last executing test programs: 8.179194766s ago: executing program 0 (id=2353): syz_open_dev$vim2m(&(0x7f0000000780), 0x83, 0x2) r0 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x20) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000025c0)=@delchain={0x24, 0x65, 0x10, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xf}, {0x0, 0x8}, {0xffe0}}}, 0x24}, 0x1, 0x0, 0x0, 0x4040000}, 0x4801) r1 = socket(0x10, 0x803, 0x0) sendto(r1, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) bind$unix(r2, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = socket$unix(0x1, 0x2, 0x0) connect$unix(r3, 0x0, 0x0) sendmmsg(r3, &(0x7f0000004c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) connect$unix(r2, &(0x7f0000000000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) connect$unix(r2, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e) syz_emit_ethernet(0x4e, &(0x7f0000000200)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0xb, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0x7, 0x2f, [@loopback]}, @timestamp={0x7, 0xc, 0x5, 0x0, 0x0, [0x0, 0x0]}, @timestamp={0x44, 0x4}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x6, 0x4, 0x5b, 0x8a, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="bf16000000000000b707000001009fa35070000000000000280000000000c00095000000000000002ba728041598d6fbd30cb599e83d24a3aa81d36bb3010100bd2321afb56fa54f26fb0b71d0e6adff07f1d8f7faf75e0f226bd99eea7960707142fa2dc79b9723741c4a0e168c1886d0d4d94f2f4e345c652fbc16ee988ee99fbfbf9b0a4def23d410f6296b32a834388107200759cda9036b4e369a9e152ddcc7b1b85f3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c3b35967dec6e802f5ab3eea57b09a2ed4048d3b867ddd58211d6ececb0cd2b6d357b85a0218ce740068725837079e468ee2cf49822775985bf31b715f5888b24efa000000000000ffffffdf0000000000000000000000000000020000000000000000000000000000b27cf3d1848a54d7132be1ffb0adf9deab29ea3323aa9fdfb52faf449c3bfd09000000b9349e31aa3701c38c527d3237c18e521ab219efdebb7b3de8f67581cf796a1d4223b90b80fcad3f6c962b9f292324b7ab7f7da31cf41ab12012fb1e0a494034127de745409e35a30b23bcee46762c2093bcc9eae5ee3e980026c96f80ee1a74e04bde740750fa4d9aaa705989b8e673e3296e52d307db98ca112874ec309baed0499104dcfe7c00004bd5fc9e66d058b75fa4c81e5c9f42d9383e41d277b10392a96286744f049c3f128f8f92ef992239eafce5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353009e34d3e82279637598f37ad380a447483cac394c7bbdcd0e3b1c39b2e00916de48a4e70f03cc415ba77af02c1d4cef5379da860aed8477dfa8ceefb405005c6977c78cdbf37704ec73755539280b064bda144910fe050038ec9e47de89298b7bf4d769ccc18eede00e8ca5457870eb30d211e23ccc8e06cd58b638c234bbb55ff413c86ba9affb12ec757c7234c270246c87a901160e6c07bf6cf8809c3a0d46ff7f000000000000ad1e1f493354b2822b9837421134c0167d78e6c24ed0a2768e825972ea3b774a1467c89fa0f82e8440105051e5510a33dcda5e143fbfff161c12ca389cbe4cc302b52e2101de18a1f1f7c551b3fa00055cc1c46c5fd9c26a54d43fa050645bd6109b113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a84a4e378a9b15bc20f49e298727340e97c870800000047546103f123f661c84726e7c7c55eff231a1b033d8f841ba3442b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf46306f2ef7be184f5e93ba5c8c2a4c04450b652b8d4c2ff030000000000000007c6bbd6cb2b240ce7d47ae636a5dbe9864a117d27326850a7c3b57086a4482c218b10af13d7be94987005088a83880ccab9c99220002af8c5e13d52c87c3a3ee6c08384865b66d2b4dcb5dd9cba16b64ebbbf8702ae12c77e6e34991a225c120a3c950942fe0bc9f2a1a7506d35e5b439edeb7088aeda890cf8a4a6f31ba6d9b8cb098f935bdcbb29fd0f1a342c9eed00000000ab6648a9dea0b6c91996d65da6c24a700a86c814459f3cdaaf99000000000000000000bf2130d1b32c826563c718d0ad23bc83ba3f3757210a057e177615c0683f000000000000006d4e0413ab52f5aaab812201d1aba3d70471fcd9b466569f3ef72f39d87fcccab514fcff030000629c9b73ce7bc4be7f8be71cb7b2d0a4acff8f6abe7dbad64dfa63966945d93c33b038ce0d890f85f8a6ab8487c383e24d4a8051f80e1811e387723a25dda119f64b35e71c5400000000000000000000000000000034c751ebdf3f207ea3df3d6c0002a41783078e56c70afe8016b3dd9dc7785b36e609f173cc747837d600283b3452c57a5d44cacd363589845637071320921d32c1663964eddec97cc33158bc306d8c3bdae8108a23d2dc96a5cdb518f58832ec0906aaec43659c79c8ad37b0f961f3beaa3e02f7762c5dd633d13b5e487e996597b200100000b7dd8390e13b395aacce4683e55bcfe8c17615257364365fd48bd77da79e52ce9adfe6dcb0c42c4d719347f3d16304fa000008ffffffffffffff003049ca923d059c0ab5d886a491adacb7e4b43b1b57586e5fe2aa611f6232a9b71882ce24fce75cf105fa57f000756755b7230e2c0c1fed5487271c4f2981cf8f4351ef5d08641dacaed000080000000000000000000000fa36bbac00bb77c933d3961556585295ce05643b0000000000000000000000967aef9c5706e13d5889e77dab80a2548ec31629b7355a2bb8b93e4b6323061f545b26accc4621b568ab0bfaf30aa4f60705532c4a09c0a4a5487c762167edf362be35b9c90ad7e372a66bbb1471aa21000000000000104061c66a7432f25687618e31dcef8c5d4a2457a93f3fc6d3d7131746c75ccf400fc1a7a51826832ef7f5fbc78827d937768443a1c1ca3aba93a34efd21aa1201d9225256df8de405d1f12c17cdaff3ad675aa333aa7e919459babd3cc1000000000000000000000000000000000000000000000000000000040000000059fdc6a54a2a8b28fa7d9b92aeb58e78e3b8594a5ef6bb67e52bf43b6145f544273a8f62852706c0abef368bfc72f92fa99a7bf121019cff8001fd7d2f6c2c295a5cab383235fec4c1decbed258ee9df8963c0fc828ad2119ffefe36c78692fffb6942b9da0922b2aa8f6b66c14ee7f42d5951ede3549f851ca340d9e425e355c1decb785a1042a72c1c98a084b04b1d9be473e50a15d76b110eda3b7cc1f2501211773cf510a43888422c1328476dd6f42659c61a18618fd28d5cd342c276aa9c4cc035077fa09d672b8dcfb3ac1751628647047d07338a8619037e3449a173ddd697f541a0795a2de7ef1396d70675341ebf004be122de04b5275fe7e53d28ebdc5051cec00759d73ca97229d93b965926060b6f91d01324bd458b425ea51c5d5b69551d599188fc6040370ac9ca7ae9eea9e5ede79bd66bd3d616dd7d7dd4c3a8fd055a3585af6fe7f5046c61154598cd33c33a48ece1072afd04b1fd85eb1655d9f3f813392c9634200d892dc6810b436820a1e0f6b464855e28953eb63cd3d6fc1b7bfb588ce28a51af1658d45d759a8399da55a3ff6597bb9f47167fe55ca240623a001e5fe15d9ddefea06a3750501916163844106c4ce662f418d9fc509e5447f712048d53e7e36ee7de083c5ea1119969d858eb6785395fc5a2c551de9a086cb4583f55c47828645e30464609"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x6, 0x4, 0x5b, 0x8a, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r7, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r8, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000300)={r7, r8, 0x17, 0x0, @void}, 0x10) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000180)={r5, r6}, 0xc) bpf$PROG_BIND_MAP(0x23, &(0x7f0000000100)={r5, r4}, 0xc) recvmmsg(r1, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0xf0}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400}) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) connect$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback, 0x0, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f00000002c0)=0x46, 0x4) getpeername$l2tp6(r0, 0x0, &(0x7f00000000c0)) socket$inet_tcp(0x2, 0x1, 0x0) 7.411923172s ago: executing program 4 (id=2306): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) r3 = socket(0x2, 0x3, 0xff) bind$inet(r3, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x29, &(0x7f0000000000)=0x97b, 0x4) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @multicast1}, 0x10) sendmmsg$unix(r3, &(0x7f0000002fc0)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)="643c87cf2bd21d995e613d73613b1e78334efea0", 0x14}], 0x1}}], 0x1, 0xb00) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x1c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0) r4 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r4, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r4, &(0x7f0000000080)={0x2, 0x203, @empty}, 0x10) setsockopt$inet_int(r4, 0x0, 0x13, &(0x7f0000000040)=0x80000001, 0x4) setsockopt$inet_opts(r4, 0x0, 0x1, &(0x7f00000004c0)="18", 0x1) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x22701, 0x0) write$binfmt_aout(r5, &(0x7f0000000080)=ANY=[], 0xff2e) ioctl$TCSETS(r5, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000ffff00"}) r6 = syz_open_pts(r5, 0x0) r7 = dup3(r6, r5, 0x0) read$FUSE(r7, &(0x7f00000041c0)={0x2020}, 0x2020) read$FUSE(r7, &(0x7f0000006200)={0x2020}, 0x2020) setsockopt$inet_tcp_TCP_REPAIR(r7, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x1) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000080)={0x28, r9, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r10}, @val={0xc, 0x99, {0x3ff, 0x5}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x4040040) 7.130394682s ago: executing program 0 (id=2355): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x400000a0, 0x0, 0x2}]}) 6.380175178s ago: executing program 4 (id=2356): openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) syz_clone3(&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_open_dev$radio(&(0x7f00000001c0), 0x2, 0x2) read$FUSE(0xffffffffffffffff, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) fsmount(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$radio(0x0, 0xffffffffffffffff, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_RINGS_SET(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x34, 0x0, 0x20, 0x0, 0x0, {}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x400}]}, 0x34}}, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000580)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x9, 0x40, 0xcf, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x400}, {0xd, 0x24, 0xf, 0x1, 0x9682, 0x1000, 0x8001, 0x3}, {0x6, 0x24, 0x1a, 0x4, 0x20}}, {{0x9, 0x5, 0x81, 0x3, 0x10, 0x43, 0x7f, 0x8}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x0, 0x7, 0x1, 0x4}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0xb, 0x6, 0x1}}}}}}}]}}, 0x0) ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000300)=ANY=[@ANYBLOB="010000000000000001"]) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000000000f103"]) 6.03913602s ago: executing program 0 (id=2357): ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff}) socket$inet6(0xa, 0x3, 0x3c) (async) writev(0xffffffffffffffff, 0x0, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 64) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) (rerun: 64) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) (async, rerun: 64) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x22) (async, rerun: 64) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) read$FUSE(r2, &(0x7f00000077c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r2, &(0x7f0000004200)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)={0x14, r6, 0x46b5b071fb3773b1, 0x70bd2c, 0x0, {0x26}}, 0x14}}, 0x4044820) (async) syz_fuse_handle_req(r2, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ptrace$cont(0x9, r4, 0x6, 0x8) (async) syz_fuse_handle_req(r2, &(0x7f0000009800)="c81a44e63986e08d99ccf23dc0ffa0818fa1b29e99c766114f54433926cc9086d6348367b02c96642668b5f3bbb112262d5712ed8054d5bdfce73f367d017a9fe5d0611a2095a2d64ea5f872e6a2e82823552a5d00e6082e192c9a65203f7b2ead5b76d5941092f89ebfb3af4f7eda2aed59b7954bde4c5aac060c0ac12c09eca75388b6a8179c4977dc61547dad45fbd56bf748286464af77701c3a9029c4b20184af67cf8928b6ce60192173baaf4c2dddf1184b3f22666a9f1ce962649f152fc1d81f46bc01e552e264bea7d558de6fc211353cc3033d74b1f277f40ff3d32b43df5be1660621248ea797ff8e32400c8114a0dbfdfd023924a1d6e35e335c903972c8b0d8e291f1f70996febc0bcd3fe9adc77eaec7e2922b0c1da784a98d3bb5be2afa19700eef6a89214c61e5f79f87edf6584c67031d65da8f1e2615e41b09bcb25c19288e1852d8198910c923e0b2e4d2bd09684028f157e6d512724f8d0da0c5253cd215c4802a7d24c019d4cbd4875904be09477406ce9ea11d1d8e4fb15c38e17e99f546a9b804c7f143a99c1f650a97c5dddaf43bc02839da9bc8201c086a8f83014aa838918f5788f3d52c3116c2b9ca72e8dafa94f9dd75110989e31d5dfd985a00cc3bc79e603e29113ccb7e7492bfd97ad7afdecd6f15c3b5d43ace4840105618679619db4906cf2ea7337bd27ac2de362633363bd8fa8dec3402e8e7663806d24f72b72a75e30e4633fcc78049fe47237a47b8d6393d2766c879189e6f379529c7e6cb38d24d5bcf99602e8205c83e17d8e859399df4aaed02f0ed1d0ba10a9bac073b27ec2b8cb0691080a1041732d3018d378c480878923e25991e599e97020c1b2e17e5759401f040ab398d8b4d216a07b9514ab547f0084e3b37869a2330af29fa894fb4434be6629edc8db63b95dd86e036064290297afe39869f399c2c7fedada7ca2202be1d4b7a095198b11a77429eb2ced2b7a131a207abd34bc311a88eaae478b79fff624178693c4af30706d94689ca692bd064c582278b2e08515738035c7bb5119821cb82f6aca4c0ce8884d1aa040db9d1b2579a4a5ca379ad973f54a9f68746bbc9261a3426889e70716b5c1a8f14f83d080b1c0e3c4be39906de065fab911c9628d9af546172740adaba5dc048c520871279bb0fe80cea62a57f7f59c8d034b66f1791c91b09a444bf4dde1e8520871ceadcd8307ae7a924ca0a24364853d5b87cecec18cd2081292e1939d69c8f03cfb7ae6aa553fe9a3d8bf32906b22fade678f6459383ee9d40968ab818b065985f55a314fbf5b54554e7b5a06947cf6671dc5ed1f78f087ac41dd7d382b93d7190cbbe119f4523ad769aa1c0c373e8a68375b8fc0b6add933718772c4c019646efb0be7959e7d53f3ab1bfde0d7a0e12c7efcacf19ed6809fd8c17613d36167d32b52a36127aaeef68071a142833f8e3e503c9195415ce8c53a82b39311e0790d09ee78417cc81886bac390abc59b8263509877faece16c6bb48e5ac75756f47f0d1f722ef64b88bdca0f495a6c718f3c8bb8e4c36d2c7421096dbbb575355bc69b957fef70122dbf4b7767753029367ba18b25c222ec10b236b83e15d736fba9d31948a5c4f624a490ffa520b23f75e9d2fe631706e92157226e52cc6fa5c1dafd7651450358e894948d1b2a5443c160270d5441913288946e21f42e872bf62a597767c2a96270b86e04ceeb9f84e3e61d077f79e2b9345187e54f20a78bbd8afd1b0f082a58e0d436012017c0045e12c514e9b0610236a1cc091f6e4500b388dc629516e53899489ea3abe2b5f39d59b7d303387aa2cc866aba5cde3faea9914870a74ec9fd9e034e2520fb1e9be06f3111750c161c0898f44f2c3d42584888bfa8bae0bddd6671df44c41272b870868bc53eece9424861460729e99b480eaa61f55d9a8da4c74d94fea85b1df9a10858fd38c25809f924d5f13910668fad16fc635c1996d125b110171e38cef8f06e277e0e8eccec36d25036dbb9ad0447f7116ebf6197c58f4bbf1a53ff5972f138cc7682e3059d9d3489726f038c5cc5900de4805be00bc4c545106558a3b4877de92848e4a4b1750399f19228a48fb1df6103b1d4b9cc5d1d10ba75ba53925a150a61744747043cea4ce192bb1e199a536d0654a91bc567852d260fb3db4b77d14eb9721e176cd4eb260bebc7868d0c9a1598ecf78aa58a363086c6841cba16e0ecd8316dfca3310f8ab0e9e11472fadb6b18a713796a1fa3a4f23003de3384c7756c9a59c74e7d4f4355589783ea9b9bd92f265697c838d8e2f749bd2929765ed7038a9ee7766a01c05881ca4b96f6baf6c14eb59a7090a3f876acfeabe8f30daf746e38faf33cea4f7ade758fc3680d7da99d04da4599f0d19981382b2c40c3aff6222c8e1bf688a96adfd934b5398cce4c6602f5235cd8abf0f7af2cb2c8771b23a6a34800be0b7d73264c9faf6e6a9721ce0ddac96616034f2244682a6984ddc41ab8bddb137f7b7386e550256d579b6ba677903fa8d177680be70eef89b150c147f5db9459c5a7214486dfd165c148a68c2b70881542efe4f78b5c6a7329918512cfb0bf07021b8fb76e1fca4503fbfbe06bc6dd776710bac8b9e57295cfe054c91815b01bdbacb450751491bc512a0a738f9260970bf2ef481e9b1134537eec67a109545ea3933fc5895bd2bacedf8e52549c8579b826f15390562c0637cc6bdd54d1930994f324a3ff46e471b2b66a651c1651750c2f038d513e0049f3c2bc86864712b6dff80b832c7039c6b2b90d80bfc155599b8751c5fdc2e5cd928a070ece0cfe5832d9d5115e2ed9d9c4da773d4d846db1de129babf535900d85e8a5b08aea019bb64cdef8cf58a0218af39d25b27e4d26c299cf62d058515e39de2e4ebc153d643253d66b8843c47f8795e11d37f190599ee61c89f84b674f5ee9819b20ecf58bbf44821dac0b1e49d42d4369dc9c1ddc17bc813a0b0069ef5f657033277003c7c448a375e6d38fc602c644fdd4dd7d354901bc683bb08c630b1aac188afc674bbd17deb6ce9b97ab59fc5be3e246838a9f2a59b3d23362b3a79710ec4ef7cd85047910e2681350f77140737f56bee146be8723388222dbabe71f40c42c6a8390c85187ab013bd99c2322f9131e5e8ffb99c741b8ac55f698adb643ac78262b5719e4092c0184c990b463c8cc993e9d9250a976c3bd4711e7793938a02830b157f148f1113bb89d9d8b3f85aa8ad084027d4fde1723fba973c17115b9b3ce64d5c03d79a8a78581de2c76342133ef721600334b85984b0c3b9abb4c945538af9bd7120c591997a9d1e670b78f75fa430b9f0e66c675d674932798380c27a7af9d478b33669a207dc17abb1bf7c35718e53f2c549a74d65d3126c40e3ac9793742ec6a4643480d265daba1a6d7991311ba3ba20f6a13391ec14