5417b2b11701564379b9020b030aa"}, @NFTA_TABLE_HANDLE={0xc}]}, @NFT_MSG_NEWSET={0x78, 0x9, 0xa, 0x101, 0x0, 0x0, {}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_DESC={0x3c, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_CONCAT={0x38, 0x2, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, [@NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8}, @NFTA_SET_FIELD_LEN={0x8, 0x1, 0x1, 0x0, 0xfff}, @NFTA_SET_FIELD_LEN={0x8}]}]}]}]}], {0x14, 0x10}}, 0xe4}, 0x1, 0x0, 0x0, 0x2400c811}, 0x0) (async) syz_usb_control_io$hid(r11, 0x0, 0x0) (async) syz_usb_control_io(0xffffffffffffffff, &(0x7f00000008c0)={0x2c, 0x0, &(0x7f00000004c0)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0, 0x0}, 0x0) 2.476118146s ago: executing program 0 (id=1245): syz_open_dev$ttys(0xc, 0x2, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) r2 = socket$inet_sctp(0x2, 0x1, 0x84) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000008000000000000005000100070000000900020073797a30000000001400078008001240000000000500150004000000050005000000000005000400000000000d000300686173683a6d6163"], 0x5c}}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000000)={r3}, &(0x7f0000000040)=0x8) 2.284310031s ago: executing program 3 (id=1246): r0 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001fc0)=@newtfilter={0x38, 0x2c, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0x1c}}, [@TCA_CHAIN={0x8, 0xb, 0x7f}, @filter_kind_options=@f_bpf={{0x8}, {0x4}}]}, 0x38}}, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) (fail_nth: 4) 1.810718095s ago: executing program 3 (id=1247): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$dri(0x0, 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={0x0}) dup3(r3, r2, 0x0) r4 = dup(r1) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) bind$alg(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r6, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) unshare(0x24020400) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, &(0x7f0000000240)="652ef20f320f017afcf3660f2092b800008ec8b8580c8ec026643ef30f5dcb67d0dd813ab9b266b9bf090000660f38823866ba000000000f3066b9800000c00f326635010000000f30", 0x49}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r5, 0xae9a) r7 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000006c0)="5c00000013006bcd9e3fe3dc6e48aa310b6b87033c0000001f03000000000000040014000d000a000d0000009ee517d34460bc24eab556a705251e6182949a3651f60a84c9f5d1938037e786a6d0bdd7fcf50e4509c5bb5a00f6", 0x5a}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='mm_compaction_migratepages\x00'}, 0x10) 1.533564736s ago: executing program 0 (id=1248): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x2, 0x2, 0x204}, 0x48) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000380)={0x60, 0x0, &(0x7f00005b9000/0x3000)=nil, &(0x7f00008b3000/0x4000)=nil, 0x0, 0x0}) preadv(r2, &(0x7f0000000300)=[{&(0x7f0000000000)=""/24, 0x18}, {0x0, 0x20}], 0x1000000000000374, 0x0, 0x0) 1.423088637s ago: executing program 0 (id=1249): syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2) io_setup(0x6, &(0x7f0000001380)=0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00') io_submit(r0, 0x1, &(0x7f00000000c0)=[&(0x7f0000000100)={0x300, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 1.205467308s ago: executing program 0 (id=1250): r0 = socket(0x2a, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) socket$kcm(0x10, 0x0, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)}], 0x1}, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x9) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) r2 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x0, 0x0, 0xfffffffc, 0x1}, &(0x7f0000000240)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x4000, @fd, 0x0, 0x0, 0x0, 0x9, 0x1}) io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001fc0)=@newtfilter={0x38, 0x2c, 0x401, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0x1c}}, [@TCA_CHAIN={0x8, 0xb, 0x7f}, @filter_kind_options=@f_bpf={{0x8}, {0x4}}]}, 0x38}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0) 794.402927ms ago: executing program 3 (id=1251): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_WOWLAN(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x14, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x1, 0x57}, @val={0x8, 0x3, r2}, @void}}}, 0x24}}, 0x0) 497.591233ms ago: executing program 3 (id=1252): r0 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x89, 0xf6, 0x57, 0x40, 0x403, 0xbcd9, 0x9433, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x7d, 0x0, 0x0, 0xd9, 0x22, 0x99}}]}}]}}, 0x0) r4 = openat$rtc(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH(r4, 0x7005, 0x0) r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r5, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000005c0)={0x2, 0x4, 0x8, 0x1, 0x80, r2, 0xffff7fff, '\x00', r1, 0xffffffffffffffff, 0x4, 0x2, 0x2}, 0x48) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x16, &(0x7f0000000500)=@framed={{0x18, 0x0, 0x0, 0x0, 0x45, 0x0, 0x0, 0x0, 0x5}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}, @generic={0x8, 0x2, 0x0, 0x9, 0x7}, @generic={0xa5, 0x5, 0x9, 0x2, 0x87}, @ldst={0x3, 0x1, 0x2, 0xb, 0x2, 0xffffffffffffffe0}, @jmp={0x5, 0x1, 0x9, 0x5, 0xa, 0x100, 0x7fffffffffffffe9}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @jmp={0x5, 0x0, 0x5, 0x0, 0x8, 0xfffffffffffffff4}]}, &(0x7f00000001c0)='GPL\x00', 0xe, 0x58, &(0x7f0000000280)=""/88, 0x41100, 0x0, '\x00', r1, 0x0, r5, 0x8, &(0x7f0000000200)={0x6, 0x2}, 0x8, 0x10, &(0x7f0000000340)={0x0, 0xf, 0x3, 0x1}, 0x10, 0x0, 0x0, 0x1, &(0x7f0000000380)=[r6, r2, r2, 0xffffffffffffffff], &(0x7f0000000400)=[{0x2, 0x2, 0x8000, 0x6}], 0x10, 0x9}, 0x90) readv(r4, &(0x7f00000004c0)=[{&(0x7f00000012c0)=""/191, 0x4}], 0x1) bind$packet(r0, &(0x7f00000014c0)={0x11, 0x800, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x0, 0x2, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', r1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_emit_ethernet(0x36, &(0x7f00000003c0)={@broadcast, @random='\x00 \x00\x00\x00\b', @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x500, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001ac0)=ANY=[@ANYBLOB="4c0000001000090600"/20, @ANYRES32=0x0, @ANYBLOB="adfda888000000001c00128009000100766c616e000000000c000280060001000000000008000500", @ANYRES32, @ANYBLOB="080002"], 0x4c}}, 0x0) syz_emit_ethernet(0x9d, &(0x7f0000000000)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x33}, @val={@val={0x88a8, 0x4, 0x1, 0x2}, {0x8100, 0x2, 0x1, 0x4}}, {@ipv4={0x800, @tipc={{0x18, 0x4, 0x3, 0x9, 0x87, 0x66, 0x0, 0x80, 0x6, 0x0, @private=0xa010101, @loopback, {[@generic={0x7, 0x8, "2f2518ce19ec"}, @generic={0x0, 0x6, "1ba989df"}, @generic={0x89, 0x2}, @timestamp_addr={0x44, 0x3c, 0xf, 0x1, 0x7, [{@empty, 0x5}, {@loopback, 0x1}, {@loopback, 0x100}, {@local, 0x6}, {@local, 0x71}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0xa}, {@loopback, 0xc6000000}]}]}}, @payload_direct={{{{0x27, 0x0, 0x1, 0x1, 0x1, 0x8, 0x1, 0x2, 0x6, 0x0, 0x1, 0x5, 0x5, 0x3, 0x800, 0x4, 0x4, 0x4e20, 0x4e24}, 0x2, 0x2}}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}}}}, &(0x7f0000000180)={0x0, 0x2, [0x4bd, 0xf5e, 0xd68, 0x8c1]}) 0s ago: executing program 0 (id=1253): r0 = socket$inet6(0xa, 0x3, 0x7) setsockopt$sock_int(r0, 0x1, 0x48, &(0x7f0000000040), 0x4) syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) syz_open_dev$vcsu(0x0, 0x0, 0x0) (async) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) (async) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) (async) ioctl$F2FS_IOC_RESIZE_FS(r1, 0x4008f510, &(0x7f0000000080)=0x2) (async) socket(0x2, 0x0, 0x0) (async) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000000100)) (async) socket$inet_sctp(0x2, 0x0, 0x84) (async) socket$kcm(0x10, 0x2, 0x0) r2 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) (async, rerun: 64) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000040000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async, rerun: 64) r4 = epoll_create1(0x0) io_setup(0x1, &(0x7f0000000000)=0x0) (async) r6 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r4, &(0x7f0000000080)) io_submit(r5, 0x1, &(0x7f0000000100)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r4, 0x0}]) r7 = socket$inet_udp(0x2, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r7, &(0x7f0000000000)={0x10000004}) (async, rerun: 32) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) (async, rerun: 32) r8 = openat$cgroup_ro(r2, &(0x7f0000000280)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) ioctl$SIOCSIFHWADDR(r8, 0x40086602, &(0x7f0000000540)={'\x00', @dev}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.current\x00', 0x7a05, 0x1700) (async) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0) write$cgroup_int(r9, &(0x7f0000000100), 0x1001) (async) r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffff7f850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(r10) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) kernel console output (not intermixed with test programs): state [ 322.665428][ T5231] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 322.686207][ T5231] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 322.694761][ T5231] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 322.703049][ T5231] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 322.713086][ T5231] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 322.721422][ T5231] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 322.799019][ T9202] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5) [ 322.806874][ T9202] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 322.860430][ T9202] vhci_hcd vhci_hcd.0: Device attached [ 323.171800][ T5228] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 323.421271][ T5228] usb 4-1: Using ep0 maxpacket: 32 [ 323.429057][ T5228] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 323.446045][ T5228] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 323.479422][ T5228] usb 4-1: config 0 has no interface number 0 [ 323.489164][ T5228] usb 4-1: config 0 interface 8 altsetting 248 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 323.510539][ T5228] usb 4-1: config 0 interface 8 altsetting 248 has 2 endpoint descriptors, different from the interface descriptor's value: 10 [ 323.541171][ T5228] usb 4-1: config 0 interface 8 has no altsetting 0 [ 323.594975][ T5228] usb 4-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=2d.bb [ 323.608249][ T5228] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 323.619750][ T5228] usb 4-1: Product: syz [ 323.624073][ T5228] usb 4-1: Manufacturer: syz [ 323.630062][ T9205] vhci_hcd: connection closed [ 323.630393][ T5228] usb 4-1: SerialNumber: syz [ 323.644228][ T5228] usb 4-1: config 0 descriptor?? [ 323.647901][ T62] vhci_hcd: stop threads [ 323.661468][ T62] vhci_hcd: release socket [ 323.691426][ T62] vhci_hcd: disconnect device [ 323.726765][ T2561] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 323.752919][ T2561] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 323.773198][ T2561] bond0 (unregistering): Released all slaves [ 323.861881][ T9207] netlink: 8 bytes leftover after parsing attributes in process `syz.3.932'. [ 323.974436][ T5228] ath6kl: Failed to submit usb control message: -71 [ 323.986481][ T5228] ath6kl: unable to send the bmi data to the device: -71 [ 323.997780][ T5228] ath6kl: Unable to send get target info: -71 [ 324.025383][ T5228] ath6kl: Failed to init ath6kl core: -71 [ 324.035164][ T5228] ath6kl_usb 4-1:0.8: probe with driver ath6kl_usb failed with error -71 [ 324.121216][ T5228] usb 4-1: USB disconnect, device number 34 [ 324.737843][ T2561] hsr_slave_0: left promiscuous mode [ 324.784186][ T2561] hsr_slave_1: left promiscuous mode [ 324.803109][ T2561] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 324.829294][ T5230] Bluetooth: hci4: command tx timeout [ 324.858285][ T2561] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 324.882699][ T2561] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 324.900755][ T2561] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 324.971177][ T2561] veth1_macvtap: left promiscuous mode [ 324.981686][ T2561] veth0_macvtap: left promiscuous mode [ 324.998977][ T2561] veth1_vlan: left promiscuous mode [ 325.013052][ T5228] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 325.021321][ T2561] veth0_vlan: left promiscuous mode [ 325.225756][ T5228] usb 1-1: Using ep0 maxpacket: 16 [ 325.247306][ T5228] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 325.280486][ T5228] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 325.296701][ T5231] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 325.315313][ T5228] usb 1-1: Product: syz [ 325.319744][ T5228] usb 1-1: Manufacturer: syz [ 325.326966][ T5231] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 325.335080][ T5228] usb 1-1: SerialNumber: syz [ 325.341955][ T5231] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 325.353898][ T5231] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 325.362267][ T5231] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 325.369871][ T5231] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 325.386213][ T5228] r8152-cfgselector 1-1: Unknown version 0x0000 [ 325.405753][ T5228] r8152-cfgselector 1-1: config 0 descriptor?? [ 325.659303][ T9228] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 325.671691][ T9228] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 326.114955][ T5228] r8152-cfgselector 1-1: Unknown version 0x0000 [ 326.128365][ T5228] r8152-cfgselector 1-1: bad CDC descriptors [ 326.136748][ T2561] team0 (unregistering): Port device team_slave_1 removed [ 326.139624][ T5228] r8152-cfgselector 1-1: USB disconnect, device number 46 [ 326.229535][ T2561] team0 (unregistering): Port device team_slave_0 removed [ 326.901891][ T5230] Bluetooth: hci4: command tx timeout [ 327.230914][ T9203] chnl_net:caif_netlink_parms(): no params data found [ 327.465353][ T5230] Bluetooth: hci1: command tx timeout [ 327.646649][ T9246] delete_channel: no stack [ 327.682407][ T9246] delete_channel: no stack [ 328.205319][ T9203] bridge0: port 1(bridge_slave_0) entered blocking state [ 328.231677][ T9203] bridge0: port 1(bridge_slave_0) entered disabled state [ 328.239013][ T9203] bridge_slave_0: entered allmulticast mode [ 328.302958][ T9203] bridge_slave_0: entered promiscuous mode [ 328.329347][ T9203] bridge0: port 2(bridge_slave_1) entered blocking state [ 328.355723][ T9203] bridge0: port 2(bridge_slave_1) entered disabled state [ 328.371361][ T9280] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 328.378667][ T9280] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 328.389619][ T9203] bridge_slave_1: entered allmulticast mode [ 328.411946][ T9203] bridge_slave_1: entered promiscuous mode [ 328.425598][ T9280] vhci_hcd vhci_hcd.0: Device attached [ 328.439738][ T9245] chnl_net:caif_netlink_parms(): no params data found [ 328.491795][ T9282] usbip_core: unknown command [ 328.521540][ T9282] vhci_hcd: unknown pdu 3020988904 [ 328.539112][ T9282] usbip_core: unknown command [ 328.557665][ T1106] vhci_hcd: stop threads [ 328.565859][ T1106] vhci_hcd: release socket [ 328.633591][ T1106] vhci_hcd: disconnect device [ 328.701776][ T5295] usb 15-1: new high-speed USB device number 4 using vhci_hcd [ 328.782587][ T5295] usb 15-1: enqueue for inactive port 0 [ 328.808105][ T9203] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 328.901464][ T5295] vhci_hcd: vhci_device speed not set [ 328.981602][ T5230] Bluetooth: hci4: command tx timeout [ 329.015202][ T2561] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.058827][ T9203] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 329.221732][ T8] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 329.308380][ T2561] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.401976][ T9203] team0: Port device team_slave_0 added [ 329.441161][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 329.448395][ T2561] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.464124][ T8] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 329.464161][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 329.464185][ T8] usb 2-1: Product: syz [ 329.464202][ T8] usb 2-1: Manufacturer: syz [ 329.464220][ T8] usb 2-1: SerialNumber: syz [ 329.509452][ T8] r8152-cfgselector 2-1: Unknown version 0x0000 [ 329.526451][ T8] r8152-cfgselector 2-1: config 0 descriptor?? [ 329.551449][ T5230] Bluetooth: hci1: command tx timeout [ 329.660949][ T9203] team0: Port device team_slave_1 added [ 329.759861][ T2561] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.790987][ T9245] bridge0: port 1(bridge_slave_0) entered blocking state [ 329.800046][ T9297] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 329.806851][ T9245] bridge0: port 1(bridge_slave_0) entered disabled state [ 329.836834][ T9245] bridge_slave_0: entered allmulticast mode [ 329.853590][ T9297] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 329.884165][ T9245] bridge_slave_0: entered promiscuous mode [ 329.963285][ T9203] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 329.982043][ T9203] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 330.029361][ T9203] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 330.060178][ T9245] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.090585][ T9245] bridge0: port 2(bridge_slave_1) entered disabled state [ 330.171695][ T9245] bridge_slave_1: entered allmulticast mode [ 330.219703][ T9245] bridge_slave_1: entered promiscuous mode [ 330.333730][ T9203] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 330.367179][ T8] r8152-cfgselector 2-1: Unknown version 0x0000 [ 330.401201][ T9203] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 330.431364][ T8] r8152-cfgselector 2-1: bad CDC descriptors [ 330.453543][ T8] r8152-cfgselector 2-1: USB disconnect, device number 25 [ 330.500118][ T9203] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 330.547849][ T9245] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 330.593349][ T5280] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 330.729255][ T9245] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 330.814643][ T5280] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 330.842767][ T9203] hsr_slave_0: entered promiscuous mode [ 330.862053][ T9203] hsr_slave_1: entered promiscuous mode [ 330.871370][ T5280] usb 1-1: config 0 has no interfaces? [ 330.871429][ T5280] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 330.871461][ T5280] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.883344][ T5280] usb 1-1: config 0 descriptor?? [ 331.061337][ T5230] Bluetooth: hci4: command tx timeout [ 331.071526][ T9245] team0: Port device team_slave_0 added [ 331.218316][ T9245] team0: Port device team_slave_1 added [ 331.252740][ T2561] bridge_slave_1: left allmulticast mode [ 331.258471][ T2561] bridge_slave_1: left promiscuous mode [ 331.290779][ T2561] bridge0: port 2(bridge_slave_1) entered disabled state [ 331.320321][ T2561] bridge_slave_0: left allmulticast mode [ 331.333250][ T9335] FAULT_INJECTION: forcing a failure. [ 331.333250][ T9335] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 331.349016][ T2561] bridge_slave_0: left promiscuous mode [ 331.359774][ T2561] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.370342][ T9335] CPU: 0 UID: 0 PID: 9335 Comm: syz.3.956 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0 [ 331.385706][ T9335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 331.397204][ T9335] Call Trace: [ 331.400521][ T9335] [ 331.403491][ T9335] dump_stack_lvl+0x241/0x360 [ 331.408225][ T9335] ? __pfx_dump_stack_lvl+0x10/0x10 [ 331.413488][ T9335] ? __pfx__printk+0x10/0x10 [ 331.418151][ T9335] ? snprintf+0xda/0x120 [ 331.422466][ T9335] should_fail_ex+0x3b0/0x4e0 [ 331.427212][ T9335] _copy_to_user+0x2f/0xb0 [ 331.431679][ T9335] simple_read_from_buffer+0xca/0x150 [ 331.437119][ T9335] proc_fail_nth_read+0x1e9/0x250 [ 331.442223][ T9335] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 331.447840][ T9335] ? rw_verify_area+0x520/0x6b0 [ 331.452846][ T9335] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 331.459336][ T9335] vfs_read+0x204/0xbc0 [ 331.463556][ T9335] ? __pfx_lock_release+0x10/0x10 [ 331.469112][ T9335] ? __pfx_vfs_read+0x10/0x10 [ 331.474041][ T9335] ? __fget_files+0x29/0x470 [ 331.478851][ T9335] ? __fget_files+0x3f6/0x470 [ 331.483687][ T9335] ksys_read+0x1a0/0x2c0 [ 331.487991][ T9335] ? __pfx_ksys_read+0x10/0x10 [ 331.492789][ T9335] ? do_syscall_64+0x100/0x230 [ 331.497580][ T9335] ? do_syscall_64+0xb6/0x230 [ 331.502281][ T9335] do_syscall_64+0xf3/0x230 [ 331.506807][ T9335] ? clear_bhb_loop+0x35/0x90 [ 331.511519][ T9335] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 331.517437][ T9335] RIP: 0033:0x7fe236b75d7c [ 331.521872][ T9335] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 331.542333][ T9335] RSP: 002b:00007fe237898040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 331.553769][ T9335] RAX: ffffffffffffffda RBX: 00007fe236d05f80 RCX: 00007fe236b75d7c [ 331.565907][ T9335] RDX: 000000000000000f RSI: 00007fe2378980b0 RDI: 0000000000000005 [ 331.579535][ T9335] RBP: 00007fe2378980a0 R08: 0000000000000000 R09: 0000000000000000 [ 331.590319][ T9335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 331.607042][ T9335] R13: 000000000000000b R14: 00007fe236d05f80 R15: 00007fe236e2fa38 [ 331.615168][ T9335] [ 331.624185][ T5231] Bluetooth: hci1: command tx timeout [ 331.859482][ T9342] RDS: rds_bind could not find a transport for ::ffff:10.1.1.0, load rds_tcp or rds_rdma? [ 332.115454][ T29] audit: type=1326 audit(1722380742.475:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9343 comm="syz.3.958" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe236b77299 code=0x0 [ 332.523640][ T2561] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 332.573998][ T2561] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 332.613470][ T2561] bond0 (unregistering): Released all slaves [ 332.718989][ T25] usb 1-1: USB disconnect, device number 47 [ 333.072607][ T9245] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 333.090498][ T9245] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 333.161386][ T9245] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 333.172368][ T9351] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5) [ 333.178926][ T9351] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 333.217248][ T9245] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 333.218597][ T9351] vhci_hcd vhci_hcd.0: Device attached [ 333.233879][ T9245] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 333.323431][ T9245] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 333.462602][ T9358] FAULT_INJECTION: forcing a failure. [ 333.462602][ T9358] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 333.481337][ T5279] usb 15-1: new high-speed USB device number 5 using vhci_hcd [ 333.569024][ T9358] CPU: 0 UID: 0 PID: 9358 Comm: syz.0.962 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0 [ 333.579669][ T9358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 333.589750][ T9358] Call Trace: [ 333.593065][ T9358] [ 333.596002][ T9358] dump_stack_lvl+0x241/0x360 [ 333.600709][ T9358] ? __pfx_dump_stack_lvl+0x10/0x10 [ 333.605927][ T9358] ? __pfx__printk+0x10/0x10 [ 333.610537][ T9358] should_fail_ex+0x3b0/0x4e0 [ 333.615251][ T9358] prepare_alloc_pages+0x1da/0x5d0 [ 333.620414][ T9358] __alloc_pages_noprof+0x166/0x6c0 [ 333.630363][ T9358] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 333.637433][ T9358] ? __pfx_lock_release+0x10/0x10 [ 333.648515][ T9358] alloc_pages_mpol_noprof+0x3e8/0x680 [ 333.655685][ T9358] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 333.662852][ T9358] vma_alloc_folio_noprof+0x12e/0x230 [ 333.673076][ T9358] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 333.684979][ T9358] ? __anon_vma_prepare+0x3e5/0x4a0 [ 333.692701][ T9358] folio_prealloc+0x31/0x170 [ 333.698266][ T9358] do_wp_page+0x11cc/0x52f0 [ 333.704697][ T9358] ? __pfx_do_wp_page+0x10/0x10 [ 333.711197][ T9358] ? __pfx_lock_acquire+0x10/0x10 [ 333.719509][ T9358] ? do_raw_spin_lock+0x14f/0x370 [ 333.729943][ T9358] handle_pte_fault+0x1138/0x6eb0 [ 333.739207][ T9358] ? __pfx_cgroup_rstat_updated+0x10/0x10 [ 333.744966][ T9358] ? mark_lock+0x9a/0x350 [ 333.749347][ T9358] ? __pfx_handle_pte_fault+0x10/0x10 [ 333.754769][ T9358] ? __lock_acquire+0x137a/0x2040 [ 333.759949][ T9358] ? mt_find+0x226/0x850 [ 333.764234][ T9358] ? __pfx_lock_release+0x10/0x10 [ 333.769304][ T9358] handle_mm_fault+0x1029/0x1980 [ 333.774834][ T9358] ? __pfx_handle_mm_fault+0x10/0x10 [ 333.780156][ T9358] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 333.786525][ T9358] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 333.791837][ T9358] exc_page_fault+0x2b9/0x8c0 [ 333.796558][ T9358] asm_exc_page_fault+0x26/0x30 [ 333.802215][ T9358] RIP: 0010:__put_user_4+0x11/0x20 [ 333.807357][ T9358] Code: 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 [ 333.811295][ T25] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 333.826972][ T9358] RSP: 0018:ffffc9000bb47cb0 EFLAGS: 00050206 [ 333.827132][ T9358] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000020000000 [ 333.827150][ T9358] RDX: 0000000000000000 RSI: ffffffff8c0ae6e0 RDI: ffffffff8c6059c0 [ 333.827168][ T9358] RBP: 0000000000000000 R08: ffffffff9017a16f R09: 1ffffffff202f42d [ 333.827185][ T9358] R10: dffffc0000000000 R11: fffffbfff202f42e R12: ffff88802d197534 [ 333.827205][ T9358] R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000020000000 [ 333.827244][ T9358] raw_getsockopt+0x308/0x4e0 [ 333.827286][ T9358] ? __pfx_raw_getsockopt+0x10/0x10 [ 333.827325][ T9358] do_sock_getsockopt+0x373/0x850 [ 333.827374][ T9358] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 333.827416][ T9358] ? __fget_files+0x3f6/0x470 [ 333.827466][ T9358] __sys_getsockopt+0x271/0x330 [ 333.827512][ T9358] ? __pfx___sys_getsockopt+0x10/0x10 [ 333.827565][ T9358] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 333.827604][ T9358] ? do_syscall_64+0x100/0x230 [ 333.827640][ T9358] __x64_sys_getsockopt+0xb5/0xd0 [ 333.827683][ T9358] do_syscall_64+0xf3/0x230 [ 333.827716][ T9358] ? clear_bhb_loop+0x35/0x90 [ 333.827766][ T9358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.951862][ T9358] RIP: 0033:0x7f3893d77299 [ 333.956377][ T9358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 333.976453][ T9358] RSP: 002b:00007f3894b56048 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 333.984914][ T9358] RAX: ffffffffffffffda RBX: 00007f3893f05f80 RCX: 00007f3893d77299 [ 333.993949][ T9358] RDX: 0000000000000007 RSI: 0000000000000065 RDI: 0000000000000003 [ 334.003782][ T9358] RBP: 00007f3894b560a0 R08: 0000000020000000 R09: 0000000000000000 [ 334.012711][ T9358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 334.020883][ T9358] R13: 000000000000000b R14: 00007f3893f05f80 R15: 00007f389402fa38 [ 334.028898][ T9358] [ 334.046556][ T5231] Bluetooth: hci1: command tx timeout [ 334.124344][ T9352] vhci_hcd: connection reset by peer [ 334.174421][ T3393] vhci_hcd: stop threads [ 334.179144][ T3393] vhci_hcd: release socket [ 334.190004][ T2561] hsr_slave_0: left promiscuous mode [ 334.209895][ T3393] vhci_hcd: disconnect device [ 334.225078][ T2561] hsr_slave_1: left promiscuous mode [ 334.250245][ T2561] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 334.281216][ T2561] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 334.322168][ T2561] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 334.339172][ T2561] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 334.347679][ T25] usb 2-1: Using ep0 maxpacket: 16 [ 334.375761][ T25] usb 2-1: New USB device found, idVendor=0572, idProduct=0041, bcdDevice=d5.24 [ 334.415900][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 334.435599][ T25] usb 2-1: Product: syz [ 334.444267][ T2561] veth1_macvtap: left promiscuous mode [ 334.460128][ T25] usb 2-1: Manufacturer: syz [ 334.465450][ T25] usb 2-1: SerialNumber: syz [ 334.471765][ T2561] veth0_macvtap: left promiscuous mode [ 334.483457][ T2561] veth1_vlan: left promiscuous mode [ 334.489916][ T25] usb 2-1: config 0 descriptor?? [ 334.499396][ T2561] veth0_vlan: left promiscuous mode [ 334.518483][ T25] gspca_main: conex-2.14.0 probing 0572:0041 [ 334.551329][ T5280] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 334.751287][ T5280] usb 1-1: Using ep0 maxpacket: 16 [ 334.789023][ T5280] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 334.814931][ T5280] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 334.833751][ T5280] usb 1-1: Product: syz [ 334.846528][ T5280] usb 1-1: Manufacturer: syz [ 334.861471][ T5280] usb 1-1: SerialNumber: syz [ 334.882566][ T5280] r8152-cfgselector 1-1: Unknown version 0x0000 [ 334.903372][ T5280] r8152-cfgselector 1-1: config 0 descriptor?? [ 335.037487][ T25] usb 2-1: USB disconnect, device number 26 [ 335.226043][ T9381] xt_HMARK: spi-set and port-set can't be combined [ 335.558493][ T5280] r8152-cfgselector 1-1: Unknown version 0x0000 [ 335.583161][ T5280] r8152-cfgselector 1-1: bad CDC descriptors [ 335.607704][ T5280] r8152-cfgselector 1-1: USB disconnect, device number 48 [ 335.987552][ T2561] team0 (unregistering): Port device team_slave_1 removed [ 336.098474][ T2561] team0 (unregistering): Port device team_slave_0 removed [ 337.452046][ T9387] netlink: 'syz.1.966': attribute type 10 has an invalid length. [ 337.476988][ T9387] netlink: 40 bytes leftover after parsing attributes in process `syz.1.966'. [ 337.528637][ T9387] bridge0: port 3(ipvlan1) entered blocking state [ 337.556225][ T9387] bridge0: port 3(ipvlan1) entered disabled state [ 337.601048][ T9387] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 337.698186][ T9245] hsr_slave_0: entered promiscuous mode [ 337.705608][ T9245] hsr_slave_1: entered promiscuous mode [ 337.725782][ T9245] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 337.733966][ T9245] Cannot create hsr debugfs directory [ 338.035439][ T9408] xt_ecn: cannot match TCP bits for non-tcp packets [ 338.272600][ T29] audit: type=1326 audit(1722380748.635:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9411 comm="syz.1.974" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f940c977299 code=0x0 [ 338.497692][ T9414] netlink: 'syz.0.973': attribute type 10 has an invalid length. [ 338.505735][ T9414] netlink: 40 bytes leftover after parsing attributes in process `syz.0.973'. [ 338.520649][ T9414] bridge0: port 3(ipvlan1) entered blocking state [ 338.535371][ T9414] bridge0: port 3(ipvlan1) entered disabled state [ 338.550501][ T9414] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 338.551230][ T5228] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 338.661819][ T5279] vhci_hcd: vhci_device speed not set [ 338.790901][ T5228] usb 4-1: no configurations [ 338.816745][ T5228] usb 4-1: can't read configurations, error -22 [ 339.029190][ T5228] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 339.292971][ T5228] usb 4-1: no configurations [ 339.317646][ T5228] usb 4-1: can't read configurations, error -22 [ 339.357459][ T5228] usb usb4-port1: attempt power cycle [ 339.491278][ T5295] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 339.702171][ T5295] usb 2-1: Using ep0 maxpacket: 16 [ 339.735473][ T5295] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 339.769981][ T5295] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 339.805730][ T5295] usb 2-1: Product: syz [ 339.822453][ T5228] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 339.837377][ T5295] usb 2-1: Manufacturer: syz [ 339.852552][ T5295] usb 2-1: SerialNumber: syz [ 339.885499][ T5295] r8152-cfgselector 2-1: Unknown version 0x0000 [ 339.900232][ T5228] usb 4-1: no configurations [ 339.913562][ T5295] r8152-cfgselector 2-1: config 0 descriptor?? [ 339.938153][ T5228] usb 4-1: can't read configurations, error -22 [ 340.113780][ T5228] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 340.185294][ T5228] usb 4-1: no configurations [ 340.208869][ T5228] usb 4-1: can't read configurations, error -22 [ 340.220900][ T5228] usb usb4-port1: unable to enumerate USB device [ 340.406754][ T9245] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 340.450453][ T9245] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 340.493874][ T9245] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 340.534171][ T9245] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 340.574071][ T5295] r8152-cfgselector 2-1: Unknown version 0x0000 [ 340.602177][ T5295] r8152-cfgselector 2-1: bad CDC descriptors [ 340.644827][ T5295] r8152-cfgselector 2-1: USB disconnect, device number 27 [ 340.867660][ T9203] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 340.909938][ T9203] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 340.952728][ T9203] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 340.983570][ T9203] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 341.055428][ T29] audit: type=1326 audit(1722380751.415:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9441 comm="syz.0.978" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3893d77299 code=0x0 [ 341.392893][ T9449] xt_HMARK: spi-set and port-set can't be combined [ 341.408003][ T9245] 8021q: adding VLAN 0 to HW filter on device bond0 [ 341.458021][ T9203] 8021q: adding VLAN 0 to HW filter on device bond0 [ 341.584008][ T9245] 8021q: adding VLAN 0 to HW filter on device team0 [ 341.622557][ T5280] bridge0: port 1(bridge_slave_0) entered blocking state [ 341.629859][ T5280] bridge0: port 1(bridge_slave_0) entered forwarding state [ 341.652631][ T5280] bridge0: port 2(bridge_slave_1) entered blocking state [ 341.660117][ T5280] bridge0: port 2(bridge_slave_1) entered forwarding state [ 341.694814][ T9203] 8021q: adding VLAN 0 to HW filter on device team0 [ 341.813253][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 341.820534][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 341.936859][ T25] bridge0: port 2(bridge_slave_1) entered blocking state [ 341.944873][ T25] bridge0: port 2(bridge_slave_1) entered forwarding state [ 342.370765][ T9203] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 342.470415][ T29] audit: type=1326 audit(1722380752.825:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9466 comm="syz.3.983" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe236b77299 code=0x0 [ 342.503025][ C0] vkms_vblank_simulate: vblank timer overrun [ 342.596413][ T9245] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 342.857617][ T9203] veth0_vlan: entered promiscuous mode [ 342.933202][ T9203] veth1_vlan: entered promiscuous mode [ 343.069939][ T9245] veth0_vlan: entered promiscuous mode [ 343.157128][ T9245] veth1_vlan: entered promiscuous mode [ 343.274868][ T9203] veth0_macvtap: entered promiscuous mode [ 343.360325][ T9203] veth1_macvtap: entered promiscuous mode [ 343.453400][ T9245] veth0_macvtap: entered promiscuous mode [ 343.488040][ T9245] veth1_macvtap: entered promiscuous mode [ 343.555002][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 343.577152][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.598810][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 343.620217][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.642626][ T9203] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 343.718321][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 343.731956][ T5295] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 343.740986][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.757964][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 343.771233][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.781945][ T9203] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 343.803753][ T9203] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.840399][ T9203] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 343.875871][ T9245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 343.932407][ T9245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 343.971204][ T5295] usb 4-1: Using ep0 maxpacket: 16 [ 344.001671][ T9245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 344.026896][ T5295] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 344.047814][ T9245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.058451][ T5295] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 344.075651][ T5295] usb 4-1: Product: syz [ 344.080453][ T5295] usb 4-1: Manufacturer: syz [ 344.086755][ T9245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 344.086758][ T5295] usb 4-1: SerialNumber: syz [ 344.086782][ T9245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.129470][ T5295] r8152-cfgselector 4-1: Unknown version 0x0000 [ 344.143125][ T5295] r8152-cfgselector 4-1: config 0 descriptor?? [ 344.144805][ T9245] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 344.189912][ T9203] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.238367][ T9203] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.290688][ T29] audit: type=1326 audit(1722380754.645:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9500 comm="syz.0.989" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3893d77299 code=0x0 [ 344.311341][ T9203] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.322222][ T9203] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.357428][ T9245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 344.379532][ T9245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.390582][ T9245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 344.405258][ T9245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.415994][ T9245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 344.432858][ T9245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.445675][ T9245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 344.477677][ T9245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 344.522351][ T9245] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 344.668475][ T9245] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.702483][ T9245] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.713639][ T9245] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.725850][ T9245] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 344.903739][ T5295] r8152-cfgselector 4-1: Unknown version 0x0000 [ 344.933064][ T5295] r8152-cfgselector 4-1: bad CDC descriptors [ 344.976412][ T5295] r8152-cfgselector 4-1: USB disconnect, device number 39 [ 344.985116][ T2547] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 345.026541][ T2547] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 345.151752][ T3393] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 345.178723][ T3393] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 345.290661][ T9520] xt_HMARK: spi-set and port-set can't be combined [ 345.314385][ T3393] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 345.343292][ T3393] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 345.422279][ T1106] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 345.447304][ T1106] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 345.476078][ T9526] usb usb8: usbfs: process 9526 (syz.2.924) did not claim interface 0 before use [ 345.651612][ T9] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 345.787699][ T9538] nvme_fabrics: unknown parameter or missing value ']' in ctrl creation request [ 345.821697][ C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 345.842198][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 345.868906][ T9] usb 2-1: New USB device found, idVendor=0572, idProduct=0041, bcdDevice=d5.24 [ 345.903029][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 345.943644][ T9] usb 2-1: Product: syz [ 345.964219][ T9] usb 2-1: Manufacturer: syz [ 345.985812][ T9] usb 2-1: SerialNumber: syz [ 346.016458][ T9] usb 2-1: config 0 descriptor?? [ 346.058811][ T9] gspca_main: conex-2.14.0 probing 0572:0041 [ 346.238976][ T29] audit: type=1326 audit(1722380756.595:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9542 comm="syz.2.996" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f26adb77299 code=0x0 [ 346.571825][ T9] usb 2-1: USB disconnect, device number 28 [ 346.584233][ T9553] FAULT_INJECTION: forcing a failure. [ 346.584233][ T9553] name failslab, interval 1, probability 0, space 0, times 0 [ 346.636430][ T9553] CPU: 1 UID: 0 PID: 9553 Comm: syz.4.998 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0 [ 346.647097][ T9553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 346.659367][ T9553] Call Trace: [ 346.663329][ T9553] [ 346.666335][ T9553] dump_stack_lvl+0x241/0x360 [ 346.671166][ T9553] ? __pfx_dump_stack_lvl+0x10/0x10 [ 346.676950][ T9553] ? __pfx__printk+0x10/0x10 [ 346.681590][ T9553] ? __kmalloc_node_noprof+0xb7/0x440 [ 346.687013][ T9553] ? __pfx___might_resched+0x10/0x10 [ 346.692358][ T9553] should_fail_ex+0x3b0/0x4e0 [ 346.697106][ T9553] should_failslab+0xac/0x100 [ 346.702017][ T9553] __kmalloc_node_noprof+0xdf/0x440 [ 346.707259][ T9553] ? allocate_slab+0xb6/0x2f0 [ 346.712001][ T9553] allocate_slab+0xb6/0x2f0 [ 346.717780][ T9553] ___slab_alloc+0xcd1/0x14b0 [ 346.722521][ T9553] ? __anon_vma_prepare+0x117/0x4a0 [ 346.727777][ T9553] ? __anon_vma_prepare+0x117/0x4a0 [ 346.733021][ T9553] __slab_alloc+0x58/0xa0 [ 346.737377][ T9553] ? __anon_vma_prepare+0x117/0x4a0 [ 346.742597][ T9553] kmem_cache_alloc_noprof+0x1c1/0x2a0 [ 346.748137][ T9553] __anon_vma_prepare+0x117/0x4a0 [ 346.753177][ T9553] handle_pte_fault+0x5788/0x6eb0 [ 346.758249][ T9553] ? __pfx_handle_pte_fault+0x10/0x10 [ 346.763666][ T9553] ? __pfx_lock_acquire+0x10/0x10 [ 346.768829][ T9553] ? __pmd_alloc+0x507/0x630 [ 346.773478][ T9553] ? __pfx_lock_release+0x10/0x10 [ 346.778554][ T9553] ? do_raw_spin_lock+0x14f/0x370 [ 346.783635][ T9553] ? do_raw_spin_unlock+0x13c/0x8b0 [ 346.788900][ T9553] ? _raw_spin_unlock+0x28/0x50 [ 346.793794][ T9553] ? __pmd_alloc+0x507/0x630 [ 346.798527][ T9553] ? __pfx___pmd_alloc+0x10/0x10 [ 346.803541][ T9553] ? __pfx_lock_release+0x10/0x10 [ 346.808634][ T9553] handle_mm_fault+0x1029/0x1980 [ 346.813778][ T9553] ? __pfx_handle_mm_fault+0x10/0x10 [ 346.819137][ T9553] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 346.825541][ T9553] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 346.831233][ T9553] exc_page_fault+0x2b9/0x8c0 [ 346.836180][ T9553] asm_exc_page_fault+0x26/0x30 [ 346.842583][ T9553] RIP: 0010:__put_user_4+0x11/0x20 [ 346.849315][ T9553] Code: 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 [ 346.875925][ T9553] RSP: 0018:ffffc900043f7dd8 EFLAGS: 00050202 [ 346.882757][ T9553] RAX: 0000000000000004 RBX: 0000000000000000 RCX: 0000000020000040 [ 346.890873][ T9553] RDX: 0000000000000000 RSI: ffffffff8c0ae6e0 RDI: ffffffff8c6059c0 [ 346.899370][ T9553] RBP: ffffc900043f7ed0 R08: ffffffff9017a16f R09: 1ffffffff202f42d [ 346.909741][ T9553] R10: dffffc0000000000 R11: fffffbfff202f42e R12: 0000000000000000 [ 346.921913][ T9553] R13: 1ffff9200087efc4 R14: 1ffff9200087efcc R15: 0000000020000040 [ 346.930585][ T9553] __sys_socketpair+0x186/0x720 [ 346.935544][ T9553] ? __pfx___sys_socketpair+0x10/0x10 [ 346.940993][ T9553] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 346.947057][ T9553] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 346.953461][ T9553] ? do_syscall_64+0x100/0x230 [ 346.958301][ T9553] __x64_sys_socketpair+0x9b/0xb0 [ 346.963403][ T9553] do_syscall_64+0xf3/0x230 [ 346.967982][ T9553] ? clear_bhb_loop+0x35/0x90 [ 346.972737][ T9553] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 346.978781][ T9553] RIP: 0033:0x7ffbbf577299 [ 346.983246][ T9553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 346.992785][ T29] audit: type=1326 audit(1722380757.155:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9556 comm="syz.3.999" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe236b77299 code=0x0 [ 347.004995][ T9553] RSP: 002b:00007ffbc03d6048 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 347.005038][ T9553] RAX: ffffffffffffffda RBX: 00007ffbbf705f80 RCX: 00007ffbbf577299 [ 347.005059][ T9553] RDX: 0000000000000007 RSI: 0000000000000002 RDI: 000000000000001d [ 347.005075][ T9553] RBP: 00007ffbc03d60a0 R08: 0000000000000000 R09: 0000000000000000 [ 347.005091][ T9553] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001 [ 347.005108][ T9553] R13: 000000000000000b R14: 00007ffbbf705f80 R15: 00007ffbbf82fa38 [ 347.005146][ T9553] [ 347.946910][ T9586] usb usb8: usbfs: process 9586 (syz.2.1005) did not claim interface 0 before use [ 348.051209][ T9] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 348.244939][ T9596] xt_HMARK: spi-set and port-set can't be combined [ 348.313216][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 348.348584][ T9598] nvme_fabrics: unknown parameter or missing value ']' in ctrl creation request [ 348.352210][ T9] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 348.376582][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 348.386892][ T9] usb 4-1: Product: syz [ 348.394745][ T9] usb 4-1: Manufacturer: syz [ 348.399690][ T9] usb 4-1: SerialNumber: syz [ 348.444264][ T9] r8152-cfgselector 4-1: Unknown version 0x0000 [ 348.491220][ T9] r8152-cfgselector 4-1: config 0 descriptor?? [ 348.797163][ T9583] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 348.825274][ T9583] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 349.288212][ T9] r8152-cfgselector 4-1: Unknown version 0x0000 [ 349.308203][ T9] r8152-cfgselector 4-1: bad CDC descriptors [ 349.334155][ T9] r8152-cfgselector 4-1: USB disconnect, device number 40 [ 349.380385][ T25] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 349.561234][ T9621] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 349.601314][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 349.620264][ T25] usb 3-1: New USB device found, idVendor=0572, idProduct=0041, bcdDevice=d5.24 [ 349.638104][ T29] audit: type=1326 audit(1722380759.995:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9618 comm="syz.1.1013" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f940c977299 code=0x0 [ 349.682854][ T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 349.746016][ T25] usb 3-1: Product: syz [ 349.757933][ T25] usb 3-1: Manufacturer: syz [ 349.775570][ T25] usb 3-1: SerialNumber: syz [ 349.813772][ T25] usb 3-1: config 0 descriptor?? [ 349.840568][ T25] gspca_main: conex-2.14.0 probing 0572:0041 [ 350.339817][ T25] usb 3-1: USB disconnect, device number 41 [ 350.423146][ T5230] Bluetooth: hci0: command 0x0406 tx timeout [ 350.886205][ T9645] usb usb8: usbfs: process 9645 (syz.1.1018) did not claim interface 0 before use [ 351.529118][ T9635] delete_channel: no stack [ 351.555600][ T9635] delete_channel: no stack [ 351.562664][ T9662] xt_HMARK: spi-set and port-set can't be combined [ 351.986937][ T5277] usb 2-1: new full-speed USB device number 29 using dummy_hcd [ 352.184653][ T5277] usb 2-1: config 0 has an invalid descriptor of length 36, skipping remainder of the config [ 352.231251][ T5277] usb 2-1: New USB device found, idVendor=045e, idProduct=00f4, bcdDevice=d5.51 [ 352.240408][ T5277] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 352.270065][ T1193] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 352.305100][ T5277] usb 2-1: config 0 descriptor?? [ 352.338010][ T5277] gspca_main: gspca_sn9c20x-2.14.0 probing 045e:00f4 [ 352.481674][ T1193] usb 1-1: Using ep0 maxpacket: 16 [ 352.502260][ T1193] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 352.542964][ T1193] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 352.587189][ T1193] usb 1-1: Product: syz [ 352.618385][ T1193] usb 1-1: Manufacturer: syz [ 352.628880][ T1193] usb 1-1: SerialNumber: syz [ 352.677435][ T1193] r8152-cfgselector 1-1: Unknown version 0x0000 [ 352.705159][ T1193] r8152-cfgselector 1-1: config 0 descriptor?? [ 352.719700][ T5231] Bluetooth: Unexpected continuation frame (len 24) [ 352.989280][ T9679] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 353.050466][ T9679] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 353.062070][ T5277] gspca_sn9c20x: Write register 1001 failed -110 [ 353.068504][ T5277] gspca_sn9c20x: Device initialization failed [ 353.099019][ T5277] gspca_sn9c20x 2-1:0.0: probe with driver gspca_sn9c20x failed with error -110 [ 353.208584][ T9672] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 353.234944][ T9672] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 353.248519][ T9704] usb usb8: usbfs: process 9704 (syz.3.1030) did not claim interface 0 before use [ 353.540432][ T9] usb 2-1: USB disconnect, device number 29 [ 353.580295][ T1193] r8152-cfgselector 1-1: Unknown version 0x0000 [ 353.615084][ T9708] Cannot find add_set index 0 as target [ 353.622566][ T1193] r8152-cfgselector 1-1: bad CDC descriptors [ 353.632269][ T5231] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 353.643362][ T5231] Bluetooth: hci1: Injecting HCI hardware error event [ 353.658160][ T5230] Bluetooth: hci1: hardware error 0x00 [ 353.701423][ T1193] r8152-cfgselector 1-1: USB disconnect, device number 49 [ 353.760097][ T29] audit: type=1326 audit(1722380764.105:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9705 comm="syz.3.1031" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe236b77299 code=0x0 [ 353.813890][ T29] audit: type=1326 audit(1722380764.175:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9710 comm="syz.4.1032" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffbbf577299 code=0x0 [ 354.152741][ T9724] xt_HMARK: spi-set and port-set can't be combined [ 354.560971][ T9736] usb usb8: usbfs: process 9736 (syz.0.1041) did not claim interface 0 before use [ 355.847642][ T9746] delete_channel: no stack [ 355.861846][ T5230] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 355.880498][ T9746] delete_channel: no stack [ 356.257301][ T1106] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.327250][ T9768] usb usb8: usbfs: process 9768 (syz.1.1052) did not claim interface 0 before use [ 356.425531][ T1106] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.521699][ T1106] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.677198][ T1106] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 357.358130][ T1106] bridge_slave_1: left allmulticast mode [ 357.424751][ T1106] bridge_slave_1: left promiscuous mode [ 357.466868][ T1106] bridge0: port 2(bridge_slave_1) entered disabled state [ 357.520774][ T1106] bridge_slave_0: left allmulticast mode [ 357.550216][ T1106] bridge_slave_0: left promiscuous mode [ 357.591882][ T1106] bridge0: port 1(bridge_slave_0) entered disabled state [ 357.661375][ T5277] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 357.743797][ T5231] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 357.755757][ T5231] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 357.773775][ T5231] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 357.790489][ T5231] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 357.799701][ T5231] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 357.809388][ T5231] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 357.855573][ T9773] delete_channel: no stack [ 357.864209][ T9773] delete_channel: no stack [ 357.871586][ T5277] usb 1-1: Using ep0 maxpacket: 16 [ 357.888306][ T5277] usb 1-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=9d.3d [ 357.898807][ T5277] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.909164][ T5277] usb 1-1: Product: syz [ 357.921690][ T5277] usb 1-1: Manufacturer: syz [ 357.930344][ T5277] usb 1-1: SerialNumber: syz [ 357.962938][ T5277] usb 1-1: config 0 descriptor?? [ 358.048048][ T5277] usb 1-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 358.213313][ T2547] usb 1-1: Failed to submit usb control message: -71 [ 358.213689][ T5297] usb 1-1: USB disconnect, device number 50 [ 358.239775][ T2547] usb 1-1: unable to send the bmi data to the device: -71 [ 358.253095][ T2547] usb 1-1: unable to get target info from device [ 358.259762][ T2547] usb 1-1: could not get target info (-71) [ 358.279803][ T2547] usb 1-1: could not probe fw (-71) [ 358.676574][ T9809] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 359.252025][ T9829] usb usb8: usbfs: process 9829 (syz.0.1063) did not claim interface 0 before use [ 359.633360][ T1106] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 359.634004][ T9834] usb usb8: usbfs: process 9834 (syz.1.1065) did not claim interface 0 before use [ 359.660659][ T1106] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 359.688266][ T1106] bond0 (unregistering): Released all slaves [ 359.864682][ T5230] Bluetooth: hci4: command tx timeout [ 359.896729][ T9837] sctp: [Deprecated]: syz.4.1066 (pid 9837) Use of struct sctp_assoc_value in delayed_ack socket option. [ 359.896729][ T9837] Use struct sctp_sack_info instead [ 360.030579][ T9843] FAULT_INJECTION: forcing a failure. [ 360.030579][ T9843] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 360.045622][ T9843] CPU: 1 UID: 0 PID: 9843 Comm: syz.0.1068 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0 [ 360.056358][ T9843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 360.066805][ T9843] Call Trace: [ 360.070129][ T9843] [ 360.073190][ T9843] dump_stack_lvl+0x241/0x360 [ 360.077920][ T9843] ? __pfx_dump_stack_lvl+0x10/0x10 [ 360.083186][ T9843] ? __pfx__printk+0x10/0x10 [ 360.088102][ T9843] ? snprintf+0xda/0x120 [ 360.092397][ T9843] should_fail_ex+0x3b0/0x4e0 [ 360.097223][ T9843] _copy_to_user+0x2f/0xb0 [ 360.101698][ T9843] simple_read_from_buffer+0xca/0x150 [ 360.107126][ T9843] proc_fail_nth_read+0x1e9/0x250 [ 360.112198][ T9843] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 360.117789][ T9843] ? rw_verify_area+0x520/0x6b0 [ 360.121342][ T9841] usb usb8: usbfs: process 9841 (syz.3.1067) did not claim interface 0 before use [ 360.122659][ T9843] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 360.137428][ T9843] vfs_read+0x204/0xbc0 [ 360.141627][ T9843] ? __pfx_lock_release+0x10/0x10 [ 360.146704][ T9843] ? __pfx_vfs_read+0x10/0x10 [ 360.151422][ T9843] ? trace_contention_end+0x3c/0x120 [ 360.156842][ T9843] ? __fget_files+0x29/0x470 [ 360.161906][ T9843] ? __fget_files+0x3f6/0x470 [ 360.166782][ T9843] ksys_read+0x1a0/0x2c0 [ 360.171098][ T9843] ? __pfx_ksys_read+0x10/0x10 [ 360.175926][ T9843] ? do_syscall_64+0x100/0x230 [ 360.180843][ T9843] ? do_syscall_64+0xb6/0x230 [ 360.185594][ T9843] do_syscall_64+0xf3/0x230 [ 360.190173][ T9843] ? clear_bhb_loop+0x35/0x90 [ 360.195544][ T9843] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 360.202118][ T9843] RIP: 0033:0x7f3893d75d7c [ 360.206958][ T9843] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 360.227584][ T9843] RSP: 002b:00007f3894b56040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 360.238063][ T9843] RAX: ffffffffffffffda RBX: 00007f3893f05f80 RCX: 00007f3893d75d7c [ 360.247516][ T9843] RDX: 000000000000000f RSI: 00007f3894b560b0 RDI: 0000000000000005 [ 360.256387][ T9843] RBP: 00007f3894b560a0 R08: 0000000000000000 R09: 0000000000000000 [ 360.264933][ T9843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 360.273573][ T9843] R13: 000000000000000b R14: 00007f3893f05f80 R15: 00007f389402fa38 [ 360.282239][ T9843] [ 360.567922][ T9790] chnl_net:caif_netlink_parms(): no params data found [ 360.753657][ T29] audit: type=1326 audit(1722380771.105:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9854 comm="syz.3.1071" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe236b77299 code=0x0 [ 361.128724][ T1106] hsr_slave_0: left promiscuous mode [ 361.190080][ T1106] hsr_slave_1: left promiscuous mode [ 361.246403][ T1106] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 361.286344][ T1106] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 361.348092][ T1106] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 361.495742][ T1106] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 361.635594][ T1106] veth1_macvtap: left promiscuous mode [ 361.666725][ T1106] veth0_macvtap: left promiscuous mode [ 361.697314][ T1106] veth1_vlan: left promiscuous mode [ 361.702832][ T9891] usb usb8: usbfs: process 9891 (syz.1.1077) did not claim interface 0 before use [ 361.720321][ T1106] veth0_vlan: left promiscuous mode [ 361.951561][ T5230] Bluetooth: hci4: command tx timeout [ 362.156955][ T9896] usb usb8: usbfs: process 9896 (syz.0.1078) did not claim interface 0 before use [ 362.783753][ T1106] team0 (unregistering): Port device team_slave_1 removed [ 362.843479][ T1106] team0 (unregistering): Port device team_slave_0 removed [ 363.643736][ T9790] bridge0: port 1(bridge_slave_0) entered blocking state [ 363.706134][ T9790] bridge0: port 1(bridge_slave_0) entered disabled state [ 363.718866][ T9790] bridge_slave_0: entered allmulticast mode [ 363.738018][ T9790] bridge_slave_0: entered promiscuous mode [ 363.768807][ T9790] bridge0: port 2(bridge_slave_1) entered blocking state [ 363.787674][ T9909] usb usb8: usbfs: process 9909 (syz.0.1081) did not claim interface 0 before use [ 363.811306][ T9790] bridge0: port 2(bridge_slave_1) entered disabled state [ 363.829731][ T9790] bridge_slave_1: entered allmulticast mode [ 363.849395][ T9790] bridge_slave_1: entered promiscuous mode [ 363.939478][ T9790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 363.991053][ T9790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 364.021684][ T5230] Bluetooth: hci4: command tx timeout [ 364.127739][ T9790] team0: Port device team_slave_0 added [ 364.143563][ T25] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 364.151605][ T5279] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 364.168467][ T9790] team0: Port device team_slave_1 added [ 364.267946][ T9790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 364.278757][ T9790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 364.312208][ C0] vkms_vblank_simulate: vblank timer overrun [ 364.324981][ T9790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 364.353366][ T25] usb 5-1: Using ep0 maxpacket: 16 [ 364.358684][ T5279] usb 2-1: Using ep0 maxpacket: 16 [ 364.365864][ T9790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 364.365904][ T9927] xt_HMARK: spi-set and port-set can't be combined [ 364.374093][ T9790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 364.401523][ T5279] usb 2-1: New USB device found, idVendor=0572, idProduct=0041, bcdDevice=d5.24 [ 364.411168][ T8] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 364.418183][ T5279] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 364.433108][ T25] usb 5-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=45.98 [ 364.450306][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 364.450490][ T9790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 364.464704][ T5279] usb 2-1: Product: syz [ 364.476556][ T25] usb 5-1: Product: syz [ 364.480790][ T25] usb 5-1: Manufacturer: syz [ 364.488648][ T5279] usb 2-1: Manufacturer: syz [ 364.494144][ T5279] usb 2-1: SerialNumber: syz [ 364.499342][ T25] usb 5-1: SerialNumber: syz [ 364.524479][ T5279] usb 2-1: config 0 descriptor?? [ 364.532247][ T25] usb 5-1: config 0 descriptor?? [ 364.551362][ T5279] gspca_main: conex-2.14.0 probing 0572:0041 [ 364.631742][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 364.651313][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 364.676642][ T9790] hsr_slave_0: entered promiscuous mode [ 364.685417][ T8] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 364.705526][ T9790] hsr_slave_1: entered promiscuous mode [ 364.721923][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 364.766722][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 364.822905][ T8] usb 1-1: New USB device found, idVendor=0582, idProduct=007a, bcdDevice=c7.3d [ 364.822945][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 364.822970][ T8] usb 1-1: Product: syz [ 364.822988][ T8] usb 1-1: Manufacturer: syz [ 364.823006][ T8] usb 1-1: SerialNumber: syz [ 364.825871][ T8] usb 1-1: config 0 descriptor?? [ 364.967079][ T5279] usb 2-1: USB disconnect, device number 30 [ 365.123381][ T9920] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 365.124285][ T9920] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 365.254407][ T8] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 365.513300][ T25] mos7840 5-1:0.0: required endpoints missing [ 365.559325][ T29] audit: type=1326 audit(1722380775.915:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9940 comm="syz.3.1085" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe236b77299 code=0x0 [ 365.606867][ T25] usb 5-1: USB disconnect, device number 27 [ 365.646884][ T8] snd-usb-audio 1-1:0.0: probe with driver snd-usb-audio failed with error -12 [ 365.719032][ T8] usb 1-1: USB disconnect, device number 51 [ 365.977466][ T5819] udevd[5819]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 366.102538][ T5230] Bluetooth: hci4: command tx timeout [ 366.693433][ T9968] usb usb8: usbfs: process 9968 (syz.4.1089) did not claim interface 0 before use [ 367.040422][ T9790] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 367.060079][ T9977] usb usb8: usbfs: process 9977 (syz.4.1091) did not claim interface 0 before use [ 367.092344][ T9790] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 367.150438][ T9790] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 367.176134][ T9790] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 367.322314][ T5279] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 367.517964][ T9790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 367.541613][ T5279] usb 2-1: Using ep0 maxpacket: 32 [ 367.552472][ T5279] usb 2-1: New USB device found, idVendor=8086, idProduct=0b63, bcdDevice=e1.fc [ 367.567253][ T5279] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 367.584523][ T9790] 8021q: adding VLAN 0 to HW filter on device team0 [ 367.597003][ T5279] usb 2-1: config 0 descriptor?? [ 367.615115][ T5279] ljca 2-1:0.0: bulk endpoints not found [ 367.670871][ T5279] bridge0: port 1(bridge_slave_0) entered blocking state [ 367.678149][ T5279] bridge0: port 1(bridge_slave_0) entered forwarding state [ 367.716453][ T5279] bridge0: port 2(bridge_slave_1) entered blocking state [ 367.723763][ T5279] bridge0: port 2(bridge_slave_1) entered forwarding state [ 367.848309][ T1193] usb 2-1: USB disconnect, device number 31 [ 367.895842][ T9790] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 367.999518][ T9790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 368.031633][ T9994] xt_HMARK: spi-set and port-set can't be combined [ 368.166313][ T9790] veth0_vlan: entered promiscuous mode [ 368.211426][ T9790] veth1_vlan: entered promiscuous mode [ 368.301116][ T9790] veth0_macvtap: entered promiscuous mode [ 368.344377][ T9790] veth1_macvtap: entered promiscuous mode [ 368.435965][ T9790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 368.473086][ T9790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.508753][ T9790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 368.531258][ T9790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.551179][ T9790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 368.572897][ T9790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.606010][ T9790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 368.655853][ T29] audit: type=1326 audit(1722380779.005:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10002 comm="syz.1.1097" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f940c977299 code=0x0 [ 368.716040][ T9790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 368.766330][ T9790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.797024][ T9790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 368.811429][ T9790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.835001][ T9790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 368.870953][ T9790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.921234][ T9790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 368.974609][ T9790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 369.025892][ T9790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 369.089328][ T9790] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 369.114714][ T9790] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 369.136154][T10023] usb usb8: usbfs: process 10023 (syz.0.1100) did not claim interface 0 before use [ 369.161883][ T9790] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 369.202218][ T9790] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 369.613530][ T3393] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 369.652097][ T3393] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 369.742250][ T5295] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 369.783070][ T3393] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 369.807312][ T3393] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 369.966518][ T5295] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 370.013878][ T5295] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 2 [ 370.079578][ T5295] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 370.113879][ T29] audit: type=1326 audit(1722380780.475:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10047 comm="syz.2.1053" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3d5cd77299 code=0x0 [ 370.121215][ T5295] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 370.237805][ T5295] usb 1-1: Product: syz [ 370.247931][ T5295] usb 1-1: Manufacturer: syz [ 370.265330][ T5295] usb 1-1: SerialNumber: syz [ 370.714855][T10066] program syz.3.1104 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 371.043003][ T8] usb 1-1: USB disconnect, device number 52 [ 371.214092][T10074] usb usb8: usbfs: process 10074 (syz.2.1111) did not claim interface 0 before use [ 371.391409][ T5280] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 371.464738][ T3393] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 371.626043][ T5280] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 371.688811][ T5280] usb 2-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 371.720662][ T5280] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.760768][ T5280] usb 2-1: config 0 descriptor?? [ 371.780287][ T3393] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 372.083256][ T3393] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 372.226079][T10071] netlink: 'syz.1.1109': attribute type 10 has an invalid length. [ 372.278092][T10071] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 372.388125][T10071] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 372.473322][T10071] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 372.596764][ T3393] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 372.791843][ T5280] usb 2-1: USB disconnect, device number 32 [ 372.867991][ T5231] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 372.894765][ T5231] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 372.908258][ T5231] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 372.928417][ T5231] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 372.952783][ T5231] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 372.965873][ T5231] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 373.368619][T10114] nvme_fabrics: unknown parameter or missing value ']' in ctrl creation request [ 373.389704][ T3393] bridge_slave_1: left allmulticast mode [ 373.403243][ T3393] bridge_slave_1: left promiscuous mode [ 373.429333][ T3393] bridge0: port 2(bridge_slave_1) entered disabled state [ 373.491931][ T3393] bridge_slave_0: left allmulticast mode [ 373.511300][ T3393] bridge_slave_0: left promiscuous mode [ 373.537172][ T3393] bridge0: port 1(bridge_slave_0) entered disabled state [ 374.287211][T10143] usb usb8: usbfs: process 10143 (syz.2.1123) did not claim interface 0 before use [ 374.391483][ T5295] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 374.620562][ T5295] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 374.647282][ T5295] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 2 [ 374.684568][ T5295] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 374.696156][ T5295] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 374.709884][ T5295] usb 2-1: Product: syz [ 374.714744][ T5295] usb 2-1: Manufacturer: syz [ 374.719662][ T5295] usb 2-1: SerialNumber: syz [ 375.072099][ T5230] Bluetooth: hci1: command tx timeout [ 375.264261][ T3393] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 375.311046][ T3393] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 375.347682][ T3393] bond0 (unregistering): Released all slaves [ 375.376886][ T5295] usb 2-1: USB disconnect, device number 33 [ 375.452817][T10134] (unnamed net_device) (uninitialized): option ad_select: invalid value (255) [ 375.774350][T10105] chnl_net:caif_netlink_parms(): no params data found [ 376.369660][T10198] nvme_fabrics: unknown parameter or missing value ']' in ctrl creation request [ 376.502590][ T5295] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 376.764131][ T5295] usb 4-1: Using ep0 maxpacket: 16 [ 376.799586][ T5295] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 376.825061][ T5295] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 376.861424][ T5295] usb 4-1: Product: syz [ 376.873569][ T5295] usb 4-1: Manufacturer: syz [ 376.884636][ T5295] usb 4-1: SerialNumber: syz [ 376.925720][ T5295] r8152-cfgselector 4-1: Unknown version 0x0000 [ 376.957928][ T5295] r8152-cfgselector 4-1: config 0 descriptor?? [ 377.030698][ T3393] hsr_slave_0: left promiscuous mode [ 377.048782][ T3393] hsr_slave_1: left promiscuous mode [ 377.065744][T10215] usb usb8: usbfs: process 10215 (syz.2.1136) did not claim interface 0 before use [ 377.080140][ T3393] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 377.090610][ T3393] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 377.100561][ T3393] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 377.109371][ T3393] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 377.143777][ T5230] Bluetooth: hci1: command tx timeout [ 377.206304][ T3393] veth1_macvtap: left promiscuous mode [ 377.216071][ T3393] veth0_macvtap: left promiscuous mode [ 377.236477][ T3393] veth1_vlan: left promiscuous mode [ 377.250035][ T3393] veth0_vlan: left promiscuous mode [ 377.312871][T10191] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 377.352349][T10191] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 377.564792][ T5231] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 377.578691][ T5231] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 377.600829][ T5231] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 377.617626][ T5231] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 377.627615][ T5231] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 377.636905][ T5231] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 377.905885][ T5295] r8152-cfgselector 4-1: Unknown version 0x0000 [ 377.924494][T10221] FAULT_INJECTION: forcing a failure. [ 377.924494][T10221] name failslab, interval 1, probability 0, space 0, times 0 [ 377.932664][ T5295] r8152-cfgselector 4-1: bad CDC descriptors [ 377.944934][T10221] CPU: 1 UID: 0 PID: 10221 Comm: syz.1.1138 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0 [ 377.944978][T10221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 377.944993][T10221] Call Trace: [ 377.945005][T10221] [ 377.945017][T10221] dump_stack_lvl+0x241/0x360 [ 377.945055][T10221] ? __pfx_dump_stack_lvl+0x10/0x10 [ 377.945086][T10221] ? __pfx__printk+0x10/0x10 [ 377.945117][T10221] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 377.945145][T10221] ? __pfx___might_resched+0x10/0x10 [ 377.945180][T10221] should_fail_ex+0x3b0/0x4e0 [ 377.945222][T10221] should_failslab+0xac/0x100 [ 377.945258][T10221] ? __alloc_skb+0x1c3/0x440 [ 377.945292][T10221] kmem_cache_alloc_node_noprof+0x71/0x320 [ 377.945323][T10221] __alloc_skb+0x1c3/0x440 [ 377.945362][T10221] ? __pfx___alloc_skb+0x10/0x10 [ 377.974736][ T5295] r8152-cfgselector 4-1: USB disconnect, device number 41 [ 377.978515][T10221] ? netlink_autobind+0xd6/0x2f0 [ 378.040854][T10221] ? netlink_autobind+0x2b0/0x2f0 [ 378.045922][T10221] netlink_sendmsg+0x638/0xcb0 [ 378.050735][T10221] ? __pfx_netlink_sendmsg+0x10/0x10 [ 378.056098][T10221] ? __import_iovec+0x536/0x820 [ 378.060998][T10221] ? aa_sock_msg_perm+0x91/0x160 [ 378.065991][T10221] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 378.071446][T10221] ? security_socket_sendmsg+0x87/0xb0 [ 378.076963][T10221] ? __pfx_netlink_sendmsg+0x10/0x10 [ 378.083396][T10221] __sock_sendmsg+0x221/0x270 [ 378.088894][T10221] ____sys_sendmsg+0x525/0x7d0 [ 378.093707][T10221] ? __pfx_____sys_sendmsg+0x10/0x10 [ 378.099048][T10221] __sys_sendmsg+0x2b0/0x3a0 [ 378.103666][T10221] ? __pfx___sys_sendmsg+0x10/0x10 [ 378.108784][T10221] ? vfs_write+0x7c4/0xc90 [ 378.113259][T10221] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 378.119594][T10221] ? do_syscall_64+0x100/0x230 [ 378.124378][T10221] ? do_syscall_64+0xb6/0x230 [ 378.130446][T10221] do_syscall_64+0xf3/0x230 [ 378.135002][T10221] ? clear_bhb_loop+0x35/0x90 [ 378.139917][T10221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.145877][T10221] RIP: 0033:0x7f940c977299 [ 378.150348][T10221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 378.170359][T10221] RSP: 002b:00007f940d71a048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 378.181194][T10221] RAX: ffffffffffffffda RBX: 00007f940cb05f80 RCX: 00007f940c977299 [ 378.195741][T10221] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000004 [ 378.212351][T10221] RBP: 00007f940d71a0a0 R08: 0000000000000000 R09: 0000000000000000 [ 378.220800][T10221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 378.228831][T10221] R13: 000000000000000b R14: 00007f940cb05f80 R15: 00007f940cc2fa38 [ 378.236878][T10221] [ 378.302390][T10223] FAULT_INJECTION: forcing a failure. [ 378.302390][T10223] name failslab, interval 1, probability 0, space 0, times 0 [ 378.315313][T10223] CPU: 1 UID: 0 PID: 10223 Comm: syz.1.1139 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0 [ 378.326138][T10223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 378.336337][T10223] Call Trace: [ 378.339642][T10223] [ 378.342599][T10223] dump_stack_lvl+0x241/0x360 [ 378.347407][T10223] ? __pfx_dump_stack_lvl+0x10/0x10 [ 378.352641][T10223] ? __pfx__printk+0x10/0x10 [ 378.357240][T10223] ? kmem_cache_alloc_noprof+0x44/0x2a0 [ 378.362894][T10223] ? __pfx___might_resched+0x10/0x10 [ 378.368219][T10223] should_fail_ex+0x3b0/0x4e0 [ 378.372930][T10223] ? security_file_alloc+0x28/0x130 [ 378.378145][T10223] should_failslab+0xac/0x100 [ 378.382883][T10223] ? security_file_alloc+0x28/0x130 [ 378.388152][T10223] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 378.393544][T10223] security_file_alloc+0x28/0x130 [ 378.398642][T10223] init_file+0x99/0x200 [ 378.402817][T10223] alloc_empty_file+0xb8/0x1d0 [ 378.407595][T10223] path_openat+0x105/0x3470 [ 378.412121][T10223] ? mark_lock+0x9a/0x350 [ 378.416469][T10223] ? __pfx_stack_trace_save+0x10/0x10 [ 378.421872][T10223] ? __lock_acquire+0x137a/0x2040 [ 378.426921][T10223] ? __lock_acquire+0x137a/0x2040 [ 378.432771][T10223] ? __pfx_path_openat+0x10/0x10 [ 378.437741][T10223] do_filp_open+0x235/0x490 [ 378.442268][T10223] ? __pfx_do_filp_open+0x10/0x10 [ 378.447323][T10223] ? _raw_spin_unlock+0x28/0x50 [ 378.452190][T10223] ? alloc_fd+0x5a1/0x640 [ 378.456561][T10223] do_sys_openat2+0x13e/0x1d0 [ 378.461246][T10223] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 378.467247][T10223] ? __pfx_do_sys_openat2+0x10/0x10 [ 378.472473][T10223] ? __fget_files+0x3f6/0x470 [ 378.477191][T10223] __x64_sys_openat+0x247/0x2a0 [ 378.482060][T10223] ? __pfx___x64_sys_openat+0x10/0x10 [ 378.487445][T10223] ? do_syscall_64+0x100/0x230 [ 378.492224][T10223] ? do_syscall_64+0xb6/0x230 [ 378.496927][T10223] do_syscall_64+0xf3/0x230 [ 378.501444][T10223] ? clear_bhb_loop+0x35/0x90 [ 378.506141][T10223] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.512051][T10223] RIP: 0033:0x7f940c977299 [ 378.516646][T10223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 378.536259][T10223] RSP: 002b:00007f940d71a048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 378.544684][T10223] RAX: ffffffffffffffda RBX: 00007f940cb05f80 RCX: 00007f940c977299 [ 378.552678][T10223] RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000003 [ 378.560657][T10223] RBP: 00007f940d71a0a0 R08: 0000000000000000 R09: 0000000000000000 [ 378.568635][T10223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 378.576616][T10223] R13: 000000000000000b R14: 00007f940cb05f80 R15: 00007f940cc2fa38 [ 378.584709][T10223] [ 379.075667][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.085476][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.181040][ T3393] team0 (unregistering): Port device team_slave_1 removed [ 379.245471][ T5231] Bluetooth: hci1: command tx timeout [ 379.278664][ T3393] team0 (unregistering): Port device team_slave_0 removed [ 379.718510][ T5231] Bluetooth: hci3: command tx timeout [ 380.009169][T10105] bridge0: port 1(bridge_slave_0) entered blocking state [ 380.024538][T10105] bridge0: port 1(bridge_slave_0) entered disabled state [ 380.051774][T10105] bridge_slave_0: entered allmulticast mode [ 380.059435][T10105] bridge_slave_0: entered promiscuous mode [ 380.092249][T10231] netlink: 'syz.1.1141': attribute type 10 has an invalid length. [ 380.100091][T10231] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1141'. [ 380.121466][T10231] bridge0: port 3(ipvlan1) entered blocking state [ 380.129926][T10231] bridge0: port 3(ipvlan1) entered disabled state [ 380.141000][T10231] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 380.165546][T10232] netdevsim netdevsim3: Direct firmware load for ng failed with error -2 [ 380.185536][T10105] bridge0: port 2(bridge_slave_1) entered blocking state [ 380.211286][T10232] netdevsim netdevsim3: Falling back to sysfs fallback for: ng [ 380.218603][T10105] bridge0: port 2(bridge_slave_1) entered disabled state [ 380.236693][T10105] bridge_slave_1: entered allmulticast mode [ 380.266067][T10105] bridge_slave_1: entered promiscuous mode [ 380.479088][T10105] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 380.542381][T10105] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 380.630216][T10245] nvme_fabrics: unknown parameter or missing value ']' in ctrl creation request [ 380.783995][T10105] team0: Port device team_slave_0 added [ 380.836715][T10105] team0: Port device team_slave_1 added [ 381.102132][T10105] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 381.124818][T10105] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 381.191494][T10105] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 381.217142][T10105] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 381.236201][T10105] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 381.287618][T10105] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 381.304586][ T5231] Bluetooth: hci1: command tx timeout [ 381.667699][T10105] hsr_slave_0: entered promiscuous mode [ 381.683509][T10105] hsr_slave_1: entered promiscuous mode [ 381.701835][T10105] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 381.722740][T10105] Cannot create hsr debugfs directory [ 381.795885][ T5231] Bluetooth: hci3: command tx timeout [ 382.004936][ T3393] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.181639][T10217] chnl_net:caif_netlink_parms(): no params data found [ 382.288918][ T3393] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.481295][T10284] usb usb8: usbfs: process 10284 (syz.1.1151) did not claim interface 0 before use [ 382.559153][ T3393] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.891262][ T29] audit: type=1326 audit(1722380793.225:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10287 comm="syz.2.1153" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3d5cd77299 code=0x0 [ 383.007583][ T3393] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 383.415186][T10217] bridge0: port 1(bridge_slave_0) entered blocking state [ 383.445596][T10217] bridge0: port 1(bridge_slave_0) entered disabled state [ 383.481410][T10217] bridge_slave_0: entered allmulticast mode [ 383.490580][T10217] bridge_slave_0: entered promiscuous mode [ 383.528426][T10217] bridge0: port 2(bridge_slave_1) entered blocking state [ 383.543059][T10217] bridge0: port 2(bridge_slave_1) entered disabled state [ 383.550637][T10217] bridge_slave_1: entered allmulticast mode [ 383.578395][T10217] bridge_slave_1: entered promiscuous mode [ 383.712263][ T25] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 383.822484][T10217] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 383.861889][ T5231] Bluetooth: hci3: command tx timeout [ 383.872573][T10319] FAULT_INJECTION: forcing a failure. [ 383.872573][T10319] name failslab, interval 1, probability 0, space 0, times 0 [ 383.879070][T10217] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 383.911896][T10319] CPU: 1 UID: 0 PID: 10319 Comm: syz.3.1158 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0 [ 383.922737][T10319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 383.933016][T10319] Call Trace: [ 383.936594][T10319] [ 383.939573][T10319] dump_stack_lvl+0x241/0x360 [ 383.946871][T10319] ? __pfx_dump_stack_lvl+0x10/0x10 [ 383.952993][T10319] ? __pfx__printk+0x10/0x10 [ 383.964138][T10319] ? ref_tracker_alloc+0x332/0x490 [ 383.970279][T10319] should_fail_ex+0x3b0/0x4e0 [ 383.978340][T10319] ? skb_clone+0x20c/0x390 [ 383.984564][T10319] should_failslab+0xac/0x100 [ 383.989923][T10319] ? skb_clone+0x20c/0x390 [ 383.995444][T10319] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 384.001831][T10319] skb_clone+0x20c/0x390 [ 384.006118][T10319] __netlink_deliver_tap+0x3cc/0x7c0 [ 384.011558][T10319] ? netlink_deliver_tap+0x2e/0x1b0 [ 384.016823][T10319] netlink_deliver_tap+0x19d/0x1b0 [ 384.022089][T10319] netlink_sendskb+0x68/0x140 [ 384.026921][T10319] netlink_unicast+0x39d/0x990 [ 384.031726][T10319] ? __asan_memcpy+0x40/0x70 [ 384.036397][T10319] ? __pfx_netlink_unicast+0x10/0x10 [ 384.041743][T10319] netlink_rcv_skb+0x262/0x430 [ 384.046559][T10319] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 384.054098][T10319] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 384.061611][T10319] ? netlink_deliver_tap+0x2e/0x1b0 [ 384.068531][T10319] netlink_unicast+0x7f0/0x990 [ 384.073349][T10319] ? __pfx_netlink_unicast+0x10/0x10 [ 384.078661][T10319] ? __virt_addr_valid+0x183/0x530 [ 384.083812][T10319] ? __check_object_size+0x49c/0x900 [ 384.089111][T10319] ? bpf_lsm_netlink_send+0x9/0x10 [ 384.094244][T10319] netlink_sendmsg+0x8e4/0xcb0 [ 384.099058][T10319] ? __pfx_netlink_sendmsg+0x10/0x10 [ 384.104477][T10319] ? __import_iovec+0x536/0x820 [ 384.109541][T10319] ? aa_sock_msg_perm+0x91/0x160 [ 384.114502][T10319] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 384.119811][T10319] ? security_socket_sendmsg+0x87/0xb0 [ 384.125398][T10319] ? __pfx_netlink_sendmsg+0x10/0x10 [ 384.130706][T10319] __sock_sendmsg+0x221/0x270 [ 384.135409][T10319] ____sys_sendmsg+0x525/0x7d0 [ 384.140197][T10319] ? __pfx_____sys_sendmsg+0x10/0x10 [ 384.145515][T10319] __sys_sendmsg+0x2b0/0x3a0 [ 384.150138][T10319] ? __pfx___sys_sendmsg+0x10/0x10 [ 384.155261][T10319] ? vfs_write+0x7c4/0xc90 [ 384.159915][T10319] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 384.166279][T10319] ? do_syscall_64+0x100/0x230 [ 384.171077][T10319] ? do_syscall_64+0xb6/0x230 [ 384.175789][T10319] do_syscall_64+0xf3/0x230 [ 384.180316][T10319] ? clear_bhb_loop+0x35/0x90 [ 384.185029][T10319] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.190952][T10319] RIP: 0033:0x7fe236b77299 [ 384.195385][T10319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 384.215208][T10319] RSP: 002b:00007fe237898048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 384.225831][T10319] RAX: ffffffffffffffda RBX: 00007fe236d05f80 RCX: 00007fe236b77299 [ 384.234555][T10319] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004 [ 384.248804][T10319] RBP: 00007fe2378980a0 R08: 0000000000000000 R09: 0000000000000000 [ 384.258596][T10319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 384.266591][T10319] R13: 000000000000000b R14: 00007fe236d05f80 R15: 00007fe236e2fa38 [ 384.274605][T10319] [ 384.347784][ T25] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 384.380338][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 384.413005][ T25] usb 3-1: config 0 descriptor?? [ 384.639012][ T25] usb 3-1: USB disconnect, device number 42 [ 384.724085][T10217] team0: Port device team_slave_0 added [ 384.819126][T10217] team0: Port device team_slave_1 added [ 385.036873][T10217] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 385.045900][T10217] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 385.094476][T10217] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 385.130875][T10217] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 385.168963][T10217] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 385.346252][T10217] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 385.436105][ T3393] bridge_slave_1: left allmulticast mode [ 385.453421][ T3393] bridge_slave_1: left promiscuous mode [ 385.491853][ T3393] bridge0: port 2(bridge_slave_1) entered disabled state [ 385.694975][ T3393] bridge_slave_0: left allmulticast mode [ 385.700673][ T3393] bridge_slave_0: left promiscuous mode [ 385.748849][ T3393] bridge0: port 1(bridge_slave_0) entered disabled state [ 385.947226][ T5231] Bluetooth: hci3: command tx timeout [ 386.233042][ T29] audit: type=1326 audit(1722380796.595:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10350 comm="syz.1.1163" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f940c977299 code=0x0 [ 386.548047][T10364] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1166'. [ 386.956109][ T3393] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 386.970446][ T3393] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 386.990075][ T3393] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface [ 387.018029][ T3393] bond0 (unregistering): Released all slaves [ 387.228058][ T3393] tipc: Disabling bearer [ 387.236127][ T3393] tipc: Left network mode [ 