cef0f2b94a15d85a61ed1b7c3ac8876bf93777cb31c7f34a5cf41cac7eab910e7c6198b9506daccf362e7a84d13ef2cd5f192d0568cf18f83a7a9963622702d0b0f8a9a1c72ad239ec99ccb148f00b5682c18a838fdafd37e1b47a9722d8af15d20311dae3c482295755d661a91b8c49de39e54b689b5cd7704d6525f3c02916037b60bf1ad97640a88d2fa975dc26c2ccf01d57b0918005d2203677b8d5324683384f23e3237a4ffe544a9a46214c10601f88a18c2fa8dbe62ce019ea9a53fba8c3142797795f9486df7262f25f80f96b4bdfa7a64de723716fe13beeb8ea79fa8f9c80d00bb5b391587dcde3955e4d707d1463c69c2d62908f43e9eaf5c75473d4cd7b48eaec0febdcfbb752182e2fe9048dbb7b27d65422748dcc83d8bd7dc2fc6aefcc6d4337d5935289e57a0bbd73cc3fe69024c13deafcb1358d986ea47720a2dcccdd8be97626e6821ddcdda2966e37ce0900d4c4de88d7f0e8732b85c891857a00682a44c8efdafccd3250c41c09f97dc9f72f6b9b8addf98e64dafe3deb7babf4a2a7e2efeafe79e28d825b4595ad46a7199213b4c318f408df66022706b89fba65031f4664e04ec351e078821002e20dbc4985e76a8f1f0c6499e0a4eb220caca1aebc6bf83f9ca2c47206f3026bc22fd8a134916852b21d899c970bc6e71b8ef4aaebfa0bf95a940b9ab2dd3ca3db77f26cb8e849b2027ea64e090239c368eec0599f835520dd6387132f60ebcb2d2079a3dcf55844591f9c4aa8b369c6083675fc4f0859dd30d360f0692e81799f605ac136fc1e3ba0efb88c77fe5779d67a055388e24e313108f37329bee59a330de780460a6dc71a130af1ab92892881e3e25a35b1fa0511b96fde25bd405db741f3b38738e49c59a75f41cc26b5c34aeb76c7659a160faf37813239176bf0e47b0c9be25c884e60a0e55d3253ef3674717a527fac817560e51335e9c3b18a487ab79ce4d3c0fc03277367b27c94eae5a790e6a0dabdcc393b98ae78198a378aa709791e0ad01d335cccda768254c2859ba5184ac1c111c88e434c6888281e97ad0ef97c0b3082b22fc6521eea2c6086fef2416a0c32e3f924cab7af288bda5097969b40cb646f0b77b783bcf2741263a6800d29bc68bb36b89f95b5f492116d551e986dbee994cbe8bddaeaf8cb024aab160e528e7aec1e354d05fdf512ba3f72a868e31725371b27cf47e6fd8b61e21dfaf66c2206241a324239dab02044a3a9ba367caa3fc689ea76eca022272f2925852b881a8b6e81d3b21cb499659c536eacb3b1624b4b9d47a625a95ab947bdc106f61208430b6b3d7e87f4a18abe4074453e310884725dd31199fe7b492b8ab0a4fc64d4aebcc936773884bc7512b3ddd6fb822bb7b75b9e1597eb6395362b2d4eeb6909084900c0de27200b2f9b699f2db9cd0edab619a7f545746f40c8d8fcb12d40e0eb7f4604103fd52eec0f6d43477728d59c51ef5ebeaa5c9a4b9787f2465307380a0011d0eabe77bf5e37423b48b59f910f1ad8c05436a07cdbad9f61ff099279b84429d7836fb7279ca67a3c17cef69b417c6ac583570836b97ba8ffcc47ec3838039ba33afea8d2c8b8815bc0d7ecc4665f43b67deaec4477287b18a5093fd5877099e9dae01b229cc79083e6bb27a7552b5e39602a1b0c123c1659c1359500937d5390bbcfe38ff4ed55a4424c017fd05d1f752e291a7dc90ca123ce7af02c0d952bccb236563ed8006d7e642c35497007632877445e397fbffd29a43c95983b67efdcd04fae575479b138c93048f15768eae61e117b0f42a40ce3f1ad664f833a9c2dddde0826f988429099960100ddefa7b96bc3bb6918d1b6fd29e851e6a1d58c880c36c4e7d2d63f916b655dd8563e5cdeaa6041cc81e3d2e853927761a3d7a91b0cbdbfc89a725bae5b7c14c3fb6a74ef2aa259e38723a56c7d82da287f3aa1357d3380931109123f9b0c1250a7447a5327f6f11ce42b5f0269ea94547f9d18e34b32de7e55e47e99b113c7296a535857c4c5d8e624e672a692394aa2937461ac3f5d202ec652afbec1a44cbb38afa423d8a1cc6ff0d70a509bae6f07a4ea9062ae09da3ac26db55c5a4b2430f3967fa2b952597e6d0226f3a9ec47c1b8f1da16452cddc3d5d32eaadd569fe1e4d8af95027aaa689f113bb72fdb398bfdc3a6696d12b305cd8219522223b5eac1e00eadc6db5a52518339e78cfd6aafbda6251ef2ef7f317bccaf8df8ab14099dfd73a21ff89a591dfd038e7cd46e662156fe3b05cb6c7167eb8200a121a05118bc7f9e61812cff90726e0cdc9b5c0042426f842fffd045f3f466ede3a657767a6f985fdfdacecb2a99fc5992a2451d51b91465129eb54f532767a8b7097ca36e585d6c1aebafb92cf5467da3438c806d942bdcc67bed758d9e238a7488d58b1ffd3ae5034794d9a96f527b05aedd85bed353df22807395287233cb278772d567e8a00d4c9b4d51633d865b659921aca08d805a82d575f545fd850caed0949ded172b3b406038f000ec2cf0df7257335e38686a64e5099e55f4b57d04305b0ae91d39d49288907d126fa6e7cd134fc27fedadc0e41d193252bf029d13c247dab620cf9c635029fff178f654ca8e444f718cd944f1ce4feed3ce36cdbfc5c6c6cf0c3c1c4d80daae1574ce74ad0770238bb4ea5c7d6aa72587d20308a2dd9c3af0e9fcda48ea68e917a9f290d5358cf94c06f8a496a4c1a0a16a2a67bef07a9b5bae98bfc5536b3733260fbb3a2f6b1f7b17736a2ad9b44a2c87a4a2f9b80688ebe284557e205f7598320aa10c4fb154c5c033b71884daa6e3bcaeed8818fe85ca39277bd5139d58c188749db5bcdcf2737fcbec402b19a336e1d7386e2dc28c00f9e444205bbc99dcb8a31845f97227114ec36b98608efe42afaaee942c2d8fe3035b400c3155f9766044512b733800f4797fe8de6dc352ebc7cb0033f1434259ff9067133d9b863478b2ab895a8300cc913715c84114ffd21f22d3ab696f28272022dbbe9b36eeff0e8665a8f850c4897575aa2f0086a8312ec6f19763f132049961b138d7bcf9a9c0ba90050c8d59e01508eecac71ce4b5c737eb3ce93f2af6c0a9189c30fdde9ea5f8a73c2d579cf259e99d8a32c4d322b626b0dcdb8083dcfab6d4eb57d845bd9b93813d56b949ca5a67b3554e66526aff1fee4764c62bc45e201291e64f053fdf154190cd35503fde9e39198b62f08028302ca7325f4b4ad0ece5d7efe545987d5f7a7bfaad30202cd5abc00dd14938ff4218a01a8592254b33c7b32d3a386d942ab09c72b1ec6336e27dc17fc67e6ba92b6cd99e489fe89586cb832cbf269071233199559ee4cfda5a133d8832e084ba85617c1ef77017f8cc7876013114ebff0f0245029dce608f8a86c1c73a8ce3b58b8a9604023ae1c24a0833bf7d9818d8169305e726711fb25a46ce510a0fb8ab5dcd524de7437bb0b26c3ef4c70d5dac1c01798038b0b7d0049ae6eb1fd0add472b76c03f326a92f76371e65e1da47f02ad3b84cff0c38c756333e927c5f18c0a3355fda90a933c734af9ebd387efc5c90f523d45e1331bc02b6b65386f1706a47d4320b6990fed79e648d85c295178fe36b5b1251db63be3b16be8c3a11cc3c1f593382839812a58253cc1f826a7c42a14f68516f4b5258034c4b8dd31df41c82b2c89bf87c268ab1b8915ed88806e047e129b590bb1fb381c7f79ccff50868a9925f5ce19fddb41e7a6ff9220e9828d2cb5bef4509bfdb6365d804ff73c396eea42e739180d2bbd097b717c1b0ec2807b6fdcf04f7b361aa2876f6126860e4d84a85482a7f71b01a6d836ad83e886b57e727d54eb4d5b2c57bad52f39a2d807fc76be9a860d0d9acc2361dd91fde333a1bb0bdc77d9b1fd9a537a40e12090ee2c236aa7e04a699788f0afb8b2620d250a942ec3471bf3bb5ff77baa2ee463347ccdf63ff55d3dbd59ee7b43225966812840189a85be9e77529975258e44c3d40c046dc962ed51993266d96d1f7ac60bd5cb0eccc4df27958d7a23371ec699c31e8b32e7c34a9726b95329a9313fd0a5e1280fdeb385bc4c4cb43f34f59b0360cee138900db8c0b9859b7dce1687367e3258c0c8c02cbb260de8740435a0edb4073e6e0816b55f2a21693123d6d08ed478b17e05ff4b7b43991177e952c5a1895e054466fed8d3a2d2d54351ca2da8315729f242dfa59cbc457f5b64b5df90dcdd3051f4665aca22a3b7cdf66df9a3d82c5c908b808ef5b606e8a70a9bcd46abed11fb3f7a940e5280d64b53c26ea1fa1e7aa5d1b9eb700e047e1150a44d27e9fa2f72930af2271a7f4f33ec8ff9a6234c04d1813b626d775bb890685dffa08207e87f5af528a601e938f782c9fd57611f90c46e8cef52c4dd1b9eaf6eab74f951d374195ff142728f795dab16d48f99255bd1241aef1ab2922e8b98c037e44de901ee98ee90ff9295151068966e894a1680065646399c72257e6f1edaea592c116a810a59fa84d062cfe09aabf9daf2aa8c5552cd3c4583eeda46730328a8aa00f260f5c857f696ccaefef069b0ca1f9be96e5028ea00f0124ca242b250a841574ce81c30aae7845335017c5e485ccd929c24b2805400f0703407c52297588e1b1385b898ac4c0f218864b2196e4db21bba024abab0aea0d9e03761e9c0ac3692730d4dc8d4fd16d63b1b95392b02966c77845dd0561e8ec5546e7d8f58019299faaf578e490d29aacd9632564133424d03c4f724a71640556379d8b36aeb83948a38b4a8e686dbb58cd451116bc07f9d7096bb3543aca26a0b137c9f7a18fc671b8bc67158ac64910d61bde226c90c8e019c64478d18523c0a4a9ebd5a32954e8449793397d2cee8fedb8e89a0e63ef7202745d98180025a95f6ff6145cce98ded7428ad5462fee7188387a2d3ce89d200d1247b84a4335b0be3e48b7d219900d4797c18e993969b800ac8c9e8ceeaaa2815b838fbc0f57cd749371d3bfc63fbf0943b77df8e2269b157eea5b17bc13f892984f403efd5209961c787caf79bc76010f1138e5371862d42019f9202035094b5dce365813286319fc174da07dfc6ce6bfab89a88c246934adc6733202def3a862fe6840f141241d8320faced105448334f9b2309a716a0c74c375554f9fe4a5bf29018f48b59c6dd789e3955caaf001391ad5c6e2be1ade7a37635ad5501389cb738decff82d3175bfad92b8d0f50d5c818ced8f018b238d149c04cb422612e2c658966cafea77ae4a2a0eaa48026b3987372c041f7ba8411dd3f0eee2355f019f17b806f52d72b143cf9721b78bc099bfc57b1749586b748a4314c73819072abfb5b56bc9050aaed5a31304e0452b227fa2bddc33b55d71f530e83ea6f051536167bd637d0cb0246b074e6b7cc3a08ef1eceaaabc842f99db8851ea938535b049eb248e75ce2860045247d3695048a0f677daf9e47797bdfe19c1979a6beb70fc5eb99af8f65e587d73cfb14b4164e31ecc3283209c86f3f1a05d6ef8ca6682fdf049d3e3874e12a11ce39bf77d0b8824c78d3fdab6656c0693a0dfb232335de3f7bbeb3380501b770b77c8375fa0901af046086ac5b373dbf0d0d4f5d4ca048138a33dd475050c307f77986fcc6ec79bbcdf72122cbec8bfb5fa7e37c899166ecae3de6e1a9f14d097fced460db12572e7b41ca8028f20a37a8893bfc92824d13cddcd5343930a21e485ba05cc52806e57888454c7e08928769941fc007c710bf132c026c9bc5cd34b0dd1bc946479f0b5dabc4a858037d73ed5c83d8d94c4fa76912df5c868142548a9eaeb67fea1c9338ecb2a05c8f129ed11228d8175f0e9f248c066cbb0dedb3a0625938b0026e8cbdcec04ba5e3d0e2eef90f0c46af9d722bc17b3ca0e4e7bbc97f93658eb57a68c53cb5a00d94fa2432ef6ec8c32d87b8a58cfb60c5636d0d09b809670ae2e068e708e21c6cb2c72aa2b95b771e5d076aeff5a1aac9de57388edf1394e18099fa4424a44853c513395d47186aa285157b4a15acbe8fa3766f90bb52d37dc3ab3cb291fc01c02428b063541fe8eaa786e41a7bc39d9884ede36235998cd15a9b1cecbef4886d0b79636afd7d018bf28d8f4b4386ecc663aa32710e1446739f3a837f5424bcf0aca30c429e0071b960381a8cccfd9cd36c3f76e609d53fe17549a659dda76513ce2674a1fe203f292be577e9f47d824a49e943cf20177b8b3e593a7ce8c85b43db60fc368bd15e4de619ea63f49f8b4deb9444c9a6c54a1435cd6c1cd789bd363d9c6cda72b7e6c193542db0ad9898270dd91ea268847352d295046744d374dba4440a27825ec81f19a7cc0197974802f48a0326b76e72c54f4acb9322fe691a08f85c0e7d6bb9fd11609d97825d19297ed6e2721cbee92324d28e4e47c11214500cb17c8cdf75095b0327fa66c901027794df2de7ca1af1ec578a44a1271fd4d544faf1b293e52c196e264fc90545d8311271dcf1fa43ee04ad5b866d6552d9525e09da558a9dd7da8be8c06636ceae3db522db17ffdc84118eb45c564d258edda3e800210567c22f8916822e12e195b6ec6ecf415ae6672f115e002f40fb0addd153d7efe01e429bfe6c667f546320110f10d9525418a6ecf27695279df78eca5f82a14d7e9f9764dd377ffb33103e7992260b882837d0de268c19624ef42739acab31ca409cd26172ba916eb08e81c957e56d80ba0fca8da6659bc1e33c2cd2d778fc36c4b42163c2758c0e5f9f4d02c4c1dca2e3fa6f777926da4d226aad23a208d1e1e58117aadd771a4aa88776825e166986f3e958e9c3eb2fdd8236b4caa23799885ee877f9564780e64cf0fd2c0ed2d904467566c514b24bf412580aec6b6fb9f55c9cc90480f870332bf4f650c1efc52d29076183163e79bc67f6f2d6ee1976fb00e9840bf6a92f20f4e5aa7bc1061e99add7c25e4c75d477b680ec0f19576b4c43e5d8f4bf5da1861b065eb50f4361ec3554bd7c1f7ec18b3c4510c31e51afdac40e78de077e4392c47164ce41458b768c6014e00b3614276147df64ed33242bc85163b65610809764983e117d7bcc4845ccda2c9beea259c9f369e2c58e713fdf08f6e377095a3a4c3028c016a01fc280d9eaefcfdf4c15cb96dcea6e9e349488a58dc3a529d372e64a788742447156543854acaf45bbedbf842cba8c8598c84f120300b6c583c725852a3ecdc9ee07fa2338c2c4e96a7f5067f9f6891d5045be4486c663ac35a80d3bd7e1cede8c78de7fc09b92ce3f3245404502013e7ba4a2326264ab10a443be6a6e86b61b004115f1d5db953b4a563fc9bbee76b2b9b27edaf131849c3fdabd8eb1ff80f649659031ea855046ca07d9f559bdbfe999eb8a0d2e4965dfe5f859ea83c5e5fa69afb7481f069363d490b8524f08b6416790dd4f8f9ef78e642708f7fdccd3bd757f112f817515563fc0926f751065556bac668768d999026ef7bde90579f39fe0c55785f5e95a0c31f732dbfb8743b8ed9d61183dc7264edb80260a0f6f107a275dcb5983b450bf8c21660e842433730fb2f32799c66741b36c7c414d84a0fa0653d71aa0a96551866603515701b7caffb2bc1c86fb3751f7ca1e9e69beb865bf34402ebcffec3dfa5813bb5e7aeaa0bf72f9f52a9e12ad19e8babbc2a3196ac56f8efb1c254fdbee2779723411bd4fa35e298deb2b23162197473df5c9c150b70027e49f05e3d0905133c87a1d6f39eba50159356a7dc179f6fccf461aac8416c2f2eb914587df9c4cef4bc171df5cf569983b5315b0c284c97662ce100fd4da1567a0aedb13cb051ba7f50616243e0ab865e92440d2b7dd5bc7f1248554c641a101230487575b8daa3dcdad23cba379a5d3d064fc679d9ff56997a93ccdce2e7afd76f848fd3a753cc7056ffda235a5efaf2f10dac4d056f0baa51f01a0ffbc547ece5434b5099b7c5fe62413121139e55ccefd18b3bf8cd3962b126ea1d68c808ba60b56da8467c360fa88d85cecfa47d9cef26129c0afe0a28b43a1bf5bf714aa4ea2dae3ce9bd86ce6764f29b232148291fbd2ebd3a213aca4b101dbab579e82624fb0148d9572fe41347fe711967544aeab03b219789e8c0aaa49fbfcb1", 0x2000, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)={0xb0, 0x0, 0x0, [{{0x3, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}}, {0x0, 0x0, 0x1, 0x0, '\x00'}}]}, 0x0, 0x0}) (async) r7 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) getdents64(r7, 0x0, 0x0) write$FUSE_NOTIFY_DELETE(r2, &(0x7f0000000080)={0x2a, 0x6, 0x0, {0x1, 0x3, 0x1, 0x2, '\x00', 0x8}}, 0x2a) (async) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r8, &(0x7f00000001c0)=ANY=[], 0x118) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x50, r8, 0x0) (async) ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0x80049370, &(0x7f0000000140)) r9 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r10 = fcntl$dupfd(r9, 0x0, r9) ioctl$SCSI_IOCTL_SEND_COMMAND(r10, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x80000004}) 5.401820884s ago: executing program 0 (id=2359): socket$can_j1939(0x1d, 0x2, 0x7) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) socket$alg(0x26, 0x5, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x657203eb) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) socket(0x1d, 0x800, 0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x400010001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x8000000000000, 0x204000) mmap$snddsp(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x13, r2, 0x0) mmap$snddsp_control(&(0x7f0000000000/0x4000)=nil, 0x1000, 0xb, 0x2010, 0xffffffffffffffff, 0x83000000) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x4) socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4008800) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, r0, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) migrate_pages(0x0, 0x1, &(0x7f0000000040)=0x800000004, &(0x7f0000000300)=0xa) socket$inet_smc(0x2b, 0x1, 0x0) r3 = request_key(&(0x7f0000000180)='encrypted\x00', &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000200)='}\\)@\\\x00', 0x0) r4 = add_key$user(&(0x7f0000000000), 0x0, 0x0, 0x0, r3) keyctl$get_keyring_id(0x0, r3, 0x33f) keyctl$read(0xb, 0x0, &(0x7f0000000340)=""/249, 0xf9) r5 = add_key$keyring(&(0x7f0000000440), 0x0, 0x0, 0x0, 0xfffffffffffffffd) request_key(&(0x7f0000000500)='dns_resolver\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)='+)@!\xd1\xec^#\x00', r3) keyctl$KEYCTL_MOVE(0x1e, r4, r4, r5, 0x1) add_key(0x0, &(0x7f0000000600)={'syz', 0x3}, &(0x7f0000000640)="38560616f68aecbf3b0e07396e139f1416d342f202eda3d7670467ecf120d1f976a15f9fa9f089ed8264ced7d83c25", 0x2f, 0xfffffffffffffffe) 4.924838529s ago: executing program 0 (id=2362): socket$nl_route(0x10, 0x3, 0x0) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2) r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="31010000dccd5e08cb060700000000952301090224000100007e000904340102d469e7000905"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) userfaultfd(0x0) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x1de) close(0xffffffffffffffff) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r2, &(0x7f0000000640)={&(0x7f0000000540), 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x1c, 0x0, 0x2, 0x0, 0x25dfdbff, {}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x8040}, 0x80) execve(&(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000080)=[&(0x7f0000000740)='\\\\B\xc6+\xd5\xb9\x93L\\\x87\x84K\xb9!