387.299769][T10217] hsr_slave_0: entered promiscuous mode [ 387.310126][T10217] hsr_slave_1: entered promiscuous mode [ 387.340137][T10217] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 387.349820][T10217] Cannot create hsr debugfs directory [ 387.557220][T10376] sctp: [Deprecated]: syz.2.1169 (pid 10376) Use of int in max_burst socket option deprecated. [ 387.557220][T10376] Use struct sctp_assoc_value instead [ 387.964305][T10105] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 388.072410][T10105] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 388.290640][ T3393] hsr_slave_0: left promiscuous mode [ 388.341684][ T3393] hsr_slave_1: left promiscuous mode [ 388.403478][ T3393] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 388.425685][ T3393] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 388.551239][ T3393] veth1_macvtap: left promiscuous mode [ 388.564188][ T3393] veth0_macvtap: left promiscuous mode [ 388.581996][ T3393] veth1_vlan: left promiscuous mode [ 388.587484][ T3393] veth0_vlan: left promiscuous mode [ 388.699190][ T25] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 388.941398][ T25] usb 3-1: Using ep0 maxpacket: 16 [ 388.969762][ T25] usb 3-1: config 0 has an invalid interface number: 4 but max is 0 [ 389.001438][ T25] usb 3-1: config 0 has no interface number 0 [ 389.031311][ T25] usb 3-1: config 0 interface 4 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 389.066931][ T25] usb 3-1: config 0 interface 4 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 389.100444][ T25] usb 3-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 389.127809][ T29] audit: type=1326 audit(1722380799.475:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10410 comm="syz.3.1176" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe236b77299 code=0x0 [ 389.180335][ T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.221598][ T25] usb 3-1: config 0 descriptor?? [ 390.565278][ T3393] team0 (unregistering): Port device team_slave_1 removed [ 390.686488][ T3393] team0 (unregistering): Port device team_slave_0 removed [ 391.331473][ T25] usbhid 3-1:0.4: can't add hid device: -71 [ 391.351868][ T25] usbhid 3-1:0.4: probe with driver usbhid failed with error -71 [ 391.395226][ T25] usb 3-1: USB disconnect, device number 43 [ 391.563720][ T5297] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 391.709221][T10105] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 391.773732][ T5297] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 391.784391][T10105] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 391.801511][ T5297] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 391.811749][ T25] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 391.821896][ T5297] usb 4-1: config 0 descriptor?? [ 391.843169][ T5297] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 391.944737][T10436] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1181'. [ 391.974955][ T25] usb 3-1: device descriptor read/64, error -71 [ 391.988490][T10436] netlink: 172 bytes leftover after parsing attributes in process `syz.1.1181'. [ 392.251604][ T25] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 392.253162][ T5297] cpia1 4-1:0.0: unexpected state after lo power cmd: 00 [ 392.451424][ T25] usb 3-1: device descriptor read/64, error -71 [ 392.491627][ T9] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 392.510114][T10105] 8021q: adding VLAN 0 to HW filter on device bond0 [ 392.557646][T10105] 8021q: adding VLAN 0 to HW filter on device team0 [ 392.571932][ T25] usb usb3-port1: attempt power cycle [ 392.612932][ T5280] bridge0: port 1(bridge_slave_0) entered blocking state [ 392.620169][ T5280] bridge0: port 1(bridge_slave_0) entered forwarding state [ 392.649596][ T5280] bridge0: port 2(bridge_slave_1) entered blocking state [ 392.656872][ T5280] bridge0: port 2(bridge_slave_1) entered forwarding state [ 392.683510][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 392.709707][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 392.732930][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 392.754644][ T9] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 392.815235][ T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 392.836234][ T9] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 392.854942][ T9] usb 2-1: Product: syz [ 392.859360][ T9] usb 2-1: Manufacturer: syz [ 392.879651][ T9] usb 2-1: SerialNumber: syz [ 392.922098][T10217] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 392.935426][T10439] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 392.958718][ T9] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input19 [ 392.975908][T10217] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 393.001729][ T25] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 393.039139][T10217] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 393.053090][ T25] usb 3-1: device descriptor read/8, error -71 [ 393.080893][T10432] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 393.097823][T10432] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 393.113392][T10217] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 393.147557][ T5297] gspca_cpia1: usb_control_msg 03, error -71 [ 393.148617][ T5231] Bluetooth: hci0: unexpected event for opcode 0x1003 [ 393.161127][ T5297] cpia1 4-1:0.0: unexpected systemstate: 00 [ 393.162089][T10439] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 393.181892][T10439] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 393.253310][ T5297] usb 4-1: USB disconnect, device number 42 [ 393.268287][T10105] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 393.279472][T10439] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 393.298397][T10439] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 393.331539][ T25] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 393.351369][ C0] appletouch 2-1:1.0: atp_complete: usb_submit_urb failed with result -1 [ 393.368868][T10439] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 393.390872][ T25] usb 3-1: device descriptor read/8, error -71 [ 393.416442][T10439] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 393.442268][T10439] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 393.451045][T10439] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 393.504377][T10439] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 393.529478][T10105] veth0_vlan: entered promiscuous mode [ 393.539611][T10439] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 393.558438][ T25] usb usb3-port1: unable to enumerate USB device [ 393.580136][T10105] veth1_vlan: entered promiscuous mode [ 393.627292][ T5297] usb 2-1: USB disconnect, device number 34 [ 393.686257][ T5297] appletouch 2-1:1.0: input: appletouch disconnected [ 393.739007][T10105] veth0_macvtap: entered promiscuous mode [ 393.771706][T10217] 8021q: adding VLAN 0 to HW filter on device bond0 [ 393.786175][T10105] veth1_macvtap: entered promiscuous mode [ 393.865515][T10217] 8021q: adding VLAN 0 to HW filter on device team0 [ 393.894843][T10105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 393.912043][T10105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 393.929625][T10105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 393.955475][T10105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 393.974244][T10105] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 393.994938][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 394.002115][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 394.020655][T10105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.039721][T10105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.056219][T10105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.081345][T10105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.111604][T10105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.133539][T10105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.150940][T10105] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 394.177538][ T5279] bridge0: port 2(bridge_slave_1) entered blocking state [ 394.184855][ T5279] bridge0: port 2(bridge_slave_1) entered forwarding state [ 394.193659][T10470] openvswitch: netlink: Unexpected mask (mask=440, allowed=10048) [ 394.235590][T10105] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.260554][T10105] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.284419][T10105] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.301573][T10105] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 394.655741][ T29] audit: type=1326 audit(1722380804.995:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10477 comm="syz.1.1186" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f940c977299 code=0x0 [ 394.727793][ T3393] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 394.746353][ T3393] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 394.927954][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 394.954744][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 395.048615][T10217] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 395.349752][T10217] veth0_vlan: entered promiscuous mode [ 395.417813][T10217] veth1_vlan: entered promiscuous mode [ 395.722573][T10217] veth0_macvtap: entered promiscuous mode [ 395.784423][T10217] veth1_macvtap: entered promiscuous mode [ 395.907466][T10217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 395.971341][T10217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 395.991244][ T25] usb 2-1: new low-speed USB device number 35 using dummy_hcd [ 396.022338][T10217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 396.059353][T10217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 396.100927][T10217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 396.151373][T10217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 396.161988][ T25] usb 2-1: device descriptor read/64, error -71 [ 396.209170][T10217] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 396.295957][T10217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 396.344287][T10217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 396.369361][T10217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 396.439476][T10217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 396.461325][ T25] usb 2-1: new low-speed USB device number 36 using dummy_hcd [ 396.467393][T10217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 396.511521][T10217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 396.531853][T10217] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 396.563661][T10217] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 396.616115][T10217] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 396.645173][T10217] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.645597][ T25] usb 2-1: device descriptor read/64, error -71 [ 396.691629][T10217] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.731894][T10217] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.742450][T10217] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 396.793297][ T25] usb usb2-port1: attempt power cycle [ 396.867754][ T29] audit: type=1326 audit(1722380807.225:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10516 comm="syz.4.1192" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb0c8b77299 code=0x0 [ 397.149329][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 397.185739][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 397.224233][ T25] usb 2-1: new low-speed USB device number 37 using dummy_hcd [ 397.284016][ T25] usb 2-1: device descriptor read/8, error -71 [ 397.297576][ T3393] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 397.341798][ T3393] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 397.572530][ T25] usb 2-1: new low-speed USB device number 38 using dummy_hcd [ 397.613998][ T25] usb 2-1: device descriptor read/8, error -71 [ 397.675252][T10549] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1196'. [ 397.703516][ T29] audit: type=1326 audit(1722380808.055:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10550 comm="syz.4.1197" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb0c8b77299 code=0x0 [ 397.772578][ T25] usb usb2-port1: unable to enumerate USB device [ 398.576341][ T5231] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 398.615943][T10569] netlink: 'syz.0.1199': attribute type 5 has an invalid length. [ 398.785464][T10572] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 398.792289][T10572] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 398.808877][T10572] vhci_hcd vhci_hcd.0: Device attached [ 398.869925][T10572] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1199'. [ 398.967917][T10572] netlink: 'syz.0.1199': attribute type 1 has an invalid length. [ 398.996637][T10572] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1199'. [ 399.104849][T10572] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 399.121639][T10572] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 399.133167][T10572] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 399.146557][T10572] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 399.402283][T10574] vhci_hcd: connection closed [ 399.404472][ T12] vhci_hcd: stop threads [ 399.431675][ T12] vhci_hcd: release socket [ 399.464963][ T12] vhci_hcd: disconnect device [ 399.517347][T10598] FAULT_INJECTION: forcing a failure. [ 399.517347][T10598] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 399.601009][T10598] CPU: 1 UID: 0 PID: 10598 Comm: syz.3.1206 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0 [ 399.611851][T10598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 399.621942][T10598] Call Trace: [ 399.625264][T10598] [ 399.628255][T10598] dump_stack_lvl+0x241/0x360 [ 399.632980][T10598] ? __pfx_dump_stack_lvl+0x10/0x10 [ 399.638309][T10598] ? __pfx__printk+0x10/0x10 [ 399.642941][T10598] ? __pfx_lock_release+0x10/0x10 [ 399.648015][T10598] should_fail_ex+0x3b0/0x4e0 [ 399.652728][T10598] _copy_from_user+0x2f/0xe0 [ 399.657325][T10598] smc_setsockopt+0x452/0xe50 [ 399.662040][T10598] ? __pfx_smc_setsockopt+0x10/0x10 [ 399.667268][T10598] ? aa_sock_opt_perm+0x79/0x120 [ 399.672223][T10598] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 399.677798][T10598] ? security_socket_setsockopt+0x87/0xb0 [ 399.683531][T10598] ? __pfx_smc_setsockopt+0x10/0x10 [ 399.688749][T10598] do_sock_setsockopt+0x3af/0x720 [ 399.694078][T10598] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 399.699680][T10598] ? __fget_files+0x29/0x470 [ 399.704478][T10598] ? __fget_files+0x3f6/0x470 [ 399.709379][T10598] __sys_setsockopt+0x1ae/0x250 [ 399.714257][T10598] __x64_sys_setsockopt+0xb5/0xd0 [ 399.719312][T10598] do_syscall_64+0xf3/0x230 [ 399.723948][T10598] ? clear_bhb_loop+0x35/0x90 [ 399.728753][T10598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 399.734672][T10598] RIP: 0033:0x7fe236b77299 [ 399.739131][T10598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 399.758793][T10598] RSP: 002b:00007fe237898048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 399.767449][T10598] RAX: ffffffffffffffda RBX: 00007fe236d05f80 RCX: 00007fe236b77299 [ 399.775475][T10598] RDX: 0000000000000005 RSI: 0000000000000006 RDI: 0000000000000003 [ 399.783488][T10598] RBP: 00007fe2378980a0 R08: 0000000000000004 R09: 0000000000000000 [ 399.791508][T10598] R10: 00000000200005c0 R11: 0000000000000246 R12: 0000000000000001 [ 399.799875][T10598] R13: 000000000000000b R14: 00007fe236d05f80 R15: 00007fe236e2fa38 [ 399.807910][T10598] [ 400.346244][T10609] xt_HMARK: spi-set and port-set can't be combined [ 400.422507][ T29] audit: type=1326 audit(1722380810.775:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10601 comm="syz.3.1208" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe236b77299 code=0x0 [ 400.504662][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 400.566380][ T29] audit: type=1326 audit(1722380810.855:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10611 comm="syz.0.1211" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f504f777299 code=0x0 [ 400.832308][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.031729][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.173230][T10625] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 401.201826][T10625] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 401.224681][T10625] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 401.249082][T10625] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 401.271378][T10625] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 401.279233][T10625] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 401.584162][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 401.872159][T10641] netlink: 'syz.0.1217': attribute type 29 has an invalid length. [ 401.966746][T10645] netlink: 'syz.0.1217': attribute type 29 has an invalid length. [ 401.982401][T10645] netlink: 'syz.0.1217': attribute type 29 has an invalid length. [ 401.983101][T10625] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 402.001376][T10625] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 402.015037][T10641] netlink: 'syz.0.1217': attribute type 29 has an invalid length. [ 402.031395][T10625] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 