\x0eX =z\\\x14\xec*\xed\xa6u\xc4\x14=\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9=?i\x86Lpw\xba\xe1\v\x1a9G\a\xf9\x18\xe4\xf6f\xd6\fpfP\xcf\xee<\\C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1dC\xba2\xa6u\x14\x0ee\xef\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xae\xa0\"(\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95h\xd7PN\xf1\xe7\xe2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5bP%Z\xad\x83\xda\xbe2\xa9\xf2\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x01\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\xfd\x05\xee\xa0L\xe4C\"\xba\xd5\x91]]\xb26\xbfA\x86\f\xda\xa1w,\xc7\x15oA\xc5m\xbb\x15\xd1\x1e\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xcc\a\x10dxb\xc2\x13m[P\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4moccU\xb5\\\xf5\x05\xec\xa7\x98\f1\x89\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xacd\x9d=d\xae\xbf\xd7K\x9do)p\x00!3\xd7\x05\xf0Xk\xb7vo?1H\x86\x19f\xd3\t\xf8\x96\'\x8c{\a\xfer\x14\x0e\xd9=\x9f\xa1\xda@\xc7-\x93\xbc4\xc0\xfe\xf6\xf6\xc4\xc3ZT>R\x11\xba\xf9\x17\r\x98\a\x06\xe8\x80\xf3\xdf\x87\x1f\xfd\xb8\x99\x9c\x19\xb4\xac\xca\xc2-\xfc\xe8\xc3qAt\b\x94\xee\x9e4\x85\xd0\xfe+\xc0\x17\xbfE\x15\xfdZ\xce\x954v\x8a\x05\xde\xaal\xf4\x82\xe2?\xabS\xe4\xe2\xe1\xd83\x17\xfe\xf8~\x04\xb6\x11\xc4K3\x82\x127\xf7\xc7\x06\x177\x8bWF\xb21\xce\xc7\x19|\x9f\xe87\x80\xbc\xac\xb6;\xcc\xafr\xbd\x90\xde9\x0e\xda\x05\x86\xf0i\xf4{\xbf\x82#\xfd9\xdc\xa7\x01\x00\x12\xea1K\xc9\xe1\xfdv#0U\xd2\t\x14\x10\xe6\xfc\xba\xa1\xac=\xfd\xd7\xa8\xc8\x18\x00\x00\x00\xc4w', &(0x7f00000020c0)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K9\"\xf1@\a\xea\xbb\xfe\x9cY\xfc\x80\x99\xb9!\x0eX czg\x14\xec*\xed\xa6u\xc4\x14*\xdb_\xe8\\\x96\n\xa6)\v\xf9 \xddb|\xe7\x14\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\x04\xda\nU\x84\xc2\xe3E\xc1\xd8L\xb1r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x11\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7\xf7\xff]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xa7\x83}\x92W\xeb\xe5\xa3\xcc\a\x10dxb\xc2\x13mNP\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb6\\\xf5\xf3\xeb\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0=k\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\xa6\xa1\x03cz>R\x11\xba\xf9\x17\r\x98\ap\xda-\xb0R\t\x93.r/\xce\xa4\rK\xcb\x1aO\x03z$\xbeYvYn\xddI\xe7\x13\x8f\x15\xefL\xba`\x9d\xea\xed\xf0)s\x12r\x9b\xf2&\xf2-\xc6\xec\x96\x19\xc9\xd7\xda\x06\xba\x87\x18\xef+\xcdp\x95\xef\xd9\xb9s\x8b\xf3\x8b\x88<\xa0\xa3\xad\x8c\xaf&iMM\xc5>\xa7v\x17\xdf \xca\x86#\xa7*\xecl\xbfp\xc3x\xc3\xc1r\xbe7\xb5\xa3\xf11[`\xcb7z\xa0P\xd5p\xe9\xddC\xc0\x80=\xd9y\x01\x1c\xe7\x1cdN\xd5x\x89\xc9\xc0\xc4{\x01\xa6o\x9ceZ\xe1\xfa0?\x94\x1f\x9aQ\xf0Lf\x1e\x17A@\x06\x89\xadg+$/V\r\xc9oQ=k\xa0\xa6\\\x00\x99\x94\x10dy\x7f\xd1\xd2\xd04\x96\b\x80/\x9a\xfc\a\'\x83\xb8\xcd\xb1\xf5#\tr\xb4\xc4\x929\x01\xee\xe6\n\x8ba\xde\xdbsAzG\xe86\xfe\x83\x1d\xb3K2\xf0\x8f\xde\x85\x00M&\x00\x00O\x86\xec2/\xea\xe6$(L\x85\xf8Y\xcf,\xa3\x87^\xe1\xd8F\xe4AJ\xaa\x1f\xe9\xff?\x9aF\x97M\x80\xe9LR\xdc\x9f~\xce\xb5\xef\x14M\f#>O\xb44LB\xc6a\x82\xc5\x107\xae\xdb\v\xf7\xc4k\xab\xf8:\x1fj\xa2vf)\xee\xab\xb3C\x92\x8e\x80\xb1\x01\x85\xb1v\xae*\xa7])n)+\xd9\xcf\xe9\x9ag\x8a*u\xe4e?\xf9\x93\x93u\xd2M\xfd\xa1\xc5\xff\xd9\x15-\xabH\x90\x04\xea\x88\"\xfe\v\x1d\xa5}H\xee\xc7\x94\xdb\x02\xf7\t5\x1e\xd6~R\x9e\xb5NV)\xa6\x1ff\xde\xbf\x97V\x87\v\x94\xb4\xb0\x7f3\xa3\x85c=\xb0\x8ab\x06\xfa\xe9\xb3\x1d\x0e0\xfe\xc7\xf9\xde\xd6\xe6\x14O\xc8\xff7\xd8\xed\xc6\xdf\x01\xb3\n8\xbf\xbe\x1e\v\x18\xd9\xb3+X4\xb5S\xe7\xf6oO;\xc5\xc8-\x9e\xb5\xbe\x97\xb4k\xd2n\xfa\xd1\x82\x16\xea\x93\xc7\xb3?\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb7\xf2K\xe9\xcf\xc6y\xb00\xe0\xa0\f\xef\x02\xd5 (S\xffhY\"\x83\x05M\x0f\v\xec0B\x1f\xd7\x80\xdaL\xa2Q\x8c\xde\x17* \xf5)tk\xb6\xb9\x86?\x1a\xff\xdc\xecP\xd1w1\xf4a\x00r\x06,\x86S\x11)\xf4\x16W\xd6\x86\x10\x02\x15mod\x854\xd4\'^\xb6\xe9f\xd6:\xfc5%\x16\xc5\xa5\xf1\x11k\xdd{\xaai\x8a\xde\xa6\x18,H\xd8\xe5\xf5g\xe7U\\(\x01\xc5\xde\x1d\x8acHf\x86`9qV|=\xbb\xd1\x95\x0f\x86\xffa\xb1\xdb\x82l\xc3\xcf\x88\xeeJ\xda\x8b0f\xac\xc2n\xd1\')\xf2\xaf\xc0\x06\x01\xb4b\xef\xa8!\xf9\n\xf7{C\xdc`h\b6>\x171\x16\x89\xa8\xe9OC\x7f\xb1\x1c\xd4\xd5\xa7\x7f\xfd\xa8Y\xf0s_\xfb\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\xeb\x1a\x18\xf1h\x04\xa8\xe8\x92\xe6\xbc\xe1O\xcf', &(0x7f0000001e80)='gcB\xc6+[;\x88\xfe\x97B*[\a\x03\x96l\x1e\b\xd9\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX c\x03\x00\x00\x00\x00\x00\x00\x00\t\x00\x00\x00\x00\x00\x00\x00\n\xa6)\xd9\x10#\xf5b|i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfE\xd1\x1f\x9b\x1d2mRQ\xea\x90\xa0m#\xa4\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\x00\x00Jh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7\x8d\xf1\xe7\xe2\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8f_\xda8l\xc8\xa2\xb0\xd1\fg\x00\x00\x00\x00\x00\x00\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c1\xf1\xe7m\xfd\x00\x00\x00\x00\xe4C\"\xba\xd5\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&\x9c\xbd\xbb\x90\x17$\x9e\\\xee\xc6\x88?)\r@e*\"_^xb\xc2\x13m[P\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occU\xb5\\\xf5\x05\xec\xa3\x98\f1\x89\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6zG!3\xd7\x05\xf0Xk\xb7vo?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\x9f\xa1\xda@\xc7-\x93\xbc4\xc0\xfe\xf6\xf6\xc4\xc3ZT>R\x11\xba\xf9\x17\xfd\x98\x06\x06\xe8\x80\xef\xdf\x87\x1f\xfd\xb8\x99\x9c\x19\xb4\xac\xb0\x11i\xcc\xb9BG\x1ac\xbc\xd9&\xb6\xd9\x04\x03\xc6\xebf\x84\xe5\xfe[\xe7\xe6\xb3\xe9\xca\xe7\xc1\xa7\x9aO\xc1\t\x1c\xeb\xfbl\xa4\x80KQG\x80\xcd\xdd\t\x91\xdb}\xb1\xde\xf9\xbe=\x8b\xde\xf2G\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf7\xa9\x99t\x87 \x9f\x03}\x8d\x1b\x14\x1eU.r\xe1\x00\x00\x00\x00\x00\x00\x00\x00', 0x0, &(0x7f0000000a00)='gcB\xc6+\xbf\xcc_\x81 \xd5\xb9\x93L9\x87\x84K\xb9!\x0eX cz\xb8\x14\xec*\xed\xa6u\xc4\x14*\x82\xc3\x90\xf9\r?i\x86Lpw\xba\xe1\v\x1a9G\x04\fpfP\xcf\xee<:C\x1e\\\x1f&\xaf\xea?\x91\a\xea\x8d\x05\x83aJ\xf0v\xc0q\x84\x93il\v\x03\b\xadT\a\x14\xd7\xd5u\x84\x82\xb2\xd4(\x1d\x04\xf2\v\xe9\x8a\xdfU\xd1\x1f\x9b\x1d2mRQ\xea\x90\xe6\\h\\\x1dy\x9d\xe9\xfa\x06\xa27\x9d;\xe4\xb4\x86\xa7&\xa9c6\x1b\x8d\xa6$\x82\x1b\x9a\x82\xc0o/\x8c\x97\xb9BJh\x9f\xb2\"\x95j\xd7PN\x89\x7f\xc8AB\xc7}T\xbe\x8aO\x9d\x94\x8d\xf1\xe7\xc1\xad\xdd\xc2\xb7\xe8Ac*v\xf7\x16\x8fe\xef\x84\xf5k\xa9\xeb\xebt\xc3\xf1f\xca\x04*\xec\xfa\xe5b\xeb\xb4\x99\xefSv\x82\xe2\xe3\x02)sP%Z\xad\x83\xda\xbe2\xa9\xf2\x04\xda\nU\x84\x82\xe3E\xc1\xd8L\xb1r\xb0\xdaH\xf2{\xf6~\x0f\xb9\xdd.\x06W\xd7\x1dG<\x1e\f2c\xf4\xa0d\x11\x88\xee\xcc\x18(\rap\x98?\xb1$\xe9\xe9+\xa6\xfb\xb1\xc61\xf1\xe7m\x91]]\xb26\xbfA\x86\f\xda\fi\xc8\xefl&*\"_^5\xd1 H\x17\xf0\xa7\x83}\x92W\xeb\xe5\xa3\xcc\a\x10dxb\xc2\x13m[P\xac]\xc2\xc1\xa8\x1df_\xcax\xbd\xf4m\x1e\x18occQ\xb6\\\xf5\xf3\xeb\xa3\x98\f1\x8b\x99\xf0P\x8e\x1b\xe3\x9e\xb9\x0f\xf9\xb0\xadd\x9d=d\x94\xec\xceQx\xdb\xf6z?1H\x86\x192\xb2&\xa5\x9d\xd7\xbc\x85\a\xfer\x14\x0e\xd9=\xa6\xa1\xda@\xc7-\x93\xbc4.C\f\x193\x03cz>R\x11\xba\xf9\x17\r\x98\ap\xda-\xb0R\t\x93.r/\xce\xa4\rK\xcb\x1aO\x03z$\xbeYvYn\xddI\xe7\x13\x8f\x15\xefL\xba`\x9d\xea\xed\xf0)s\x12r\x9b\xf2&\xf2-\xc6\xec\x96\x19\xc9\xd7\xda\x06\xad#\x18\xef+\xcdp\x95\xef\xd9\xb9s\x8b\xf3\x8b\x88<\xa0\xa3\xad\x8c\xaf&iMM\xc5>\xa7v\x17\xdf \xca\x86#\xa7[`\xcb7z\xa0P\xd5p\xe9\xddC\xc0\x80M\xd9y\x01\x1c\xe7\x1cdN\xd5x\x89\xc9\xc0\xc4{\x01\xa6o\x9ceZ\xe1\xfa0?\x94\x1f\x9aQ\xb2\xea\br\xfb\xdc\'\xb8\xdbh\x02|\xacW\xd5\xf0Lf\x1e\x17A@\x06\x89\xadg+$/V\r\xc9o\xda3C\xa0\x06\xd4^\x8bQ=k\xa0\xa6\\\x00\x99\x94\x10dy\x7f\xd1\xd2\xe36\xa1\xd3\xb1o\x7f0:}\xad\xd04\x96\b\x80/\x9a\xfc\a\'\x83\xb8\xcd\xb1\xf5#\tzG\xe86\xfe\x83\x1d\xb3K2\xf0\x8f\xde\x85\x00M&\x00\x00O\x86\xec2/\xea\xe6$(L\x85\xf8Y\xcf,\xa3\x87^\xe1\xd8F\xe4AJ\xaa\x1f\xe9\xff?\x9aF\x97M\x80\xe9LR\xdc\x9f~\xce\xb5\xef\x14M\f#>O\xb44L`\xc6a\x82\xc5\x107\xae\xdb\v\xf7\xc4k\xab\xf8:\x1fj\xa2vf\xab', 0x0]) r3 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) setpgid(0x0, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/kexec_crash_size', 0x22402, 0x0) r5 = socket$packet(0x11, 0x2, 0x300) r6 = socket$inet(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'macvlan1\x00', 0x0}) setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f00000004c0)={r7, 0x3, 0x6, @multicast}, 0x10) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000380)={r7, 0x3, 0x6, @random="ce95490a1672"}, 0x10) close(r5) sendmsg$nl_route(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000000c0)=ANY=[@ANYBLOB="440000001000000000000000ffdbdf2500000000", @ANYRES32, @ANYBLOB="0000000000000000240012290b00010069703667726500001400058008000400000000000800050000000000"], 0x44}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x1, 0xc3, &(0x7f0000000280)=""/195, 0x0, 0x0, '\x00', r7, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r8 = socket(0x10, 0x2, 0x0) write(r8, &(0x7f0000000000)="fc0000001a000708ab092500090007000aab0700a90100001d603693210001800000000000000000f1fffeff00039815fa2c1ec28656aaa79bb94b46fe00ff00bc00030005000000140000270400117c22ebc205214000000000008935d0730206001720d7d5bbc91a3e3280775e9ddefd5a32e280fc83ab820d9473decc9204d287f605f7029ddef2fe082038f4f8b29d3ef3d92c83170c5b8c4666e8e1bb05b7f589188319dd74ba4a46d284a710af333ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd1a6b567b4d5715587e658a1ad0a4f01731d05b0310b0041f2d48a99c03f080548deac270e3342", 0xfc) 4.843170493s ago: executing program 1 (id=2364): r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f0000000cc0)=[{{&(0x7f0000000000)=@nl=@proc={0x10, 0x0, 0x25dfdbff, 0x4}, 0x80, &(0x7f0000000180)=[{&(0x7f0000000100)='JoD', 0x3}], 0x1, &(0x7f00000004c0)=[{0x10, 0x3a, 0x4}], 0x10}}], 0x1, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x92, 0x93, 0xdb, 0x40, 0x2013, 0x246, 0x6074, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1d, 0x0, 0x1, 0x1f, 0x88, 0x6c, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x3ff}}]}}]}}]}}, 0x0) semctl$SEM_INFO(0x0, 0x3, 0x13, &(0x7f0000000040)=""/32) 4.662381957s ago: executing program 4 (id=2366): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x2c, 0x3, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}]}]}, 0x2c}}, 0x0) (fail_nth: 5) 4.257037519s ago: executing program 4 (id=2367): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a7c000000060a0b04000000000000000002000000500004804c0001800a000100696e6e65720000003c00028008000240000000ff0800034000000007080004400002000f0800014000000000180005800e0001007d6d6d656469617465000000040002800900010073797a30000000000900020073797a32"], 0xa4}}, 0x0) 4.036384071s ago: executing program 4 (id=2368): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r0, 0x80dc5521, &(0x7f0000002300)=""/4115) r1 = socket$pppl2tp(0x18, 0x1, 0x1) sendmsg$inet(r1, &(0x7f0000000040), 0x0) ioctl$SCSI_IOCTL_DOORUNLOCK(0xffffffffffffffff, 0x5381) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)=ANY=[], 0x10) r2 = socket(0x848000000015, 0x805, 0x0) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1a}}, 0x1c) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f00000004c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000480)={&(0x7f0000000080)={0x3f0, 0x0, 0x100, 0x70bd2c, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME={0x255, 0x33, @assoc_resp={{{0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1}, {0x1}, @broadcast, @device_b, @random="0c53217f49e0", {0x0, 0x4}, @value=@ver_80211n={0x0, 0x7, 0x2, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1}}, 0x2080, 0x54, @default, @void, @val={0x2d, 0x1a, {0x300, 0x2, 0x1, 0x0, {0x8, 0x5, 0x0, 0xf, 0x0, 0x1, 0x1, 0x3, 0x1}, 0x1, 0x401, 0x4}}, [{0xdd, 0xba, "82cb049437311d99a0ce10e79402a0a6f99feb6c1d5e4b5c765e4feefdcaeda735e5e75a235d3a5455cfdc21d12a223e297b1a90b845127a14fe3bb52128aac80e126dc8fb5764935521a7b3d676647966a70413dca04811028aa696b01c9f743886377e6f6cbf3a79c7f0cb7bbb5c8b9222026e0be2c76883c41988e1ac310ae755eeeff803f71256b55fb58b13e03988cec24584ee3cf4f7360cf935d65fca4e4f6ee7868043a237e97874ecd951b0228837985e571941c370"}, {0xdd, 0xe4, "2eab92823162d057e5e8263cd9c1ff6e7995e1c342546ca841e371329ad5fce414ba576b5cc9a37b531ac2e52a933adede530fdc2eca0d72429c6693da611f81358bd05b2607a16154553d85e0ac99ffdc3dfedc2a0e8d1ffc93684902a3522e6931377154d14a027380eaedea351da155c2133c77a424dad264160637adf598b6ed123855570fbb5f18bfffb1392438858c4e6228c3e42db7dffdfffeddcfbff86fef186df27f69f4d5c4ab0348b3077d8cde529fcc2b1fcac24f94675e76f2e49dd95700be6abcf4290f1c15676f0232fd611e24f89323b8811c1de77a919ce83a59dc"}, {0xdd, 0x6f, "dd07d06582aa7ecd41ab5017a07ba3119d762e6f3bad0137f125a7ef1e0cd5962ee5fa458c7f80f34865a6780d2d1034f9f7645a7442b39c51f23a39d3d9736ee3e5a436ac641b726fd5bd1513e46078a088a73b412e0abf7f013400493782c90b738f339f1b5d07d765dcc4dd8273"}]}}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x4]}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x4}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @NL80211_ATTR_FRAME={0x168, 0x33, @reassoc_resp={{{0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x6d9}, @device_a, @broadcast, @initial, {0x8, 0x8}, @value=@ver_80211n={0x0, 0x2, 0x1, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1}}, 0x800, 0x47, @random=0x9, @void, @void, [{0xdd, 0xe4, "89591e181f71882fa01523c654729176b0ce6f3e0d57ca8897acfb0c748cecf3eb874bd73ec59b51080161a100e1d72b382519d3f028412feae01f899dd7fa127e5cb0a8372b797df24db13a12217ae179f64e7d0aa508619f796f8ecdfc1d0838f00aba10d3f83eb0312cc207961ef85d1fd99c6db95d5049cea00b6482cce7f9e42ade25baa3f698d0b2568980d0e02024b553a451c8bb3582f75ff63f53cad1389a1314ef5e81e93b5b38d8cc3153a4a1746ffcdbdc4ddae4c99d715fa2868ee35d3974c48c3439e0322230c406b8a9d7b3717ba629b9eb4b562300145223d182486d"}, {0xdd, 0x5a, "1414d23c0c3928f4dcf7a8b39b816f6214db029710bd604edd825e9f3d355918939b40086139675ed4c2ed70244fcc6721e68e275c1cac824dd6c88e6eef467c030d23fb5e3438701aabca854bd51b945a4977f07a0ef261411f"}]}}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x76b}]}, 0x3f0}, 0x1, 0x0, 0x0, 0x800}, 0x0) 3.854455549s ago: executing program 3 (id=2369): setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0xd}, 0x15, 0x80003, 'sh\x00', 0x1, 0x4, 0x72}, 0x2c) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x44000000, 0x485, 0x0, 0x0) 3.812674214s ago: executing program 2 (id=2370): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010010000000000000000000000a70000000060a09040000000000000000020000000900020073797a32000000000900010073797a300000000044000480400001800e0001006279749d1a7264bb0900edff2b0002800800024000000002080004400000006c080003400000f7ff08000140000000170800054000000004140000001000010000000000000000000000000a21fc77de042024cbca553d9ff8ac3df0f183a3c8edfde58e192c0803a37a49df6afbc66eb80b110245b4435c363fae9d16"], 0x98}}, 0x0) 3.719580328s ago: executing program 3 (id=2371): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff810540010000000058000b480400945f64009400050038925a01000000000000008004000000ffe809000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_REMOVE(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x24, r3, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_TOKEN={0x8}, @MPTCP_PM_ATTR_LOC_ID={0x5}]}, 0x24}}, 0x0) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000040601020000000000000000000000000500010007000000a9f1f884b652ad8fdcbc9f3409ee1b3f3f49472d3de9d4f608ff1ea4271bac6e64d51308e1da28cc6de85ad43fb376a73f6322f7aa9c11beaeaed72d4e5f365ed3d45cbeefd3199e5a29e7d0786e333ffb8d3aefa5a45015c034ba772d233f4efd34936ebb124f89b25574dba690625f06e5a2f1ad1c76f79ce0727803dc16cf12fc495decdb786a37f49b226b6dedc495e63760cf9e1d5b5ea9f0b2ee75178eeb287330f97dc617e82d59f610f9681dbd48be3b508fe1078f043b30ab14ba11874c85192d61e9"], 0x1c}}, 0x0) r4 = syz_open_dev$video(&(0x7f0000000240), 0x0, 0x0) ioctl$VIDIOC_STREAMOFF(r4, 0x40045613, &(0x7f0000000280)=0x3) ioctl$VIDIOC_S_FBUF(r4, 0x4030560b, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000000)="c500a4d6c4ea8af932c7eca934", {0x8, 0x8, 0x55595659, 0x0, 0x5, 0x2, 0x3, 0xd3}}) 3.189992033s ago: executing program 2 (id=2372): syz_usb_connect$cdc_ncm(0x3, 0x92, &(0x7f0000000600)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x80, 0x2, 0x1, 0x9, 0x0, 0x9, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "b616c637f26b"}, {0x5, 0x24, 0x0, 0x7}, {0xd, 0x24, 0xf, 0x1, 0x6, 0x1f, 0xc75, 0x8a}, {0x6, 0x24, 0x1a, 0xb02, 0xd}, [@obex={0x5, 0x24, 0x15, 0x800}, @network_terminal={0x7, 0x24, 0xa, 0x9, 0x1, 0x6, 0x1}, @mbim_extended={0x8, 0x24, 0x1c, 0x5, 0x4, 0x6}, @country_functional={0xa, 0x24, 0x7, 0x3, 0x400, [0x81, 0x6]}]}, {{0x9, 0x5, 0x81, 0x3, 0x40, 0x5, 0x1f, 0x6}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0x9, 0x1f, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x8, 0x7f, 0x6}}}}}}}]}}, &(0x7f0000000a00)={0xa, &(0x7f00000006c0)={0xa, 0x6, 0x250, 0x3, 0x5, 0x3, 0x8, 0x34}, 0x38, &(0x7f0000000700)={0x5, 0xf, 0x38, 0x5, [@ss_container_id={0x14, 0x10, 0x4, 0x8, "f11af57b1c7bb28e315651c2c7429433"}, @wireless={0xb, 0x10, 0x1, 0x4, 0xc4, 0x7, 0x1f, 0x3, 0x4}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x40, 0x81, 0xd305}, @ext_cap={0x7, 0x10, 0x2, 0x14, 0x0, 0x5, 0xfffb}, @ptm_cap={0x3}]}, 0x7, [{0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0x437}}, {0xf7, &(0x7f0000000780)=@string={0xf7, 0x3, "bc43bdf6e8ce14dc88670a4c466667777cfdac22c823adbf4408f88bfd7312b7bdc712ea5ae7aa88cba72fda4d02b99952269a4a81acf93bad1b44f907a335935e90a91dda2b640a00f4bd32fe9154db7a298a085d69fefdacf16878d5d9e7cbeaa8a6189b3bc42314278ea10f3fc10521164b66300f6539dff10324d3ab12c29931d23c0b301f960d6ea809a6dff33fd8b5d404ed818db9a5e376de5478c645ebdac893231c8dd25eb4dda4af64ebd41a9c5fef31a60893cd7a6fda64c21a4a992383d2294f3431b928f1fa8a56b0ad163713cb134413c97103f5782984fc3262fad2b8828fe288d0707a7e7902474fe4c5a02e65"}}, {0x42, &(0x7f0000000880)=@string={0x42, 0x3, "57ad5200feee01bfa008d3668c4c834222e4b5cc6c1749727eac282d6309341e71776735d406d3a6c0e2f2a599c7c2b77b2ded3aaf0fa29b190cd8037f510e99"}}, {0x4, &(0x7f0000000900)=@lang_id={0x4, 0x3, 0x3c0a}}, {0x4, &(0x7f0000000940)=@lang_id={0x4, 0x3, 0xc0a}}, {0x4, &(0x7f0000000980)=@lang_id={0x4, 0x3, 0x44a}}, {0x3c, &(0x7f00000009c0)=@string={0x3c, 0x3, "7d336aa4e3088b836de9b212b7d9495ff5a6a6b7cbb8533bf1cbe2a0e4b0c84af710596dc89d8c04f5e62e4ea3a6c5a6bf1b426b5d426dfc91bf"}}]}) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) socket$kcm(0x2, 0x1000000000000002, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000000c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x14, 0x2c, 0x0, @remote, @local, {[], {{0x3c00, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)={0x50, 0x1, 0x2, 0x401, 0x0, 0x0, {0xa}, [@CTA_EXPECT_MASTER={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @private2}}}]}]}, 0x50}}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) socket$can_bcm(0x1d, 0x2, 0x2) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/address_bits', 0x0, 0x0) accept4(r0, &(0x7f0000000440)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, &(0x7f00000004c0)=0x80, 0x80800) mknodat$loop(r5, &(0x7f0000000100)='./file0\x00', 0x2000, 0x1) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000300)={'wlan1\x00'}) sendmsg$NL80211_CMD_SET_PMKSA(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x50, r4, 0xa05, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_PMK={0x14, 0xfe, "8d053547977b32d0040218c265dc8e00"}, @NL80211_ATTR_PMK={0x14, 0xfe, "83eee0398619c8fc1a7aae372d4114cb"}, @NL80211_ATTR_FILS_CACHE_ID={0x6}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x50}}, 0x24008801) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'netdevsim0\x00'}, 0x18) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) r7 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$vhost_msg_v2(r7, &(0x7f0000000080)={0x2, 0x0, {&(0x7f0000000a00)=""/4096, 0x1000, 0x0}}, 0x16) sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) rename(&(0x7f0000000240)='./file0\x00', &(0x7f0000000380)='./file0\x00') sendmsg$NFT_BATCH(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWCHAIN={0x4c, 0x3, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}], {0x14}}, 0x60}}, 0x0) r8 = fsopen(&(0x7f0000000080)='ext3\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000280)='auto_da_alloc', &(0x7f00000002c0)='0\x00', 0x0) r9 = syz_io_uring_setup(0x4e5e, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=0x0, &(0x7f0000000440)=0x0) r12 = io_uring_register$IORING_REGISTER_PERSONALITY(r9, 0x9, 0x0, 0x0) syz_io_uring_submit(r10, r11, &(0x7f00000009c0)=@IORING_OP_OPENAT={0x12, 0x51, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x16842, 0x0, {0x0, r12}}) syz_io_uring_submit(0x0, 0x0, &(0x7f0000001a00)=@IORING_OP_READ_FIXED={0x4, 0x6, 0x0, @fd=r2, 0x10001, 0x4, 0x7, 0x0, 0x1, {0x1, r12}}) write$binfmt_misc(r1, 0x0, 0xc0) 2.973634336s ago: executing program 1 (id=2373): mq_open(&(0x7f0000000100)='/dev/dri/card#\x00', 0x40, 0x152, 0x0) mprotect(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0) r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000280), 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000006e0002"]) 2.845664093s ago: executing program 1 (id=2374): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000000)={0x0, 0x0}) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000480)={0x0, 0x0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r2, 0x0, 0x0, 0x0, 0x0) dup(r1) openat(0xffffffffffffff9c, 0x0, 0x42, 0x0) inotify_init1(0x1800) fcntl$notify(r2, 0x402, 0x8000003d) write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, &(0x7f00000002c0)={0x1, 0x5}, 0x2) write$USERIO_CMD_REGISTER(0xffffffffffffffff, &(0x7f00000000c0), 0x2) write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, &(0x7f0000000000)={0x1, 0x9}, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0500000005000040fd0900008400000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000769c832a5a0906dfd5b19"], 0x48) ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, &(0x7f0000000100)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x0, @random="08a503576a7f"}, 0x0, {0x2, 0x0, @loopback}, 'syz_tun\x00'}) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00') sendfile(r4, r5, 0x0, 0x7fffffff) read$FUSE(r5, &(0x7f00000003c0)={0x2020}, 0x2020) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r6, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}}) ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000340)={0x0, 0x0, r6}) 2.694231212s ago: executing program 3 (id=2375): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) accept4(r0, 0x0, &(0x7f0000000640), 0x80000) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64"], 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newneigh={0x3c, 0x1c, 0x200, 0x70bd28, 0x25dfdbfd, {0x5, 0x0, 0x0, r3, 0x8, 0x2, 0x3}, [@NDA_FDB_EXT_ATTRS={0x20, 0xe, 0x0, 0x1, [@NFEA_DONT_REFRESH={0x4}, @NFEA_ACTIVITY_NOTIFY={0x5, 0x1, 0x8}, @NFEA_ACTIVITY_NOTIFY={0x5, 0x1, 0x4}, @NFEA_ACTIVITY_NOTIFY={0x5, 0x1, 0x7f}]}]}, 0x3c}}, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) r9 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) r11 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r12, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_plug={{0x9}, {0xc, 0x2, {0x2, 0x3ff}}}]}, 0x3c}}, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) bind$packet(r8, &(0x7f0000000080)={0x11, 0xc, r7, 0x1, 0x1, 0x6, @multicast}, 0x14) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="2000000011005504000000000000000010000000", @ANYRES32=r13], 0x20}}, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f00000000c0)={0x0, 0x80000, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r14, 0xc04064a0, &(0x7f0000000600)={&(0x7f0000000500)=[0x0], &(0x7f0000000540)=[0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000005c0)=[0x0], 0x1, 0x1, 0x7, 0x1}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r14, 0xc04064a0, &(0x7f0000000480)={&(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x4, 0x7, 0x5}) 2.654368975s ago: executing program 1 (id=2376): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000012c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x10, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000200)={0x0, 0xffff, 0x4}, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, 0x0) memfd_create(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r2, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r3 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000100)) openat$audio(0xffffffffffffff9c, &(0x7f0000000200), 0xa2442, 0x0) ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5001, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f00000014c0)={0x2, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={0x2, 0x18, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@remote, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}, @sadb_x_kmaddress={0x8, 0x19, 0x0, @in6={0xa, 0x4e24, 0x4, @dev={0xfe, 0x80, '\x00', 0x1e}, 0x100}, @in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}]}, 0xe0}}, 0x0) r5 = syz_open_dev$vim2m(0x0, 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000b40)={0x1, @pix_mp={0x0, 0x0, 0x34325852, 0x0, 0x0, [{}, {}, {}, {0x200}, {}, {0x0, 0x1}, {0xfffffffd}, {0x4}], 0x0, 0x0, 0x6, 0x1, 0x7}}) setxattr$trusted_overlay_redirect(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) r6 = socket$l2tp(0x2, 0x2, 0x73) ioctl$sock_inet_SIOCSIFDSTADDR(r6, 0x8918, &(0x7f0000000040)={'syz_tun\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYRES16], 0x3c}, 0x1, 0x0, 0x0, 0x8001}, 0x0) sendmsg$inet(r0, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x881) sendmsg$inet(r0, 0x0, 0x0) r7 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x0) add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) read(r7, 0x0, 0x0) 2.543262869s ago: executing program 4 (id=2377): syz_usb_connect(0x0, 0x24, &(0x7f0000002040)=ANY=[@ANYBLOB="12010000fe76181004160780a6af011703010902120001000000000904"], 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x3f, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r1, 0x80184153, &(0x7f0000001200)={0x0, &(0x7f00000011c0)=[&(0x7f0000000080)="097b9e8c66d9e45e5a3ac70edae666809016a3b66a6daa4dcd62afdc5662f79ec2ea293949463d2b6a97ed010b14b67238624a078cec19d6e537a6443f99ce108279a636f5f0ff2134c7cd69b02d34172194d66203817cbaabeedea9340f72d2dc229769418397405b84d75cae6d017e8bf767d72ce5f8a5cbe31f322ff130e237676fc2a95b7d132fea0d59a410ed0bea5c4d302fc85fd1f62bef182ed4257e0762e92a", &(0x7f0000000000), &(0x7f0000000140)="2d560e51715786455e9ed85d277294c9942a3ad95ad7880ad026b1b9b04e237f948b13f867ea335f2ad80454d17a23c64ca4d3cd080487a2492dbe126d95f5f521895e4c1d944caf66e9156b114b860f3489c385f12649ed1661021b7caa31b60d92de8adc61562e70c346dfeee732f66547495fb33bf7a45a735f7ef033a2fdbdab02d0443133dd08a00ccc3792cf92787ca969351809897131d1692cd15855b524cb7b8a8a538096249ad60dc8ce3d425db0349fc00d8aeae127a8c6f3c603266b74d614bcf5baacb9fb08358a11e1e9695246476ee08e1db3f49be4de17c1f739429a5dafaa9441390de6a66eb0fc00ad2f9b673a857788fcc4325a068649c6f0b1da6aca610c608fae28fc80fdfb05fbd9f242bc30277b4025e16fb05fbda584309dab18e373ff3939e9698cedea2d5baa534131e506e26326a883e564e864e17f9b79648bb4e2346f8f740513e323cab0dd77f0beec0c1c677e137d19ade15a77790c31dbe840abd848f7bf2dbaa307c1352023d29b7b5fe4c8484b1b669bd9c71c1c4ef967f796443b0b9ca7b7f2701f270eb54fe53b9d8bc4be685cf828a954773d670c94bb6deb3707b8ab3aa39806b1209305f20cfcfe7f356703964b1d4417b530d6b041544fd1f5945576e07cce6c75d6a71ff4f5ff38349f21fee3f47e08b880d12b95a99f0e71ca16be0637d311abdf2950cb37290d08db357d66b1da64b289ce5cda8b7e40ed06f464f3faff24ac47ecf875a11246685804d557b369db70cdb397ffa7251e863b937fefd4756080e37f5336a894b7fd9977fa44d16b975f2b8e3237122b857a7910530193b5a51a81c675de4187661731f3403a311b2234fd361d8ae47a8ef1a747aed71c34d151953cab0ff26489961a3fc146b7ff291f5482fd7380b4b6436b11680a6ea7cf20a3f14294b6a8b1d00192c84151bc3dbc5a64b5cf51089d0f44779082ec2e469d875523f5be8867e1396eb9cc8123e31276c175b652dced67685e68dd957cf852add43123a1d2400598911321e34c129da8b4afbf01c237ca03319a7a8d5db321c209435c6613cce0c91fcce3d2b35d9bff5fbf75650e37d6d71878da17e67924c013b83d01334533b4091ad068d114e1a20299b170aa48d07a39ed3eaafab04a515bd14af4420afc9dfd8bb8316fd2102b77c18c438f3b25ad9677a8746dd3d1e4a2162ffb44858c01c3d644b36d206f7b8d26058d6984e6142df93b13235ddf6425b15db0c5e93f5065ec3207badfe935083be548dcce1583056c1cf00a405b055a64609929379ba75476498a0a2133ac57d37604451db6e4e5b592f22e332d7a4771d236d01c1b29f259ebf9663a78786f96cece0680270ff311c08eb74406e5113dd59a1b243982cef942a4b198474c14cbc767dcdedcad4f8483410a5bc8ec8ef04d4bc5819f26fc5a43cf049b1b2e57c5b0479e1a848b04c364e984d3f0a0f16bbc74e4439fd96d64951f2e9ba9fb71550c8dd329d9892ae9979ed546eb88c1f68fb0a8dee7f2781de2bcb3b3301b7cf17aea03b3d4125c04c38b421bb1397b42f8b65197165a2afd2882d8205c9f407da2ae3b318b8066b6d044d81a675c7303c818d3d2dcebea85aca4ef932b92fc245883ce4b25d2d054c1a7683ac269883fe47affda678c7e493e8887696be93792768b1fa3b0abfb5609ff3024a2fa223614fe6b5c4faa241fe6ae1563306397d1554cc5c1c462d7c9761fcbb7d0b4247f8833579c9a66d039c9c0b8d79888e385bd89515e8f4aead968e974d23c388ea9817019addf6f7691d6407ec6b52da25e4155e9d5c617b67e477216a12370514c8339af8053f344d04487cc974ab216a7be98614bacfd414bfa121780497e2c94f6dfcdd8c16b9c4ccce4b172efa03880f751e772e2198cf3aa3f70d4753a5ed8588eb7e37df4de3fd776e8de1a11f9f1a707ed276f2fd305140efcfce16f587e7ed5f36fe6959b361fa159b9bc6af524747360a44c16d82830a65539e5866447189b8ecbe9235e8885307979653a2a148373b52487fe0426bdab5b584e0e00678dbb11aba574824009761fa09f302127c47d8351717ca360330a0cf4c75615f5811b360412294e0ad130ffb5ecd9ef09c765016d20a0d2ed2ad40013dcf2ed431ee6c1ec06e4c13464720aa87f940c05aec78dcf92c42408840473ac41fd9e7494117104feb871a278adad8e1a9306201b8ab9d78f4705055ffccbd27c5cf0eb42dabc9bce7af783efacab5ecd5e49f4fcd3bdaa8511ef208dd73f795f7d9085ccbdd28799de74d0c3afdb8c02ccff0f20f6a83c6e81b743295b4ad97e0b7db5668c4b8d00dc94682543aaa6f752c5650b51ffccf9107f33d5f4e744427d6084d41c524796c534bae5e35a86556178df311b4e63de45272114c84c2bb2e17c23cbd40bcc7fb2fb2da896ccb7f88f8ca215c9ed9d2c0b2a5284e29087fc1233e93f9750603c5b024f05229d3787c37a6e7850665bd7e27d0fb1396bc21e7418d383c63f69f99eea1176b13d6cfd148464cf3d8a7198013aca339496ada2a1cb20041923dc79b6e40bb79967a410d8cef4c15ad23567d681e7c143647d423e128f537227543d6081cec517d3635b60e1ad7593384ce6b854606d647ee7975b08cb6516819d19fba3c5600c9ef5a702dbd2dbb692989e505dbb42d951fefd54198348d076fc2fb352fccbf6f2948c94b33c4ec7d8f78b42278e7a3cc3f32424e7bc44d82ac037955d4c178667d6e57afe58d6bc8f346123b8dffa56b7cfc0b43ad06de9fecb57bd85fe97fda6663dacd3232ab8fb7afc52b70f3ba592ad27500d0a770838d332c8424af4dd9b4df1f236a85c9f3b9c77158432f65b5c83beeb0a9309061b507f356b03402bb2d1fc48899b4738ebc767fec4a8bcd20a8c7bfd7b121fe1e92fe51a414441533436ddc3c88f9e886b95591d171715c38e2ffa25cd500ff75ee55fb5e05218c0f851563247d9f555e047f4104daba2c62bb05649a3ff9436803f30a7ecb9d3770cfe7ca361b692f2e513623d0427cad4b8dff2457670e44dba915010f2d568f0676b920474350e01a7064435b8b1f996c96ff17c80f6160b62a67283c5173a269b90516e19e48f0282b0d227b6eb245700c75476ffca15a8432912d6f37c8ed5e3ba9cc0c35bc716266d4c0f00ae5ae2d62572bb6239b07546fb5790bbdc52e64c8a00edb5195c76d531e4b2fb173fdc22ddca52770bc5aee7d262acd06a1550e1b2e436cb3caf5769f996a6567fcb8c5765b2786b546f52056b79622b6d3e898a021b079f91db0d7e153b106dc626d2da314811ad0827eee9a8f15b6d1d3ab3fa15f2759346a0765335c7dcc5928c838316c56e06caa034bedae6df21c45ce03329c4dbad733d1fa719406b71204d6a25af9f47c466d0b6cf5fca4649bbc13179c8b7c13938cab6832168d2f7b418cd6daaa9a493c8a73556e566c5037ec9ccfa24cfd22af58a4f57495fc6e3337cb90d33ec59397efa119f9cab75ec17f7c24ca7c93048db81a841e27970913655dfd4e00fb6440b2b3e1255209e0ccba54c7762ba26f7b001886cd13e7f1f361916d970afe7a9f9f187370dc741fe129ea6b30858c8ab4dc754e349f51a8bcac0cd20a2661e073826ad23c1b61ba5ee7c72f39511869c960d6bcd01bd30726713d037b1522912179a14e0b1dd7d5b61a4c21fcc247fb90aa7638b60bd758e64799736b801fd089c4cbbc6d26a32df06be3e547f5f4f0a4d038cfc26d8ab87de96666cae2740edcd54264f8d3382afb27382a0027368d662ee3b4c297de25e5e7f4f6173ed8512492f299ce2d749241075111ec3dcf07e881e887d4bf5b470a545f57c516d73d2bf2b0a8e88f04b7fb7ab88b789d74e10cc71df2501dab09cb7ecafa13fed40a02c283b3a91f26b45fa26bd4b66e484eb520dd344568ad95005626ebb68df3a1c0ebb642fde5403965a5cb5a72bdec8cb39fb743709347e2d22699e6d077e5893c0f60b7ef61fe9961aa0a387bd63297ace4e4c1b70d0b6caffd05397655074bf4c0b53672492790dc54d5f5b379e08426e8e6f46c563d8949a3dc6a0e91f9b8a7eb98f35ed0c8ddfa3b45a491beecc3ab7f4b6b55d79c1b1aa9316a407f8cba37aa008f775890318c568206988b6c7d2c9dad23b8a9ea048d6854db4e9132071fd51d7e43d84ea009912796553e981cbb2bf835e63be9ddcb093f827e432e3bb1fbddc62632a1778cd86781e412d1be60fded324cff4616bcd22d03857d09bb5e083403fef47236c5de86578590027786be3ab5da263e91f5ec79467f40b784c938763b8aa1c8e581ad15d938b3b092fa65e13ad8ea5383713146ae894851846c54a9b11e27e219524e5b6463638c633146937edf766b11fecfa75849673a734a50c61a13c0fdd826f4b47b5518b4724c0d57824a5a3b2b026dc27d00a1f480234f6c67d0e0762eb3241f0cef8b2cae852d39cd82a089858a071d5fdaf3af505606518776b791eaf2e1d86abb68d9461b1e56d0ab5a6fc6b2c969fd2bcb1c8de6cddbb841907fa02ec98a41ad868cd2b1960dd38a1b2134e793048326751f11e186e8656c9969ea49befe87787333c30beabb9033b0eb1f60f34f32746811be93b362d615752a414df50c3d2abc0a7fea41ccf69bcd2a681ebac4ad965de1270a8947f8d35ec88f9946fe65844e48a016a1b05aeae5e8c349d0f4eae01fe0dc85bb1ed9c9dd925f0e29ccbf3bfe395e5b7a56f9ceb931bd882d486f53376d8f35b50a3c8df63abab46a945db691a5ff9427850b82c1660e2e5de07b0958ba856e025045779a93a0c0ddb8453afd2ea81fda92dd0b18c348555d1aff84d50468ade5d5193f8149fb2f844f89260d9b4c454ac80894822441e8081b4ecfc2a4de16d044d929d2fb3c2b88bf1d771c4f3376ddb2381e7f29b943fb3388d3973f34be5a895cb452f92b703d47a6320338ba912ce23e3cf8a474937b194f06f52d6b7d0c7a32f8c3f27765e309d7bdd0d54e4c40e72b8fff89b7a992c04ace6cc31a4507b000ceea6d23f9464129dc2e7aac52f2bf3e34cd3c8398d8d97ca8a27a0a9bf477e68d9c6d75aba162e8fdb1ce51da72ed5bc90ff45f312b2d423c45b987668f8e55fe40eff79c1e74cdff65aef44d706ae462cc9830a73da1139e7e167f281a531fbd4bb6e7ab4437193eb9ebb4eb4f4d293fcb1e04e2077c419d8c719b0cc99ba104fd322586a0b17e53014845bf4164b48f9a9338cac6dc88f06080e59d0b54ebd9925a5b369c8370578444f0eb7e629f2364fdfd99fe05bfcf6b9c6282d335831884addced530823140035c461e8281c0d4dd883228d8d22a9d1639eb0e2b468f5cee3a7666be5d4a7e04b4889d3ed258d589aa530dfe02592ca5ebc0c180928bbff9fb87123e47dc15b3f74a052eb4a2be01f54b70dc9779efb405c234b681bc79ea77632976051efdc7585e55794ab9768abce68ead3d7411f6052153d58f2d0f34142443d6857fe36b593c923761a1318a90ea260bc0b2be08cb97d95694e432b5c2187a5a33551e71e2d20e8654e05961ef0c8a02f17292f9661600a1906f6d22a1c3eaec6b84fd6eacd1553c35a5a36aaba42df0014b5c0907dfac97de2aaca5557a35f24931aa660250d2216d7ad3f9078b927178cc91209a3033bc3da29c715becb523330bcee13bc4d15b030abebccf339f8529cf82868e3ba4701579d474908077216b320351db8d978fb48fb2a00cbbf81aaa5a74cbe5218cead16f87884b63df", &(0x7f0000001140)="1e20dd599ce5017a7e5b8e3a3b4bcb805009feddf29bf9f9d251b9f820ea40b7ad7a5d1891589a5147c133af15bd667471d47f2926f8a8d7f89e011b162c281a8165dbc92fc58d8f26aaafae5147836b4c1410aab89243504804ca244f38a9839968cdfbc2cc39e0b8fbee50a51124be7dbe1b"]}) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0x80dc5521, &(0x7f0000003600)=""/116) 2.005905632s ago: executing program 3 (id=2378): setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000580)=[{&(0x7f0000000640)=""/102396, 0xfffffd6e}, {&(0x7f0000019740)=""/242}], 0x2, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x14, 0x2, 0x6, 0x801}, 0x14}}, 0x0) sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0xe, 0x4, 0x0, 0x0, 0x38, 0x64, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x14, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0]}, @noop, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@rand_addr, @multicast1]}]}}}}}) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0x0, 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000280)={'syztnl0\x00', &(0x7f00000001c0)={'sit0\x00', 0x0, 0x80, 0x80, 0x1, 0x3, {{0x16, 0x4, 0x2, 0x1e, 0x58, 0x66, 0x0, 0x81, 0x4, 0x0, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@timestamp_prespec={0x44, 0x4, 0xe0}, @generic={0x88, 0xd, "e9af892ae933adbf8af8a2"}, @generic={0x89, 0x8, "b3eb22f12305"}, @timestamp={0x44, 0x1c, 0x8, 0x0, 0x0, [0x0, 0xfffffffb, 0x7ff, 0x9, 0x1, 0xfff]}, @generic={0x83, 0xe, "f368dd347d9484d82b6602ce"}]}}}}}) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', r1, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0xc}, {0xac}}, [], {{0x7, 0x1, 0x3, 0x8, 0x9, 0x8004}, {0x4, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r3, 0x4601, &(0x7f0000000940)={0x60, 0x20, 0x0, 0x0, 0x0, 0x0, 0x10000000}) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) utimes(&(0x7f0000000040)='./file0\x00', &(0x7f0000000180)={{r4, r5/1000+10000}}) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b7020000b96871dfbfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe0000004f850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d62de53a9a53608c10556e5734eb84049761451ce2e2d9f8004e26f7fcc059c06220002595f6dba87b81d1106fb026cce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd6fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f2fcb6d753a78845d8363e0401861abebe428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30810400000000000000d63d716c0975e1ce4a655362e7062ff6ab3934555c01840219829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47911834118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f804924600273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c048d46362ea0d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b10700ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e357e4e90583ce8d43ec65ed491d87a51d7c13f665dcf772e3ead71112008b16b0ea821f70aee1ccbd71c5a1c21e87d5b7b73d356337dbcf3456ff6cd0d6b98a258e3509a7d15b9dcae4d0d750ffa07909c955e718585b2456308beda2fa03bb9bcf03cdff31ee4b1665b987829c0f0872c006c6e4ed666fe23b343aae943923eedbdb0e7abee90e3da7b98b7d07d2d4816201ad1737798635b0a3ebd3aed120e4500c16e6c9dc729f009db49c6b8b19613e4d792cb4ff5106419291d4222980b49ddb9527ce785822"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) pipe(&(0x7f0000000400)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0x437, 0x0, 0x25dfdbfe}, 0x20}}, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r6 = socket(0x10, 0x803, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f00000004c0)={'tunl0\x00', &(0x7f0000000480)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @multicast2}}}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, 0xffffffffffffffff, 0xffffc000) timer_create(0x0, &(0x7f0000000100)={0x0, 0x27, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x13, 0x0, @thr={0x0, 0x0}}, &(0x7f00000002c0)) 1.776856123s ago: executing program 0 (id=2379): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000100)={0x2, 0x0, &(0x7f0000000040)=[0x0, 0x0]}) ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000180)={&(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000380)={&(0x7f0000000200)=[0x0, 0x0], &(0x7f0000000240)=[{}, {}], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0], 0x2, 0x6, 0x2}) r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r5, 0xc01064c8, &(0x7f0000000340)={0x1, 0x0, &(0x7f0000000200)=[0x0]}) ioctl$DRM_IOCTL_MODE_GETENCODER(r5, 0xc01464a6, &(0x7f0000000140)={r6}) ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000440)={0x7, 0x0, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f00000004c0)={&(0x7f0000000480)=[r2, r3, 0x0, r4, r6, 0x0, r7], 0x7, 0x800}) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) r9 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x2, 0x0, @initdev={0xfe, 0x88, '\x00', 0xff, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r9, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000300)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r8, 0x84, 0x75, &(0x7f0000000080)={r10, 0x2}, 0x8) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000080)={0xd5, 0x0, 0xc000000000}) 1.707421157s ago: executing program 1 (id=2380): r0 = landlock_create_ruleset(&(0x7f0000000080)={0x3761}, 0x10, 0x0) landlock_restrict_self(r0, 0x0) (async) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x0) (async) landlock_restrict_self(r0, 0x0) (async) syz_usb_connect(0x4, 0x210, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a3d173085e040f04cee8010203010902fe0101000000020904b5000ee84ffc0009050e03100006e109072501010604000725018015070009050500400005ff0509050900000207dee107250180970900090507100002020ca3072501030bf9ff09050010ff036002030905040c08000c0a0607250102050104090506"], 0x0) syz_usb_connect$hid(0x4, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100000000e1ffd018009400000000000109022400010000000009040000000300000009210000000122000009051d03"], 0x0) syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b14201040000010902380001000000000904000003"], 0x0) landlock_restrict_self(r0, 0x0) (async) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) (async) r1 = syz_open_procfs(0x0, &(0x7f0000000400)='net/softnet_stat\x00') read$FUSE(r1, &(0x7f0000000f40)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) (async) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000002280)={'vcan0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFDSTADDR(r3, 0x8936, &(0x7f00000022c0)={@private2, 0x0, r4}) (async) recvmsg$can_bcm(r1, &(0x7f0000000600)={&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @loopback}}, 0x80, &(0x7f0000000540)=[{&(0x7f0000000140)=""/12, 0xc}, {&(0x7f0000000180)=""/252, 0xfc}, {&(0x7f0000000280)=""/208, 0xd0}, {&(0x7f0000000380)=""/119, 0x77}, {&(0x7f0000000440)=""/13, 0xd}, {&(0x7f0000000480)=""/78, 0x4e}, {&(0x7f0000000500)=""/62, 0x3e}], 0x7, &(0x7f00000005c0)=""/46, 0x2e}, 0x10000) (async) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000040)={@private=0xa010100, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x5, [@dev={0xac, 0x14, 0x14, 0x29}, @rand_addr=0x64010101, @private=0xa010102, @rand_addr=0x64010101, @local]}, 0x24) (async) syz_open_procfs(r2, &(0x7f0000000640)='net/llc/core\x00') (async) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x6060, 0x0) 1.386436693s ago: executing program 2 (id=2381): r0 = socket$unix(0x1, 0x5, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) accept4(r1, 0x0, 0x0, 0x0) r2 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000680)) fchmod(r2, 0x80) close_range(r0, 0xffffffffffffffff, 0x0) 1.324551832s ago: executing program 2 (id=2382): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x30, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x4}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb4}}, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="05000000000000000000532db6df08000300", @ANYRES32=r5], 0x38}, 0x1, 0x0, 0x0, 0x8004}, 0x0) sendmsg$NL80211_CMD_ABORT_SCAN(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x20, r4, 0x2, 0x70bd2a, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x6, 0x3d}}}}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x40040c0) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r3) sendmsg$TIPC_NL_NET_GET(r3, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000440)={0x198, r6, 0x4, 0x70bd2c, 0x25dfdbfd, {}, [@TIPC_NLA_LINK={0xac, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3aa6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_NET={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x100}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x800}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4}]}, @TIPC_NLA_LINK={0x90, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xec}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}]}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xb}]}]}, 0x198}, 0x1, 0x0, 0x0, 0x801}, 0x8000) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'lo\x00'}) r7 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002f00)=@newqdisc={0x24, 0x24, 0x800, 0x200000, 0x0, {0x60, 0x0, 0x0, r9, {0xd, 0xd}, {0x5, 0xffe0}, {0xd, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) 1.108223206s ago: executing program 2 (id=2383): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000140), 0x8, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x3, 0x2, 0x1}) ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x2, 0x0, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "fafc00"}, 0x0, 0x1, {0x0}}) syz_extract_tcp_res$synack(&(0x7f0000000000)={0x41424344, 0x41424344}, 0x1, 0x0) r3 = io_uring_setup(0x2727, &(0x7f0000000180)={0x0, 0x1bcb, 0x100, 0x3, 0x312}) syz_io_uring_setup(0x433, &(0x7f0000000340)={0x0, 0x2ce8, 0x100, 0x2, 0x19d, 0x0, r3}, &(0x7f0000000080), &(0x7f0000000100)) syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, r2, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x1}}}}}}, 0x0) 971.280164ms ago: executing program 3 (id=2384): r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = syz_open_dev$vim2m(&(0x7f0000000780), 0x93, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000480)={0x5, 0x1, 0x0, "8eb8a828e93b07f1dd06da7a41bfeac48048beb159fbba176fb1de26098c68d9"}) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000000)=0x2, 0x4) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x127001, 0x1d9) bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x5f, 0x54}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) close(r2) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f00000001c0)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r3, 0x5501, 0x0) write$sysctl(r2, &(0x7f0000000380)='3\x00', 0x2) socket(0x2, 0x5, 0x4) 578.399315ms ago: executing program 2 (id=2385): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_connect(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x63, 0x25, 0xa6, 0x40, 0x2040, 0x4900, 0x4d8b, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x21, 0x4c, 0x6a, 0x0, [], [{{0x9, 0x5, 0x7}}, {{0x9, 0x5, 0x89}}]}}]}}]}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="500000001000090c00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000300012800800010073697400240002800500090035"], 0x50}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_DELCHAIN={0x104, 0x5, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFTA_CHAIN_USERDATA={0x70, 0xc, "d30256c9f842992886587281b268e9ce5ea7c5e6f9bc8cbbdff612bb2aa98e22e065af34e783f194f4a25446936bab84d66a4c2e18349903dfc16b09e2163c3edb35a54a660132359ca2803a50737681a5495a427767b37bbf255228a5fccd7bf128c321fd9d19f73cf6d7c1"}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_COUNTERS={0x28, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0xfa16}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x1}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x21}]}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffc}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x2}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x2}, @NFTA_CHAIN_COUNTERS={0x28, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x10001}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0x6}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x3fff}]}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x1}]}, @NFT_MSG_DELOBJ={0x124, 