402.054455][T10625] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 402.063942][T10625] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 402.074042][T10625] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 402.084053][T10645] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 402.505712][ T12] bridge_slave_1: left allmulticast mode [ 402.513296][ T12] bridge_slave_1: left promiscuous mode [ 402.519015][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 402.554315][ T12] bridge_slave_0: left allmulticast mode [ 402.569117][ T12] bridge_slave_0: left promiscuous mode [ 402.599863][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 403.281155][ T5295] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 403.308851][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 403.340459][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 403.377120][ T12] bond0 (unregistering): Released all slaves [ 403.383777][ T5231] Bluetooth: hci2: command tx timeout [ 403.428333][ T29] audit: type=1326 audit(1722380813.785:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10680 comm="syz.0.1224" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f504f777299 code=0x0 [ 403.491912][ T5295] usb 4-1: Using ep0 maxpacket: 16 [ 403.512574][ T5295] usb 4-1: config 0 has an invalid interface number: 4 but max is 0 [ 403.551711][ T5295] usb 4-1: config 0 has no interface number 0 [ 403.568035][ T5295] usb 4-1: config 0 interface 4 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 403.588585][ T5295] usb 4-1: config 0 interface 4 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 403.612439][ T5295] usb 4-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 403.680972][ T5295] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 403.725092][ T5295] usb 4-1: config 0 descriptor?? [ 403.769718][T10633] chnl_net:caif_netlink_parms(): no params data found [ 404.181952][ T5231] Bluetooth: hci4: command tx timeout [ 404.454408][ T12] hsr_slave_0: left promiscuous mode [ 404.501471][ T12] hsr_slave_1: left promiscuous mode [ 404.556282][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 404.575386][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 404.622889][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 404.680949][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 404.770900][ T12] veth1_macvtap: left promiscuous mode [ 404.801299][ T12] veth0_macvtap: left promiscuous mode [ 404.820628][ T12] veth1_vlan: left promiscuous mode [ 404.852756][ T12] veth0_vlan: left promiscuous mode [ 405.461783][ T5231] Bluetooth: hci2: command tx timeout [ 406.072834][ T5295] usbhid 4-1:0.4: can't add hid device: -71 [ 406.088300][ T5295] usbhid 4-1:0.4: probe with driver usbhid failed with error -71 [ 406.114230][ T5295] usb 4-1: USB disconnect, device number 43 [ 406.261222][ T5231] Bluetooth: hci4: command tx timeout [ 406.512578][ T12] team0 (unregistering): Port device team_slave_1 removed [ 406.611248][ T25] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 406.667550][ T12] team0 (unregistering): Port device team_slave_0 removed [ 406.884142][ T25] usb 5-1: config 0 has an invalid descriptor of length 27, skipping remainder of the config [ 406.905389][ T25] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 406.948720][ T25] usb 5-1: config 0 interface 0 has no altsetting 0 [ 406.968217][ T25] usb 5-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice=56.d6 [ 406.992940][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 407.020000][ T25] usb 5-1: config 0 descriptor?? [ 407.376815][T10729] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 407.401760][T10729] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 407.438420][T10729] netlink: 1724 bytes leftover after parsing attributes in process `syz.4.1232'. [ 407.517202][T10738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 407.538739][ T29] audit: type=1326 audit(1722380817.895:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10739 comm="syz.0.1234" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f504f777299 code=0x0 [ 407.550568][T10738] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 407.569154][ T5231] Bluetooth: hci2: command tx timeout [ 408.030582][T10633] bridge0: port 1(bridge_slave_0) entered blocking state [ 408.039463][T10633] bridge0: port 1(bridge_slave_0) entered disabled state [ 408.047517][T10633] bridge_slave_0: entered allmulticast mode [ 408.056255][T10633] bridge_slave_0: entered promiscuous mode [ 408.104933][ T25] usb 5-1: string descriptor 0 read error: -71 [ 408.129871][T10633] bridge0: port 2(bridge_slave_1) entered blocking state [ 408.133579][ T25] usb 5-1: USB disconnect, device number 28 [ 408.167858][T10633] bridge0: port 2(bridge_slave_1) entered disabled state [ 408.177814][T10633] bridge_slave_1: entered allmulticast mode [ 408.186434][T10633] bridge_slave_1: entered promiscuous mode [ 408.278705][T10652] chnl_net:caif_netlink_parms(): no params data found [ 408.333142][T10633] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 408.342989][ T5231] Bluetooth: hci4: command tx timeout [ 408.395296][T10633] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 408.529029][T10633] team0: Port device team_slave_0 added [ 408.584877][T10633] team0: Port device team_slave_1 added [ 408.722792][T10633] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 408.739358][T10633] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 408.785822][T10633] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 408.804312][T10633] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 408.811520][T10633] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 408.839623][T10633] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 408.950850][T10652] bridge0: port 1(bridge_slave_0) entered blocking state [ 408.966847][T10652] bridge0: port 1(bridge_slave_0) entered disabled state [ 408.974934][T10652] bridge_slave_0: entered allmulticast mode [ 408.984393][T10652] bridge_slave_0: entered promiscuous mode [ 409.006635][T10652] bridge0: port 2(bridge_slave_1) entered blocking state [ 409.014272][T10652] bridge0: port 2(bridge_slave_1) entered disabled state [ 409.021670][T10652] bridge_slave_1: entered allmulticast mode [ 409.029698][T10652] bridge_slave_1: entered promiscuous mode [ 409.040604][T10633] hsr_slave_0: entered promiscuous mode [ 409.047734][T10633] hsr_slave_1: entered promiscuous mode [ 409.062342][ T25] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 409.221513][ T25] usb 4-1: device descriptor read/64, error -71 [ 409.300611][T10652] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 409.352758][T10652] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 409.486422][ T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 409.511245][ T25] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 409.631559][ T5231] Bluetooth: hci2: command tx timeout [ 409.682199][ T25] usb 4-1: device descriptor read/64, error -71 [ 409.716197][ T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 409.804543][T10652] team0: Port device team_slave_0 added [ 409.814106][ T25] usb usb4-port1: attempt power cycle [ 409.836157][T10652] team0: Port device team_slave_1 added [ 409.974845][ T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.076381][T10652] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 410.094610][T10652] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 410.151510][ T47] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 410.171819][T10652] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 410.247227][ T25] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 410.259037][ T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.289054][T10625] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 410.293236][ T25] usb 4-1: device descriptor read/8, error -71 [ 410.306357][T10625] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 410.317823][T10625] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 410.332492][ T47] usb 1-1: Using ep0 maxpacket: 16 [ 410.344129][ T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 131, changing to 11 [ 410.344682][T10625] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 410.366690][ T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 58686, setting to 1024 [ 410.374174][T10625] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 410.387966][T10652] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 410.392156][ T47] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 410.398524][T10625] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 410.423100][ T5231] Bluetooth: hci4: command tx timeout [ 410.429940][T10652] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 410.469082][ T47] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 410.485118][T10652] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 410.503527][ T47] usb 1-1: config 0 descriptor?? [ 410.520265][T10777] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 410.571315][ T25] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 410.614574][ T25] usb 4-1: device descriptor read/8, error -71 [ 410.674909][T10633] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.761700][ T25] usb usb4-port1: unable to enumerate USB device [ 410.770070][T10652] hsr_slave_0: entered promiscuous mode [ 410.792383][T10652] hsr_slave_1: entered promiscuous mode [ 410.799327][T10652] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 410.807286][T10652] Cannot create hsr debugfs directory [ 410.887721][T10633] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 410.992838][T10633] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.095835][ T47] usbhid 1-1:0.0: can't add hid device: -71 [ 411.108185][ T47] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 411.124149][ T47] usb 1-1: USB disconnect, device number 53 [ 411.142644][T10633] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 411.294367][ T12] bridge_slave_1: left allmulticast mode [ 411.300364][ T12] bridge_slave_1: left promiscuous mode [ 411.306803][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 411.318466][ T12] bridge_slave_0: left allmulticast mode [ 411.324937][ T12] bridge_slave_0: left promiscuous mode [ 411.330868][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 411.353183][ T12] bridge_slave_1: left allmulticast mode [ 411.358974][ T12] bridge_slave_1: left promiscuous mode [ 411.366200][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 411.379084][ T12] bridge_slave_0: left allmulticast mode [ 411.389217][ T12] bridge_slave_0: left promiscuous mode [ 411.395250][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 411.898857][T10803] FAULT_INJECTION: forcing a failure. [ 411.898857][T10803] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 411.912859][T10803] CPU: 1 UID: 0 PID: 10803 Comm: syz.3.1246 Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0 [ 411.924495][T10803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 411.934860][T10803] Call Trace: [ 411.938465][T10803] [ 411.942664][T10803] dump_stack_lvl+0x241/0x360 [ 411.947488][T10803] ? __pfx_dump_stack_lvl+0x10/0x10 [ 411.952730][T10803] ? __pfx__printk+0x10/0x10 [ 411.957620][T10803] ? __pfx_lock_release+0x10/0x10 [ 411.962764][T10803] should_fail_ex+0x3b0/0x4e0 [ 411.967573][T10803] _copy_from_iter+0x1f6/0x1960 [ 411.972467][T10803] ? __virt_addr_valid+0x183/0x530 [ 411.977632][T10803] ? __pfx_lock_release+0x10/0x10 [ 411.982722][T10803] ? __alloc_skb+0x28f/0x440 [ 411.987402][T10803] ? __pfx__copy_from_iter+0x10/0x10 [ 411.992708][T10803] ? __virt_addr_valid+0x183/0x530 [ 411.997828][T10803] ? __virt_addr_valid+0x183/0x530 [ 412.002943][T10803] ? __virt_addr_valid+0x45f/0x530 [ 412.008066][T10803] ? __check_object_size+0x49c/0x900 [ 412.013363][T10803] netlink_sendmsg+0x73d/0xcb0 [ 412.018153][T10803] ? __pfx_netlink_sendmsg+0x10/0x10 [ 412.023475][T10803] ? __import_iovec+0x536/0x820 [ 412.028368][T10803] ? aa_sock_msg_perm+0x91/0x160 [ 412.033348][T10803] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 412.038677][T10803] ? security_socket_sendmsg+0x87/0xb0 [ 412.044157][T10803] ? __pfx_netlink_sendmsg+0x10/0x10 [ 412.049557][T10803] __sock_sendmsg+0x221/0x270 [ 412.054275][T10803] ____sys_sendmsg+0x525/0x7d0 [ 412.059088][T10803] ? __pfx_____sys_sendmsg+0x10/0x10 [ 412.064404][T10803] __sys_sendmmsg+0x3b2/0x740 [ 412.069121][T10803] ? __pfx___sys_sendmmsg+0x10/0x10 [ 412.074389][T10803] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 412.080337][T10803] ? ksys_write+0x23e/0x2c0 [ 412.084876][T10803] ? __pfx_lock_release+0x10/0x10 [ 412.089923][T10803] ? vfs_write+0x7c4/0xc90 [ 412.094464][T10803] ? __mutex_unlock_slowpath+0x21d/0x750 [ 412.100228][T10803] ? __pfx_vfs_write+0x10/0x10 [ 412.105030][T10803] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 412.111053][T10803] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 412.117415][T10803] ? do_syscall_64+0x100/0x230 [ 412.122226][T10803] __x64_sys_sendmmsg+0xa0/0xb0 [ 412.127121][T10803] do_syscall_64+0xf3/0x230 [ 412.131662][T10803] ? clear_bhb_loop+0x35/0x90 [ 412.136352][T10803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.142345][T10803] RIP: 0033:0x7fe236b77299 [ 412.146769][T10803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 412.166385][T10803] RSP: 002b:00007fe237898048 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 412.174819][T10803] RAX: ffffffffffffffda RBX: 00007fe236d05f80 RCX: 00007fe236b77299 [ 412.182812][T10803] RDX: 040000000000009f RSI: 00000000200002c0 RDI: 0000000000000004 [ 412.190789][T10803] RBP: 00007fe2378980a0 R08: 0000000000000000 R09: 0000000000000000 [ 412.198936][T10803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 412.206928][T10803] R13: 000000000000000b R14: 00007fe236d05f80 R15: 00007fe236e2fa38 [ 412.214912][T10803] [ 412.433857][T10625] Bluetooth: hci1: command tx timeout [ 413.172903][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 413.200961][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 413.212405][ T12] bond0 (unregistering): Released all slaves [ 413.420391][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 413.433790][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 413.448843][ T12] bond0 (unregistering): (slave batadv_slave_0): Releasing backup interface [ 413.468638][ T12] bond0 (unregistering): Released all slaves [ 413.685733][ T12] IPVS: stopping backup sync thread 7161 ... [ 413.729863][T10781] chnl_net:caif_netlink_parms(): no params data found [ 413.814616][T10633] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 413.943873][T10633] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 413.973136][ T47] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 414.078060][T10633] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 414.127763][T10633] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 414.180763][ T47] usb 4-1: config 0 has an invalid interface number: 125 but max is 0 [ 414.192991][ T47] usb 4-1: config 0 has no interface number 0 [ 414.199141][ T47] usb 4-1: New USB device found, idVendor=0403, idProduct=bcd9, bcdDevice=94.33 [ 414.218501][ T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 414.239696][ T47] usb 4-1: config 0 descriptor?? [ 414.266064][ T47] ftdi_sio 4-1:0.125: FTDI USB Serial Device converter detected [ 414.300772][ T47] ftdi_sio ttyUSB0: unknown device type: 0x9433 [ 414.313420][T10781] bridge0: port 1(bridge_slave_0) entered blocking state [ 414.320750][T10781] bridge0: port 1(bridge_slave_0) entered disabled state [ 414.328849][T10781] bridge_slave_0: entered allmulticast mode [ 414.339817][T10781] bridge_slave_0: entered promiscuous mode [ 414.363060][T10781] bridge0: port 2(bridge_slave_1) entered blocking state [ 414.378843][T10781] bridge0: port 2(bridge_slave_1) entered disabled state [ 414.400400][T10781] bridge_slave_1: entered allmulticast mode [ 414.408432][T10781] bridge_slave_1: entered promiscuous mode [ 414.491281][ T8] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 414.501400][T10625] Bluetooth: hci1: command tx timeout [ 414.691261][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 414.703554][ T8] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 414.742557][ T8] usb 1-1: config 179 has no interface number 0 [ 414.761705][ T8] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 414.788792][T10781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 414.801421][ T8] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 414.846695][ T8] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 414.861016][T10781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 414.884421][ T8] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 414.922137][ T8] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 414.961848][ T8] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 414.989055][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.024185][T10832] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 415.189209][T10781] team0: Port device team_slave_0 added [ 415.298146][T10781] team0: Port device team_slave_1 added [ 415.458124][ T47] usb 1-1: USB disconnect, device number 54 [ 415.458299][ C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 415.472826][ C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 415.482871][ C0] ================================================================== [ 415.491177][ C0] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x299/0x370 [ 415.499550][ C0] Read of size 4 at addr ffff88806277c85c by task sed/10856 [ 415.507316][ C0] [ 415.509764][ C0] CPU: 0 UID: 0 PID: 10856 Comm: sed Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0 [ 415.520049][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 415.530130][ C0] Call Trace: [ 415.533454][ C0] [ 415.536330][ C0] dump_stack_lvl+0x241/0x360 [ 415.541080][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 415.546317][ C0] ? __pfx__printk+0x10/0x10 [ 415.550948][ C0] ? _printk+0xd5/0x120 [ 415.555160][ C0] ? __virt_addr_valid+0x183/0x530 [ 415.560325][ C0] ? __virt_addr_valid+0x183/0x530 [ 415.565478][ C0] print_report+0x169/0x550 [ 415.570025][ C0] ? __virt_addr_valid+0x183/0x530 [ 415.575186][ C0] ? __virt_addr_valid+0x183/0x530 [ 415.580669][ C0] ? __virt_addr_valid+0x45f/0x530 [ 415.585807][ C0] ? __phys_addr+0xba/0x170 [ 415.590346][ C0] ? do_raw_spin_lock+0x299/0x370 [ 415.595412][ C0] kasan_report+0x143/0x180 [ 415.599986][ C0] ? do_raw_spin_lock+0x299/0x370 [ 415.605056][ C0] do_raw_spin_lock+0x299/0x370 [ 415.609944][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 415.615346][ C0] ? __pfx_lock_release+0x10/0x10 [ 415.620790][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 415.626029][ C0] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 415.631705][ C0] _raw_spin_lock_irqsave+0xe1/0x120 [ 415.637114][ C0] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 415.643334][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 415.649447][ C0] __wake_up_common_lock+0x25/0x1e0 [ 415.654702][ C0] __usb_hcd_giveback_urb+0x4ff/0x6e0 [ 415.660214][ C0] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 415.666145][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 415.671385][ C0] dummy_timer+0x830/0x45a0 [ 415.675929][ C0] ? __pfx_lock_release+0x10/0x10 [ 415.681021][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 415.687391][ C0] ? __hrtimer_run_queues+0x477/0xd50 [ 415.692799][ C0] ? __pfx_lock_release+0x10/0x10 [ 415.697859][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 415.703099][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 415.708070][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 415.713038][ C0] __hrtimer_run_queues+0x59b/0xd50 [ 415.718270][ C0] ? ktime_get_update_offsets_now+0x3c/0x250 [ 415.724306][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 415.730069][ C0] ? ktime_get_update_offsets_now+0x22d/0x250 [ 415.736222][ C0] hrtimer_interrupt+0x396/0x990 [ 415.741207][ C0] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 415.747239][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 415.752911][ C0] [ 415.755862][ C0] [ 415.758811][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 415.764832][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x37/0x70 [ 415.771210][ C0] Code: 40 d7 03 00 65 8b 15 c0 70 70 7e f7 c2 00 01 ff 00 74 11 f7 c2 00 01 00 00 74 35 83 b9 1c 16 00 00 00 74 2c 8b 91 f8 15 00 00 <83> fa 02 75 21 48 8b 91 00 16 00 00 48 8b 32 48 8d 7e 01 8b 89 fc [ 415.791487][ C0] RSP: 0018:ffffc9000489f818 EFLAGS: 00000246 [ 415.797687][ C0] RAX: ffffffff8bae9033 RBX: 0000000000000073 RCX: ffff88801afb1e00 [ 415.805708][ C0] RDX: 0000000000000000 RSI: ffffffff8ffeb3e0 RDI: 0000000000000073 [ 415.813748][ C0] RBP: ffffc9000489f910 R08: 0000000000000001 R09: ffffffff8bae8dfd [ 415.821771][ C0] R10: 0000000000000005 R11: ffff88801afb1e00 R12: ffffffff8c18d901 [ 415.829807][ C0] R13: ffffc9000489f8a0 R14: dffffc0000000000 R15: 0000000000000073 [ 415.838814][ C0] ? format_decode+0x8bd/0x1bb0 [ 415.843909][ C0] ? format_decode+0xaf3/0x1bb0 [ 415.848925][ C0] format_decode+0xaf3/0x1bb0 [ 415.853666][ C0] ? stack_depot_save_flags+0x29/0x830 [ 415.859188][ C0] ? __pfx_format_decode+0x10/0x10 [ 415.864370][ C0] ? vsnprintf+0x948/0x1da0 [ 415.868941][ C0] vsnprintf+0x14f/0x1da0 [ 415.873350][ C0] ? __pfx_vsnprintf+0x10/0x10 [ 415.878185][ C0] seq_printf+0x172/0x270 [ 415.882654][ C0] ? filesystems_proc_show+0x6e/0x100 [ 415.888094][ C0] ? __pfx_seq_printf+0x10/0x10 [ 415.893167][ C0] ? rcu_is_watching+0x15/0xb0 [ 415.897964][ C0] ? trace_kmalloc+0x1f/0xd0 [ 415.902578][ C0] ? __kmalloc_node_noprof+0x247/0x440 [ 415.908091][ C0] filesystems_proc_show+0x99/0x100 [ 415.913310][ C0] seq_read_iter+0x445/0xd60 [ 415.917943][ C0] proc_reg_read_iter+0x1c3/0x290 [ 415.922996][ C0] vfs_read+0x9bd/0xbc0 [ 415.927173][ C0] ? __might_fault+0xaa/0x120 [ 415.931876][ C0] ? __pfx_vfs_read+0x10/0x10 [ 415.936750][ C0] ? vfs_fstatat+0xfd/0x190 [ 415.941460][ C0] ? __rseq_handle_notify_resume+0x353/0x14e0 [ 415.947560][ C0] ksys_read+0x1a0/0x2c0 [ 415.951836][ C0] ? __pfx_ksys_read+0x10/0x10 [ 415.956716][ C0] ? do_syscall_64+0x100/0x230 [ 415.961509][ C0] ? do_syscall_64+0xb6/0x230 [ 415.966207][ C0] do_syscall_64+0xf3/0x230 [ 415.970734][ C0] ? clear_bhb_loop+0x35/0x90 [ 415.975482][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.981400][ C0] RIP: 0033:0x7f777b796b6a [ 415.985832][ C0] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [ 416.005470][ C0] RSP: 002b:00007ffcd54b6128 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 416.013896][ C0] RAX: ffffffffffffffda RBX: 0000558dd3abb2a0 RCX: 00007f777b796b6a [ 416.021879][ C0] RDX: 0000000000000400 RSI: 0000558dd3abb500 RDI: 0000000000000003 [ 416.029867][ C0] RBP: 00007ffcd54b61c8 R08: 0000000000000003 R09: 00007f777b871b70 [ 416.037854][ C0] R10: 000000000000004f R11: 0000000000000246 R12: 00007ffcd54b61d0 [ 416.045856][ C0] R13: 00007ffcd54b61d0 R14: 000000000000000a R15: 0000000000000000 [ 416.053852][ C0] [ 416.056879][ C0] [ 416.059280][ C0] Allocated by task 8: [ 416.063374][ C0] kasan_save_track+0x3f/0x80 [ 416.068250][ C0] __kasan_kmalloc+0x98/0xb0 [ 416.072956][ C0] __kmalloc_cache_noprof+0x19c/0x2c0 [ 416.078352][ C0] xpad_probe+0x3c8/0x1b90 [ 416.082883][ C0] usb_probe_interface+0x645/0xbb0 [ 416.088032][ C0] really_probe+0x2b8/0xad0 [ 416.092565][ C0] __driver_probe_device+0x1a2/0x390 [ 416.098196][ C0] driver_probe_device+0x50/0x430 [ 416.103344][ C0] __device_attach_driver+0x2d6/0x530 [ 416.108736][ C0] bus_for_each_drv+0x24e/0x2e0 [ 416.113626][ C0] __device_attach+0x333/0x520 [ 416.118417][ C0] bus_probe_device+0x189/0x260 [ 416.123291][ C0] device_add+0x856/0xbf0 [ 416.127644][ C0] usb_set_configuration+0x1976/0x1fb0 [ 416.133143][ C0] usb_generic_driver_probe+0x88/0x140 [ 416.138879][ C0] usb_probe_device+0x1b8/0x380 [ 416.144020][ C0] really_probe+0x2b8/0xad0 [ 416.148537][ C0] __driver_probe_device+0x1a2/0x390 [ 416.153863][ C0] driver_probe_device+0x50/0x430 [ 416.158908][ C0] __device_attach_driver+0x2d6/0x530 [ 416.164298][ C0] bus_for_each_drv+0x24e/0x2e0 [ 416.169166][ C0] __device_attach+0x333/0x520 [ 416.173959][ C0] bus_probe_device+0x189/0x260 [ 416.178825][ C0] device_add+0x856/0xbf0 [ 416.183178][ C0] usb_new_device+0x104a/0x19a0 [ 416.188045][ C0] hub_event+0x2d6a/0x5150 [ 416.192483][ C0] process_scheduled_works+0xa2c/0x1830 [ 416.198051][ C0] worker_thread+0x86d/0xd40 [ 416.202923][ C0] kthread+0x2f0/0x390 [ 416.207005][ C0] ret_from_fork+0x4b/0x80 [ 416.211447][ C0] ret_from_fork_asm+0x1a/0x30 [ 416.216248][ C0] [ 416.218581][ C0] Freed by task 47: [ 416.222395][ C0] kasan_save_track+0x3f/0x80 [ 416.227092][ C0] kasan_save_free_info+0x40/0x50 [ 416.232127][ C0] poison_slab_object+0xe0/0x150 [ 416.237105][ C0] __kasan_slab_free+0x37/0x60 [ 416.241891][ C0] kfree+0x149/0x360 [ 416.245797][ C0] xpad_disconnect+0x359/0x490 [ 416.250576][ C0] usb_unbind_interface+0x25e/0x940 [ 416.255809][ C0] device_release_driver_internal+0x503/0x7c0 [ 416.261911][ C0] bus_remove_device+0x34f/0x420 [ 416.266868][ C0] device_del+0x57a/0x9b0 [ 416.271236][ C0] usb_disable_device+0x3bf/0x850 [ 416.276277][ C0] usb_disconnect+0x340/0x950 [ 416.280979][ C0] hub_event+0x1eb9/0x5150 [ 416.285422][ C0] process_scheduled_works+0xa2c/0x1830 [ 416.290986][ C0] worker_thread+0x86d/0xd40 [ 416.295939][ C0] kthread+0x2f0/0x390 [ 416.300020][ C0] ret_from_fork+0x4b/0x80 [ 416.304457][ C0] ret_from_fork_asm+0x1a/0x30 [ 416.309247][ C0] [ 416.311582][ C0] The buggy address belongs to the object at ffff88806277c800 [ 416.311582][ C0] which belongs to the cache kmalloc-1k of size 1024 [ 416.325640][ C0] The buggy address is located 92 bytes inside of [ 416.325640][ C0] freed 1024-byte region [ffff88806277c800, ffff88806277cc00) [ 416.339436][ C0] [ 416.341768][ C0] The buggy address belongs to the physical page: [ 416.348203][ C0] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x62778 [ 416.357002][ C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 416.365623][ C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 416.373199][ C0] page_type: 0xfdffffff(slab) [ 416.377892][ C0] raw: 00fff00000000040 ffff888015841dc0 dead000000000100 dead000000000122 [ 416.386490][ C0] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 416.395090][ C0] head: 00fff00000000040 ffff888015841dc0 dead000000000100 dead000000000122 [ 416.403768][ C0] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000 [ 416.412448][ C0] head: 00fff00000000003 ffffea000189de01 ffffffffffffffff 0000000000000000 [ 416.421135][ C0] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 416.429824][ C0] page dumped because: kasan: bad access detected [ 416.436255][ C0] page_owner tracks the page as allocated [ 416.441978][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5246, tgid 5246 (syz-executor), ts 86949552379, free_ts 27213619290 [ 416.463933][ C0] post_alloc_hook+0x1f3/0x230 [ 416.468730][ C0] get_page_from_freelist+0x2e4c/0x2f10 [ 416.474397][ C0] __alloc_pages_noprof+0x256/0x6c0 [ 416.479631][ C0] alloc_slab_page+0x5f/0x120 [ 416.484419][ C0] allocate_slab+0x5a/0x2f0 [ 416.489032][ C0] ___slab_alloc+0xcd1/0x14b0 [ 416.493726][ C0] __slab_alloc+0x58/0xa0 [ 416.498073][ C0] __kmalloc_node_noprof+0x286/0x440 [ 416.503370][ C0] qdisc_alloc+0x97/0xa80 [ 416.507803][ C0] qdisc_create_dflt+0x62/0x4b0 [ 416.512673][ C0] dev_activate+0x3c0/0x1240 [ 416.517361][ C0] __dev_open+0x352/0x450 [ 416.521792][ C0] __dev_change_flags+0x1e2/0x6f0 [ 416.526834][ C0] dev_change_flags+0x8b/0x1a0 [ 416.531614][ C0] do_setlink+0xccd/0x41f0 [ 416.536044][ C0] rtnl_newlink+0x180d/0x20a0 [ 416.540725][ C0] page last free pid 1 tgid 1 stack trace: [ 416.546536][ C0] free_unref_page+0xd22/0xea0 [ 416.551321][ C0] free_contig_range+0x9e/0x160 [ 416.556285][ C0] destroy_args+0x8a/0x890 [ 416.560726][ C0] debug_vm_pgtable+0x4be/0x550 [ 416.565695][ C0] do_one_initcall+0x248/0x880 [ 416.570480][ C0] do_initcall_level+0x157/0x210 [ 416.575436][ C0] do_initcalls+0x3f/0x80 [ 416.579946][ C0] kernel_init_freeable+0x435/0x5d0 [ 416.585161][ C0] kernel_init+0x1d/0x2b0 [ 416.589553][ C0] ret_from_fork+0x4b/0x80 [ 416.593987][ C0] ret_from_fork_asm+0x1a/0x30 [ 416.598769][ C0] [ 416.601105][ C0] Memory state around the buggy address: [ 416.606749][ C0] ffff88806277c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 416.614820][ C0] ffff88806277c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 416.623151][ C0] >ffff88806277c800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 416.631331][ C0] ^ [ 416.638275][ C0] ffff88806277c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 416.646600][ C0] ffff88806277c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 416.654845][ C0] ================================================================== [ 416.663107][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 416.670314][ C0] CPU: 0 UID: 0 PID: 10856 Comm: sed Not tainted 6.11.0-rc1-syzkaller-00044-g22f546873149 #0 [ 416.680483][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 416.690902][ C0] Call Trace: [ 416.694197][ C0] [ 416.697048][ C0] dump_stack_lvl+0x241/0x360 [ 416.701745][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 416.706958][ C0] ? __pfx__printk+0x10/0x10 [ 416.711736][ C0] ? rcu_is_watching+0x15/0xb0 [ 416.716528][ C0] ? lock_release+0xbf/0xa30 [ 416.721751][ C0] ? vscnprintf+0x5d/0x90 [ 416.726108][ C0] panic+0x349/0x860 [ 416.730026][ C0] ? check_panic_on_warn+0x21/0xb0 [ 416.735243][ C0] ? __pfx_panic+0x10/0x10 [ 416.739762][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 416.744991][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 416.751866][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 416.758229][ C0] ? print_report+0x502/0x550 [ 416.763418][ C0] check_panic_on_warn+0x86/0xb0 [ 416.768387][ C0] ? do_raw_spin_lock+0x299/0x370 [ 416.773537][ C0] end_report+0x77/0x160 [ 416.777811][ C0] kasan_report+0x154/0x180 [ 416.782343][ C0] ? do_raw_spin_lock+0x299/0x370 [ 416.787394][ C0] do_raw_spin_lock+0x299/0x370 [ 416.792324][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 416.797887][ C0] ? __pfx_lock_release+0x10/0x10 [ 416.803070][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 416.809402][ C0] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 416.815011][ C0] _raw_spin_lock_irqsave+0xe1/0x120 [ 416.820611][ C0] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 416.826940][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 416.833414][ C0] __wake_up_common_lock+0x25/0x1e0 [ 416.838654][ C0] __usb_hcd_giveback_urb+0x4ff/0x6e0 [ 416.844053][ C0] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 416.849990][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 416.855226][ C0] dummy_timer+0x830/0x45a0 [ 416.859747][ C0] ? __pfx_lock_release+0x10/0x10 [ 416.864805][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 416.871164][ C0] ? __hrtimer_run_queues+0x477/0xd50 [ 416.876570][ C0] ? __pfx_lock_release+0x10/0x10 [ 416.881623][ C0] ? do_raw_spin_unlock+0x13c/0x8b0 [ 416.886848][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 416.891806][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 416.896756][ C0] __hrtimer_run_queues+0x59b/0xd50 [ 416.901968][ C0] ? ktime_get_update_offsets_now+0x3c/0x250 [ 416.907981][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 416.913717][ C0] ? ktime_get_update_offsets_now+0x22d/0x250 [ 416.919809][ C0] hrtimer_interrupt+0x396/0x990 [ 416.924778][ C0] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 416.930783][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 416.936440][ C0] [ 416.939467][ C0] [ 416.942409][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 416.948410][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x37/0x70 [ 416.954758][ C0] Code: 40 d7 03 00 65 8b 15 c0 70 70 7e f7 c2 00 01 ff 00 74 11 f7 c2 00 01 00 00 74 35 83 b9 1c 16 00 00 00 74 2c 8b 91 f8 15 00 00 <83> fa 02 75 21 48 8b 91 00 16 00 00 48 8b 32 48 8d 7e 01 8b 89 fc [ 416.974637][ C0] RSP: 0018:ffffc9000489f818 EFLAGS: 00000246 [ 416.980716][ C0] RAX: ffffffff8bae9033 RBX: 0000000000000073 RCX: ffff88801afb1e00 [ 416.988695][ C0] RDX: 0000000000000000 RSI: ffffffff8ffeb3e0 RDI: 0000000000000073 [ 416.996677][ C0] RBP: ffffc9000489f910 R08: 0000000000000001 R09: ffffffff8bae8dfd [ 417.004663][ C0] R10: 0000000000000005 R11: ffff88801afb1e00 R12: ffffffff8c18d901 [ 417.012645][ C0] R13: ffffc9000489f8a0 R14: dffffc0000000000 R15: 0000000000000073 [ 417.020628][ C0] ? format_decode+0x8bd/0x1bb0 [ 417.025500][ C0] ? format_decode+0xaf3/0x1bb0 [ 417.030375][ C0] format_decode+0xaf3/0x1bb0 [ 417.035070][ C0] ? stack_depot_save_flags+0x29/0x830 [ 417.040551][ C0] ? __pfx_format_decode+0x10/0x10 [ 417.045714][ C0] ? vsnprintf+0x948/0x1da0 [ 417.050245][ C0] vsnprintf+0x14f/0x1da0 [ 417.054599][ C0] ? __pfx_vsnprintf+0x10/0x10 [ 417.059388][ C0] seq_printf+0x172/0x270 [ 417.063733][ C0] ? filesystems_proc_show+0x6e/0x100 [ 417.069117][ C0] ? __pfx_seq_printf+0x10/0x10 [ 417.073983][ C0] ? rcu_is_watching+0x15/0xb0 [ 417.078761][ C0] ? trace_kmalloc+0x1f/0xd0 [ 417.083356][ C0] ? __kmalloc_node_noprof+0x247/0x440 [ 417.088818][ C0] filesystems_proc_show+0x99/0x100 [ 417.094023][ C0] seq_read_iter+0x445/0xd60 [ 417.098627][ C0] proc_reg_read_iter+0x1c3/0x290 [ 417.103672][ C0] vfs_read+0x9bd/0xbc0 [ 417.107847][ C0] ? __might_fault+0xaa/0x120 [ 417.112550][ C0] ? __pfx_vfs_read+0x10/0x10 [ 417.117243][ C0] ? vfs_fstatat+0xfd/0x190 [ 417.121760][ C0] ? __rseq_handle_notify_resume+0x353/0x14e0 [ 417.127846][ C0] ksys_read+0x1a0/0x2c0 [ 417.132114][ C0] ? __pfx_ksys_read+0x10/0x10 [ 417.136905][ C0] ? do_syscall_64+0x100/0x230 [ 417.141686][ C0] ? do_syscall_64+0xb6/0x230 [ 417.146380][ C0] do_syscall_64+0xf3/0x230 [ 417.150901][ C0] ? clear_bhb_loop+0x35/0x90 [ 417.155592][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.161499][ C0] RIP: 0033:0x7f777b796b6a [ 417.165927][ C0] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [ 417.185544][ C0] RSP: 002b:00007ffcd54b6128 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 417.194067][ C0] RAX: ffffffffffffffda RBX: 0000558dd3abb2a0 RCX: 00007f777b796b6a [ 417.202048][ C0] RDX: 0000000000000400 RSI: 0000558dd3abb500 RDI: 0000000000000003 [ 417.210099][ C0] RBP: 00007ffcd54b61c8 R08: 0000000000000003 R09: 00007f777b871b70 [ 417.218165][ C0] R10: 000000000000004f R11: 0000000000000246 R12: 00007ffcd54b61d0 [ 417.226143][ C0] R13: 00007ffcd54b61d0 R14: 000000000000000a R15: 0000000000000000 [ 417.234199][ C0] [ 417.237679][ C0] Kernel Offset: disabled [ 417.242023][ C0] Rebooting in 86400 seconds..