0x14, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x5}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_USERDATA={0xfb, 0x8, "c4821a11004717fe0be73e7aa750506fc195abd577c27498bba3015287f6682df867b9126cc09d47decc63d2f42fe36466ea52f7f587243e784c3a656dd4a485641d0d6a9d7eb9978f5f3ce7d85b9914d9baa36920b30d24a2a5fd5633297c06cf61f1c14cbf298e91b61d2a02405d672d8627c003b860b5b972b059b76bbcbed812c5ef7186d16d09a12eb46761b44016a4e9d8348d8fdc47de2ca014d1c22656af14b4a07fcc7752108586c41a11f55b4d52770df0ba3e2ad18a42a4b34ac2ea0bb3fa946dea8fd143aeadbefb685f8ebe9db709320398202cfa51b0320082944ae29ca7bfc567d2a713b53c544903d6a33f7e5ac2ca"}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x8}]}, @NFT_MSG_NEWSETELEM={0x14, 0x2, 0xa, 0x301, 0x0, 0x0, {0x7}}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x264}}, 0x0) 89.572953ms ago: executing program 3 (id=2386): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) msgget$private(0x0, 0x0) msgctl$MSG_STAT_ANY(0x0, 0xd, 0xfffffffffffffffe) socket$inet(0x2, 0x4000000805, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x0, &(0x7f0000000000)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$can_j1939(0x1d, 0x2, 0x7) creat(0x0, 0x0) r1 = socket(0x8000000010, 0x2, 0x0) r2 = syz_open_dev$video(&(0x7f0000000100), 0x0, 0x0) ioctl$VIDIOC_S_SELECTION(r2, 0xc0405668, &(0x7f0000000000)={0x0, 0x0, 0x7}) write(r1, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9463cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc) socket(0x840000000002, 0x3, 0x100) syz_extract_tcp_res$synack(&(0x7f0000000000)={0x41424344}, 0x1, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000001240)=ANY=[@ANYRES32, @ANYRESDEC, @ANYRES32, @ANYRESOCT=r3, @ANYRESHEX], 0x200}, {0x0, 0x16c}], 0x2}, 0x0) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000140)={r5}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x11, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000008000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 0s ago: executing program 1 (id=2387): r0 = socket$inet6_udp(0xa, 0x2, 0x0) bpf$ITER_CREATE(0x21, &(0x7f0000000140), 0xfffffee1) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, 0x0) rt_sigprocmask(0x0, 0x0, 0x0, 0x0) r1 = gettid() tkill(r1, 0x11) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/ip_mr_vif\x00') preadv(r2, &(0x7f0000000640)=[{&(0x7f00000001c0)=""/234, 0xea}], 0x1, 0x17, 0x1) rt_sigaction(0x10011, 0x0, 0x0, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000008c0)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x44840}, 0x800) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000380)=ANY=[@ANYRES32], 0x9c}, 0x1, 0x0, 0x0, 0x8}, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, 0x0, 0xb0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYRESOCT=0x0, @ANYRES8=r3, @ANYRESDEC=0x0, @ANYBLOB="126a10a1b9a0147ab95da29012be6a6ff1a3564f2bb3c8b62e21b7b57a04e14642a3b1e718b136e64cbede1749c40694b72b7c1c635b3b5f11850406e866d37320c95dfd8b28bf7b42da7cbe3365e677d47ff2041d8a7b4e8d9e47e432872eda37f2704e2e34693b2995b150a7b9f3b2c9354c1bac6bd6012d3426fcfbe1f923e116b808196bd86c8ac9a24ed7421a2670e8b8ac75523784ce5bfb0c02fd66", @ANYRES32=r4, @ANYRES32, @ANYRESHEX, @ANYRES64=r2], 0x48}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000000)={{0x1, 0x1, 0x18, r4, {0x3, 0x6}}, './file0\x00'}) unshare(0x28000600) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x0) memfd_create(&(0x7f0000000080)='\xf3e\t\xa9\xff\vty\x01senux\x00', 0x0) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000040)={0x5, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r7, 0x4018aee1, &(0x7f00000006c0)) connect$pppl2tp(0xffffffffffffffff, &(0x7f00000002c0)=@pppol2tpv3={0x18, 0x1, {0x0, r6, {0x2, 0x7, @empty}, 0x2, 0x0, 0x4, 0x2}}, 0x2e) writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000580)="4d38a7bd4f097109b985035f1d20ae89dcc9d1f994c1cacaa1e0b23a97c58039fafabb9bb084a91a47a8682fcf3cc0d8690e27df56a68729b11de01e39d71494e255acf04204361ce21262d05e89847d31f6f64f7d876bf57e833d6d21fa32122e6057092d5a9ead11d49536191533b4ad4268d732de5030840394b5d4545589a2af6bc39f7d059e388658872362c47f1d90a3705efa930089da4389f4c0571f675fc58065", 0xa5}, {&(0x7f0000000700)="d9cd98df7b87a843c46fc28bbd6987e6a5b9e9f4fb6d58ae6295a6875cdf50e67717aca75ef5864a9bbfb0a3bcac1239ffce10853439d4faddf6d44c6cf7dd514007c881939c7223f45f356d1675b303bdb081ce155a0d3369d9ba250b56ab896d9668be74f4f91b954c35e4b422563b3e314dcf6e5bc6c97b7c39b5cfa1220460cfd574356841aaecb46c74b04a6cb091aeef", 0x93}, {&(0x7f00000007c0)="05e3f8a83ba5d1dc6b80df98aba99d0ce579f97d64b437f3470435f553a26ceb785e46703d33df3f141d9b824d5fb6b47416a8683a9d37e58f8f89de55ed4f369fd6fc25c949c643028d04dc06370bd5985da6e5d2bd0d3a5680320a6066518087424eb4ea6311015133432bddbfe509bc0aeeb320d2967fb1dc1995dcf67004dd4a3855d75ab30000c8ce1cfedb2aa82102cf995f42da0a376bbe0e3de946ae57b2fa1fdbdb1d08d1e9d0896b2c4b2678b51953e7d78891472c721d7e3c148565d6dd38a688931895f37e900ca4cf75dbc4afa6b885b99aa61620d317db83832b693f608d19733d086ad33ca63fc45ffb9d5f57ba7d8dc490d49f", 0xfb}, {&(0x7f00000003c0)="dfdd6bbb64bd58d98526c0ed051d6c6b3099fe63361ad3974b1f15123d2ea21cb25691e9d9169d123e14bd18fdcab61d6c0dcb2b98dd35bd6cd93ad0b84c07f679fe5cdc4577a4fa75a1f4b66ee085dc16005480f435fcdedda899af", 0x5c}], 0x4) sendmmsg$inet6(r0, &(0x7f00000032c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20040400) kernel console output (not intermixed with test programs): sc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1076.353430][T12944] usb 4-1: config 0 descriptor?? [ 1076.390150][T18522] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1076.450614][T18522] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1076.481348][T18329] veth0_macvtap: entered promiscuous mode [ 1076.517371][T18329] veth1_macvtap: entered promiscuous mode [ 1076.558900][T18329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1076.593811][T18329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1076.622073][T18329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1076.648990][T12944] input: syz (Stick) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.52/input/input85 [ 1076.664118][T18329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1076.685042][T18329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1076.710517][T18329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1076.753175][T18329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1076.802510][T18329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1076.864021][T18329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1076.893647][T18329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1076.928627][T18329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1076.952104][T18329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1076.975550][T18329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1077.024096][T18329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1077.071445][T18329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1077.114233][T18329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1077.138521][T18329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1077.169929][T18329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1077.202703][T18329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1077.216185][T18562] netlink: 'syz.3.2218': attribute type 3 has an invalid length. [ 1077.234087][T18329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1077.266705][T18329] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1077.415463][T18329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1077.461180][T18329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1077.501123][T18329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1077.552208][T18329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1077.566505][T18329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1077.577677][T18329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1077.590615][T18329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1077.622723][T18329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1077.650612][T18329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1077.672717][T18329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1077.707098][T18329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1077.740311][T18329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1077.765023][T18329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1077.796495][T18329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1077.846973][T18329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1077.874586][T18329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1077.903305][T18329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1077.918093][T18329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1077.940155][T18329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1077.955920][T18329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1077.978556][T18329] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1077.995905][T15200] usb 1-1: USB disconnect, device number 127 [ 1078.021031][T18329] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1078.050421][T18329] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1078.085557][T18329] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1078.102278][T18329] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1078.495944][T12944] usb 4-1: USB disconnect, device number 119 [ 1078.548967][ T8021] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1078.868176][ T8021] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1079.056235][ T8021] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1079.149810][T16157] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1079.186405][T16157] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1079.250109][ T8021] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1079.399884][ T8023] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1079.431996][ T8023] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1079.534468][ T5228] usb 4-1: new high-speed USB device number 120 using dummy_hcd [ 1079.612442][ T5244] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1079.626074][ T5244] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1079.636675][ T5244] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1079.654200][ T5244] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1079.665020][ T5244] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 1079.672495][ T5244] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1079.737191][ T8021] bridge_slave_1: left allmulticast mode [ 1079.758605][ T8021] bridge_slave_1: left promiscuous mode [ 1079.774574][ T8021] bridge0: port 2(bridge_slave_1) entered disabled state [ 1079.784339][ T5228] usb 4-1: Using ep0 maxpacket: 16 [ 1079.807773][ T8021] bridge_slave_0: left allmulticast mode [ 1079.807984][ T5228] usb 4-1: config 1 interface 0 altsetting 133 bulk endpoint 0x1 has invalid maxpacket 950 [ 1079.839274][ T8021] bridge_slave_0: left promiscuous mode [ 1079.890337][ T5228] usb 4-1: config 1 interface 0 altsetting 133 bulk endpoint 0x82 has invalid maxpacket 32 [ 1079.891006][ T8021] bridge0: port 1(bridge_slave_0) entered disabled state [ 1079.924817][ T5228] usb 4-1: config 1 interface 0 has no altsetting 0 [ 1079.982498][ T5228] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1080.000414][ T5228] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1080.024363][ T5228] usb 4-1: Product: syz [ 1080.034450][ T5228] usb 4-1: Manufacturer: э [ 1080.041873][ T5228] usb 4-1: SerialNumber: syz [ 1080.072492][T18583] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1080.084639][T18583] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1080.424663][T18605] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1080.438149][T18605] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 1080.547005][ T5228] usblp 4-1:1.0: usblp0: USB Bidirectional printer dev 120 if 0 alt 133 proto 3 vid 0x0525 pid 0xA4A8 [ 1080.639273][ T5228] usb 4-1: USB disconnect, device number 120 [ 1080.700272][ T5228] usblp0: removed [ 1080.900378][ T25] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 1081.130218][ T25] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1081.141786][ T25] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1081.165262][ T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1081.205214][ T25] usb 1-1: config 0 descriptor?? [ 1081.216532][ T8021] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1081.229318][ T25] pwc: Askey VC010 type 2 USB webcam detected. [ 1081.251640][ T8021] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1081.269508][ T8021] bond0 (unregistering): Released all slaves [ 1081.726445][ T5233] Bluetooth: hci5: command tx timeout [ 1082.025799][ T5282] usb 2-1: new high-speed USB device number 105 using dummy_hcd [ 1082.224021][ T5282] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 1082.244452][ T5282] usb 2-1: config 0 has no interface number 0 [ 1082.251157][ T5282] usb 2-1: config 0 interface 51 has no altsetting 0 [ 1082.261883][ T5282] usb 2-1: New USB device found, idVendor=0403, idProduct=fad0, bcdDevice=26.a7 [ 1082.273099][ T5282] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1082.282271][ T5282] usb 2-1: Product: syz [ 1082.292786][ T5282] usb 2-1: Manufacturer: syz [ 1082.298545][ T5282] usb 2-1: SerialNumber: syz [ 1082.321236][ T5282] usb 2-1: config 0 descriptor?? [ 1082.369280][ T8021] hsr_slave_0: left promiscuous mode [ 1082.400280][ T8021] hsr_slave_1: left promiscuous mode [ 1082.425486][ T8021] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1082.446751][ T8021] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1082.468360][ T8021] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1082.490971][ T8021] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1082.550582][ T5282] ftdi_sio 2-1:0.51: FTDI USB Serial Device converter detected [ 1082.564615][ T5243] usb 4-1: new high-speed USB device number 121 using dummy_hcd [ 1082.582904][ T5282] ftdi_sio ttyUSB0: unknown device type: 0x26a7 [ 1082.609809][ T8021] veth1_macvtap: left promiscuous mode [ 1082.632116][ T8021] veth0_macvtap: left promiscuous mode [ 1082.634122][ T5282] usb 2-1: USB disconnect, device number 105 [ 1082.648103][ T5282] ftdi_sio 2-1:0.51: device disconnected [ 1082.653975][ T8021] veth1_vlan: left promiscuous mode [ 1082.654105][ T8021] veth0_vlan: left promiscuous mode [ 1082.768235][ T5243] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1082.809357][ T5243] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1082.867185][ T5243] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1082.896271][ T5243] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1082.939136][ T5243] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1082.964637][ T5243] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1082.990632][ T5243] usb 4-1: Product: syz [ 1083.007014][ T5243] usb 4-1: Manufacturer: syz [ 1083.037524][ T5243] cdc_wdm 4-1:1.0: skipping garbage [ 1083.065026][ T5243] cdc_wdm 4-1:1.0: skipping garbage [ 1083.085008][ T5243] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 1083.100055][ T5243] cdc_wdm 4-1:1.0: Unknown control protocol [ 1083.172446][ T25] pwc: recv_control_msg error -71 req 02 val 2700 [ 1083.215429][ T25] pwc: recv_control_msg error -71 req 02 val 2c00 [ 1083.236540][ T25] pwc: recv_control_msg error -71 req 04 val 1000 [ 1083.261101][ T25] pwc: recv_control_msg error -71 req 04 val 1300 [ 1083.285746][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1083.292403][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1083.298738][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1083.305350][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1083.311601][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1083.318197][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1083.324437][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1083.331020][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1083.337386][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1083.344004][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1083.350285][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1083.356894][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1083.363181][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1083.369787][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1083.376036][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1083.382619][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1083.388868][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1083.395477][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1083.401738][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 1083.408368][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 1083.420206][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 1083.428938][ T5283] usb 4-1: USB disconnect, device number 121 [ 1083.451665][ T25] pwc: recv_control_msg error -71 req 04 val 1400 [ 1083.465655][ T25] pwc: recv_control_msg error -71 req 02 val 2000 [ 1083.479022][ T25] pwc: recv_control_msg error -71 req 02 val 2100 [ 1083.496485][ T25] pwc: recv_control_msg error -71 req 04 val 1500 [ 1083.521387][ T25] pwc: recv_control_msg error -71 req 02 val 2500 [ 1083.537592][ T25] pwc: recv_control_msg error -71 req 02 val 2400 [ 1083.573864][ T25] pwc: recv_control_msg error -71 req 02 val 2600 [ 1083.594866][ T25] pwc: recv_control_msg error -71 req 02 val 2900 [ 1083.609631][ T25] pwc: recv_control_msg error -71 req 02 val 2800 [ 1083.631527][ T25] pwc: recv_control_msg error -71 req 04 val 1100 [ 1083.659572][ T25] pwc: recv_control_msg error -71 req 04 val 1200 [ 1083.685020][ T25] pwc: Registered as video71. [ 1083.692892][ T25] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input87 [ 1083.752926][ T25] usb 1-1: USB disconnect, device number 2 [ 1083.811703][ T5233] Bluetooth: hci5: command tx timeout [ 1084.074477][T18652] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2241'. [ 1084.901426][ T8021] team0 (unregistering): Port device team_slave_1 removed [ 1085.002592][ T8021] team0 (unregistering): Port device team_slave_0 removed [ 1085.883966][ T5233] Bluetooth: hci5: command tx timeout [ 1086.234028][T18655] syz.3.2242: vmalloc error: size 3874816, failed to allocated page array size 7568, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 1086.342964][T18655] CPU: 1 UID: 0 PID: 18655 Comm: syz.3.2242 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 1086.353800][T18655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1086.363881][T18655] Call Trace: [ 1086.367186][T18655] [ 1086.370141][T18655] dump_stack_lvl+0x241/0x360 [ 1086.374850][T18655] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1086.380076][T18655] ? __pfx__printk+0x10/0x10 [ 1086.384693][T18655] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 1086.391131][T18655] ? cpuset_print_current_mems_allowed+0x31e/0x350 [ 1086.397663][T18655] warn_alloc+0x278/0x410 [ 1086.402031][T18655] ? __pfx_warn_alloc+0x10/0x10 [ 1086.406919][T18655] ? __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 1086.413143][T18655] ? __get_vm_area_node+0x23d/0x270 [ 1086.418561][T18655] __vmalloc_node_range_noprof+0x6a2/0x1400 [ 1086.424104][T18663] FAULT_INJECTION: forcing a failure. [ 1086.424104][T18663] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1086.424484][T18655] ? __kmalloc_cache_node_noprof+0x1d3/0x300 [ 1086.443466][T18655] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1086.449832][T18655] ? __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 1086.456025][T18655] ? __get_vm_area_node+0x23d/0x270 [ 1086.461269][T18655] __vmalloc_node_range_noprof+0x5bc/0x1400 [ 1086.467199][T18655] ? __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 1086.473399][T18655] ? __mutex_trylock_common+0x183/0x2e0 [ 1086.478995][T18655] ? rcu_is_watching+0x15/0xb0 [ 1086.483791][T18655] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1086.490144][T18655] ? rcu_is_watching+0x15/0xb0 [ 1086.494939][T18655] ? trace_kmalloc+0x1f/0xd0 [ 1086.499547][T18655] ? __kmalloc_node_noprof+0x247/0x440 [ 1086.505028][T18655] ? __kvmalloc_node_noprof+0x72/0x190 [ 1086.510523][T18655] __kvmalloc_node_noprof+0x142/0x190 [ 1086.515926][T18655] ? __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 1086.522103][T18655] __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 1086.528110][T18655] ? tpg_update_mv_step+0x361/0x4f0 [ 1086.533329][T18655] vivid_update_format_cap+0x133c/0x2090 [ 1086.538999][T18655] ? __pfx_vivid_update_format_cap+0x10/0x10 [ 1086.545024][T18655] vivid_vid_cap_s_dv_timings+0x535/0x1230 [ 1086.550883][T18655] __video_do_ioctl+0xc26/0xde0 [ 1086.555779][T18655] ? __pfx___video_do_ioctl+0x10/0x10 [ 1086.561182][T18655] ? __might_fault+0xc6/0x120 [ 1086.565899][T18655] video_usercopy+0x89b/0x1180 [ 1086.570695][T18655] ? __pfx___video_do_ioctl+0x10/0x10 [ 1086.576078][T18655] ? __pfx_video_usercopy+0x10/0x10 [ 1086.581270][T18655] ? __fget_files+0x29/0x470 [ 1086.585886][T18655] ? __fget_files+0x3f6/0x470 [ 1086.590585][T18655] ? __fget_files+0x29/0x470 [ 1086.595177][T18655] v4l2_ioctl+0x18c/0x1e0 [ 1086.599497][T18655] ? __pfx_v4l2_ioctl+0x10/0x10 [ 1086.604335][T18655] __se_sys_ioctl+0xfc/0x170 [ 1086.608916][T18655] do_syscall_64+0xf3/0x230 [ 1086.613421][T18655] ? clear_bhb_loop+0x35/0x90 [ 1086.618115][T18655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1086.624010][T18655] RIP: 0033:0x7f9b5c57def9 [ 1086.628423][T18655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1086.648028][T18655] RSP: 002b:00007f9b5d2e9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1086.656445][T18655] RAX: ffffffffffffffda RBX: 00007f9b5c735f80 RCX: 00007f9b5c57def9 [ 1086.664411][T18655] RDX: 0000000020000200 RSI: 00000000c0845657 RDI: 0000000000000003 [ 1086.672374][T18655] RBP: 00007f9b5c5f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 1086.680345][T18655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1086.688312][T18655] R13: 0000000000000000 R14: 00007f9b5c735f80 R15: 00007f9b5c85fa28 [ 1086.696301][T18655] [ 1086.738240][T18589] chnl_net:caif_netlink_parms(): no params data found [ 1086.746890][T18663] CPU: 0 UID: 0 PID: 18663 Comm: syz.0.2245 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 1086.757687][T18663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1086.767766][T18663] Call Trace: [ 1086.771068][T18663] [ 1086.773476][T18655] Mem-Info: [ 1086.773996][T18663] dump_stack_lvl+0x241/0x360 [ 1086.774028][T18663] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1086.774048][T18663] ? __pfx__printk+0x10/0x10 [ 1086.774072][T18663] ? snprintf+0xda/0x120 [ 1086.774097][T18663] should_fail_ex+0x3b0/0x4e0 [ 1086.774121][T18663] _copy_to_user+0x2f/0xb0 [ 1086.777333][T18655] active_anon:6608 inactive_anon:0 isolated_anon:0 [ 1086.777333][T18655] active_file:16837 inactive_file:38839 isolated_file:0 [ 1086.777333][T18655] unevictable:768 dirty:101 writeback:0 [ 1086.777333][T18655] slab_reclaimable:6185 slab_unreclaimable:114394 [ 1086.777333][T18655] mapped:26324 shmem:1237 pagetables:860 [ 1086.777333][T18655] sec_pagetables:0 bounce:0 [ 1086.777333][T18655] kernel_misc_reclaimable:0 [ 1086.777333][T18655] free:1252811 free_pcp:3308 free_cma:0 [ 1086.781980][T18663] simple_read_from_buffer+0xca/0x150 [ 1086.787889][T18655] Node 0 active_anon:26432kB inactive_anon:0kB active_file:67348kB inactive_file:155280kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:105296kB dirty:404kB writeback:0kB shmem:3412kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11004kB pagetables:3440kB sec_pagetables:0kB all_unreclaimable? no [ 1086.791826][T18663] proc_fail_nth_read+0x1ec/0x260 [ 1086.796176][T18655] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 1086.800688][T18663] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1086.800717][T18663] ? rw_verify_area+0x520/0x6b0 [ 1086.806572][T18655] Node 0 [ 1086.850210][T18663] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1086.850254][T18663] vfs_read+0x204/0xbc0 [ 1086.850276][T18663] ? __pfx_lock_release+0x10/0x10 [ 1086.850301][T18663] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 1086.850322][T18663] ? __pfx_vfs_read+0x10/0x10 [ 1086.850342][T18663] ? __fget_files+0x29/0x470 [ 1086.850365][T18663] ? __fget_files+0x3f6/0x470 [ 1086.850399][T18663] ksys_read+0x1a0/0x2c0 [ 1086.850426][T18663] ? __pfx_ksys_read+0x10/0x10 [ 1086.850448][T18663] ? do_syscall_64+0x100/0x230 [ 1086.850473][T18663] ? do_syscall_64+0xb6/0x230 [ 1086.850496][T18663] do_syscall_64+0xf3/0x230 [ 1086.850516][T18663] ? clear_bhb_loop+0x35/0x90 [ 1086.850544][T18663] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1086.850567][T18663] RIP: 0033:0x7fedcab7c93c [ 1086.850588][T18663] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 1086.850604][T18663] RSP: 002b:00007fedcb957030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1086.850628][T18663] RAX: ffffffffffffffda RBX: 00007fedcad35f80 RCX: 00007fedcab7c93c [ 1086.850644][T18663] RDX: 000000000000000f RSI: 00007fedcb9570a0 RDI: 0000000000000003 [ 1086.850658][T18663] RBP: 00007fedcb957090 R08: 0000000000000000 R09: 0000000000000000 [ 1086.850671][T18663] R10: 000000000000003a R11: 0000000000000246 R12: 0000000000000001 [ 1086.850684][T18663] R13: 0000000000000001 R14: 00007fedcad35f80 R15: 00007fedcae5fa28 [ 1086.850715][T18663] [ 1087.155301][T18670] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2244'. [ 1087.202062][T18655] DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1087.299201][T18655] lowmem_reserve[]: 0 2467 2468 0 0 [ 1087.307778][T18655] Node 0 DMA32 free:1056856kB boost:0kB min:34228kB low:42784kB high:51340kB reserved_highatomic:0KB active_anon:26436kB inactive_anon:0kB active_file:67348kB inactive_file:154472kB unevictable:1536kB writepending:416kB present:3129332kB managed:2554984kB mlocked:0kB bounce:0kB free_pcp:2628kB local_pcp:1164kB free_cma:0kB [ 1087.358532][T18655] lowmem_reserve[]: 0 0 0 0 0 [ 1087.366873][T18655] Node 0 Normal free:8kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:816kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 1087.424226][T18655] lowmem_reserve[]: 0 0 0 0 0 [ 1087.443133][T18655] Node 1 Normal free:3938900kB boost:0kB min:55660kB low:69572kB high:83484kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:76kB unevictable:1536kB writepending:0kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:10460kB local_pcp:6504kB free_cma:0kB [ 1087.476739][T18655] lowmem_reserve[]: 0 0 0 0 0 [ 1087.482180][T18655] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1087.550940][T18655] Node 0 DMA32: 309*4kB (UME) 341*8kB (UME) 457*16kB (UME) 501*32kB (UME) 322*64kB (ME) 64*128kB (UME) 30*256kB (ME) 23*512kB (UME) 9*1024kB (UME) 2*2048kB (U) 237*4096kB (M) = 1059628kB [ 1087.571866][T18589] bridge0: port 1(bridge_slave_0) entered blocking state [ 1087.595472][T18655] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 1087.608264][T18589] bridge0: port 1(bridge_slave_0) entered disabled state [ 1087.644128][T18589] bridge_slave_0: entered allmulticast mode [ 1087.668478][T18589] bridge_slave_0: entered promiscuous mode [ 1087.684086][T18655] Node 1 Normal: 5*4kB (UM) 15*8kB (UM) 15*16kB (UM) 16*32kB (UM) 9*64kB (UM) 6*128kB (UM) 4*256kB (U) 5*512kB (U) 3*1024kB (U) 3*2048kB (UM) 958*4096kB (M) = 3939004kB [ 1087.732654][T18589] bridge0: port 2(bridge_slave_1) entered blocking state [ 1087.779994][T18589] bridge0: port 2(bridge_slave_1) entered disabled state [ 1087.809206][T18589] bridge_slave_1: entered allmulticast mode [ 1087.823954][T18655] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1087.846410][T18589] bridge_slave_1: entered promiscuous mode [ 1087.904385][T18655] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1087.966597][ T5233] Bluetooth: hci5: command tx timeout [ 1088.000889][T18655] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1088.021748][T18655] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1088.049667][T18589] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1088.059699][T18655] 56920 total pagecache pages [ 1088.067269][T18655] 0 pages in swap cache [ 1088.072854][T18655] Free swap = 124428kB [ 1088.079872][T18655] Total swap = 124996kB [ 1088.084344][T18655] 2097051 pages RAM [ 1088.088325][T18655] 0 pages HighMem/MovableOnly [ 1088.109533][T18589] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1088.124925][T18655] 426967 pages reserved [ 1088.158272][T18655] 0 pages cma reserved [ 1088.349635][T18589] team0: Port device team_slave_0 added [ 1088.430757][T18589] team0: Port device team_slave_1 added [ 1088.600788][T18589] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1088.611552][T18589] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1088.689144][T18589] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1088.777017][T18589] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1088.805645][T18589] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1088.831593][ C1] vkms_vblank_simulate: vblank timer overrun [ 1088.838899][T18589] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1089.056496][T18589] hsr_slave_0: entered promiscuous mode [ 1089.098877][T18589] hsr_slave_1: entered promiscuous mode [ 1089.571079][T18724] block device autoloading is deprecated and will be removed. [ 1089.587449][T18724] syz.0.2255: attempt to access beyond end of device [ 1089.587449][T18724] loop41: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1089.641961][T18727] IPv6: Can't replace route, no match found [ 1089.723937][ T29] audit: type=1326 audit(1726235435.854:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18732 comm="syz.2.2258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff8057def9 code=0x7ffc0000 [ 1089.833100][ T29] audit: type=1326 audit(1726235435.854:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18732 comm="syz.2.2258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff8057def9 code=0x7ffc0000 [ 1089.916272][ T29] audit: type=1326 audit(1726235435.874:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18732 comm="syz.2.2258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7eff8057def9 code=0x7ffc0000 [ 1090.014187][ T29] audit: type=1326 audit(1726235435.874:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18732 comm="syz.2.2258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff8057def9 code=0x7ffc0000 [ 1090.072947][ T29] audit: type=1326 audit(1726235435.874:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18732 comm="syz.2.2258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7eff8057def9 code=0x7ffc0000 [ 1090.095257][ C1] vkms_vblank_simulate: vblank timer overrun [ 1090.185291][ T29] audit: type=1326 audit(1726235435.904:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18732 comm="syz.2.2258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7eff8057def9 code=0x7ffc0000 [ 1090.323331][T18743] bridge0: port 1(bridge_slave_0) entered disabled state [ 1090.404123][ T5283] usb 3-1: new high-speed USB device number 82 using dummy_hcd [ 1090.615375][ T5283] usb 3-1: Using ep0 maxpacket: 32 [ 1090.622773][ T5283] usb 3-1: config 0 has an invalid interface number: 223 but max is 0 [ 1090.631926][ T5283] usb 3-1: config 0 has no interface number 0 [ 1090.659280][ T5283] usb 3-1: New USB device found, idVendor=0471, idProduct=0602, bcdDevice=10.fe [ 1090.678031][ T5283] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1090.695455][ T5283] usb 3-1: Product: syz [ 1090.734066][ T5283] usb 3-1: Manufacturer: syz [ 1090.744581][ T5283] usb 3-1: SerialNumber: syz [ 1090.756799][ T5283] usb 3-1: config 0 descriptor?? [ 1090.915350][ T5282] usb 2-1: new high-speed USB device number 106 using dummy_hcd [ 1091.003632][T18743] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2259'. [ 1091.019233][T18589] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1091.061788][T18589] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1091.078962][T18743] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1091.109788][T18743] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1091.112996][T18589] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1091.130416][ T5282] usb 2-1: Using ep0 maxpacket: 16 [ 1091.154107][ T5282] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x93, changing to 0x83 [ 1091.183961][ T5282] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1091.218166][T18589] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1091.248434][ T5282] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 0 [ 1091.283935][T18743] netlink: 'syz.2.2259': attribute type 10 has an invalid length. [ 1091.295035][ T5282] usb 2-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 1091.311740][T18743] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 1091.346648][ T5282] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1091.368312][ T5282] usb 2-1: Product: syz [ 1091.382237][ T5282] usb 2-1: Manufacturer: syz [ 1091.396939][ T5282] usb 2-1: SerialNumber: syz [ 1091.429008][ T5282] usb 2-1: config 0 descriptor?? [ 1091.456216][ T5282] hub 2-1:0.0: bad descriptor, ignoring hub [ 1091.480548][ T5282] hub 2-1:0.0: probe with driver hub failed with error -5 [ 1091.512357][ T5243] usb 3-1: USB disconnect, device number 82 [ 1091.522947][ T5282] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1091.747745][ T5282] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -12 [ 1091.796981][T18589] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1091.882757][T18589] 8021q: adding VLAN 0 to HW filter on device team0 [ 1091.982677][ T61] bridge0: port 1(bridge_slave_0) entered blocking state [ 1091.989889][ T61] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1092.020222][T18767] udevd[18767]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1092.067810][T18750] kvm_intel: kvm [18749]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x1d9) = 0x1f800000095 [ 1092.091470][ T8023] bridge0: port 2(bridge_slave_1) entered blocking state [ 1092.098699][ T8023] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1092.148879][T18750] kvm_intel: kvm [18749]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x1d9) = 0x2400000009b [ 1092.372487][T18589] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1092.456635][T18589] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1092.589944][T18589] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1092.614889][T18776] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2264'. [ 1092.686452][T18776] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2264'. [ 1092.724316][T18776] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2264'. [ 1092.773042][T18589] veth0_vlan: entered promiscuous mode [ 1092.835186][T18776] syzkaller1: entered promiscuous mode [ 1092.865747][T18776] syzkaller1: entered allmulticast mode [ 1092.905049][T18589] veth1_vlan: entered promiscuous mode [ 1093.179134][T18589] veth0_macvtap: entered promiscuous mode [ 1093.241003][T18589] veth1_macvtap: entered promiscuous mode [ 1093.348253][T18589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1093.386213][T18589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1093.436575][T18589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1093.476584][T18589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1093.516686][T18589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1093.535908][T18794] FAULT_INJECTION: forcing a failure. [ 1093.535908][T18794] name failslab, interval 1, probability 0, space 0, times 0 [ 1093.564578][T18589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1093.610772][T18589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1093.644019][T18794] CPU: 1 UID: 0 PID: 18794 Comm: syz.0.2266 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 1093.654837][T18794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1093.664913][T18794] Call Trace: [ 1093.666042][T18589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1093.668196][T18794] [ 1093.668210][T18794] dump_stack_lvl+0x241/0x360 [ 1093.685629][T18794] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1093.690854][T18794] ? __pfx__printk+0x10/0x10 [ 1093.695470][T18794] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 1093.700962][T18794] ? __pfx___might_resched+0x10/0x10 [ 1093.706283][T18794] should_fail_ex+0x3b0/0x4e0 [ 1093.710986][T18794] should_failslab+0xac/0x100 [ 1093.715702][T18794] ? iommufd_ioas_allow_iovas+0x2ae/0x5b0 [ 1093.721436][T18794] __kmalloc_cache_noprof+0x6c/0x2c0 [ 1093.726726][T18794] iommufd_ioas_allow_iovas+0x2ae/0x5b0 [ 1093.732269][T18794] ? __might_fault+0xaa/0x120 [ 1093.736966][T18794] ? __pfx_iommufd_ioas_allow_iovas+0x10/0x10 [ 1093.743051][T18794] ? __might_fault+0xc6/0x120 [ 1093.747746][T18794] iommufd_fops_ioctl+0x4d9/0x5a0 [ 1093.752803][T18794] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 1093.758366][T18794] ? bpf_lsm_file_ioctl+0x9/0x10 [ 1093.763306][T18794] ? security_file_ioctl+0x87/0xb0 [ 1093.768420][T18794] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 1093.773964][T18794] __se_sys_ioctl+0xfc/0x170 [ 1093.778555][T18794] do_syscall_64+0xf3/0x230 [ 1093.783094][T18794] ? clear_bhb_loop+0x35/0x90 [ 1093.787779][T18794] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1093.793690][T18794] RIP: 0033:0x7fedcab7def9 [ 1093.798105][T18794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1093.817714][T18794] RSP: 002b:00007fedcb957038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1093.826127][T18794] RAX: ffffffffffffffda RBX: 00007fedcad35f80 RCX: 00007fedcab7def9 [ 1093.834091][T18794] RDX: 0000000020000280 RSI: 0000000000003b82 RDI: 0000000000000003 [ 1093.842053][T18794] RBP: 00007fedcb957090 R08: 0000000000000000 R09: 0000000000000000 [ 1093.850014][T18794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1093.857977][T18794] R13: 0000000000000000 R14: 00007fedcad35f80 R15: 00007fedcae5fa28 [ 1093.865952][T18794] [ 1093.869080][ C1] vkms_vblank_simulate: vblank timer overrun [ 1093.942383][T18589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1093.970800][T18589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1093.997576][T18589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1094.013571][T18589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1094.038383][T18589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1094.066579][T18589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1094.097233][T18589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1094.145588][T18589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1094.179103][T18589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1094.215732][T18589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1094.234420][T18589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1094.253856][T18589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1094.289837][T18589] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1094.318494][T18787] netlink: 14601 bytes leftover after parsing attributes in process `syz.2.2265'. [ 1094.429456][T18589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1094.464164][ T5282] usb 2-1: USB disconnect, device number 106 [ 1094.504544][T18589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1094.579542][T18589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1094.626134][T18589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1094.667721][T18589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1094.697372][T18589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1094.720656][ T29] audit: type=1800 audit(1726235440.844:79): pid=18812 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2268" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 1094.741155][ C1] vkms_vblank_simulate: vblank timer overrun [ 1094.764980][T18589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1094.811562][T18589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1094.854158][T18589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1094.909708][T18589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1094.970363][T18589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1095.028013][T18589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.076426][T18589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1095.123031][T18589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.157858][T18589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1095.190457][T18589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.231106][T18589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1095.270398][T18589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.301498][T18589] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1095.339597][T18589] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1095.437732][T18589] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1095.446742][ T5244] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1095.470546][ T5244] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1095.483934][ T5244] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1095.499273][ T5244] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1095.518145][ T5244] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 1095.534814][ T5244] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1095.620194][T18589] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1095.681498][T18589] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1095.718530][T18589] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1095.776374][T18589] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1095.869881][T18836] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2274'. [ 1095.886768][T18838] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2274'. [ 1096.030682][T18838] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2274'. [ 1096.149463][T18836] syzkaller1: entered promiscuous mode [ 1096.182727][T18836] syzkaller1: entered allmulticast mode [ 1096.588626][ T8021] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1096.618260][ T8021] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1096.902052][ T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1096.966645][ T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1097.185696][T18833] chnl_net:caif_netlink_parms(): no params data found [ 1097.644971][ T5244] Bluetooth: hci6: command tx timeout [ 1097.715330][T18833] bridge0: port 1(bridge_slave_0) entered blocking state [ 1097.722508][T18833] bridge0: port 1(bridge_slave_0) entered disabled state [ 1097.764915][T18833] bridge_slave_0: entered allmulticast mode [ 1097.802461][T18833] bridge_slave_0: entered promiscuous mode [ 1097.832518][T18833] bridge0: port 2(bridge_slave_1) entered blocking state [ 1097.852654][T18833] bridge0: port 2(bridge_slave_1) entered disabled state [ 1097.884183][T18833] bridge_slave_1: entered allmulticast mode [ 1097.915798][T18833] bridge_slave_1: entered promiscuous mode [ 1098.068416][T18833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1098.116902][T18908] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2286'. [ 1098.209078][T18833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1098.403044][T18908] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2286'. [ 1098.432381][T18908] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2286'. [ 1098.690458][T18833] team0: Port device team_slave_0 added [ 1098.746555][T18916] syzkaller1: entered promiscuous mode [ 1098.794311][T18916] syzkaller1: entered allmulticast mode [ 1098.852439][T18833] team0: Port device team_slave_1 added [ 1099.037500][T18833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1099.072415][T18833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1099.098357][ C1] vkms_vblank_simulate: vblank timer overrun [ 1099.214378][ T25] usb 5-1: new high-speed USB device number 85 using dummy_hcd [ 1099.246668][T18833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1099.277737][T18833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1099.303197][T18833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1099.329245][ C1] vkms_vblank_simulate: vblank timer overrun [ 1099.384308][T18833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1099.454356][ T25] usb 5-1: Using ep0 maxpacket: 8 [ 1099.461393][ T25] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1099.475270][ T25] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1099.504475][ T5282] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 1099.531893][ T25] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 1099.541297][T18946] FAULT_INJECTION: forcing a failure. [ 1099.541297][T18946] name failslab, interval 1, probability 0, space 0, times 0 [ 1099.553911][ T25] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 1099.594382][ T25] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 1099.603475][ T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1099.603882][T18946] CPU: 0 UID: 0 PID: 18946 Comm: syz.1.2294 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 1099.622223][T18946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1099.622938][ T25] hub 5-1:1.0: bad descriptor, ignoring hub [ 1099.632275][T18946] Call Trace: [ 1099.632291][T18946] [ 1099.632302][T18946] dump_stack_lvl+0x241/0x360 [ 1099.632331][T18946] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1099.632350][T18946] ? __pfx__printk+0x10/0x10 [ 1099.632375][T18946] ? ref_tracker_alloc+0x332/0x490 [ 1099.632402][T18946] should_fail_ex+0x3b0/0x4e0 [ 1099.632426][T18946] ? skb_clone+0x20c/0x390 [ 1099.632450][T18946] should_failslab+0xac/0x100 [ 1099.632478][T18946] ? skb_clone+0x20c/0x390 [ 1099.632501][T18946] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 1099.632528][T18946] skb_clone+0x20c/0x390 [ 1099.632556][T18946] __netlink_deliver_tap+0x3cc/0x7c0 [ 1099.632595][T18946] ? netlink_deliver_tap+0x2e/0x1b0 [ 1099.632614][T18946] netlink_deliver_tap+0x19d/0x1b0 [ 1099.632637][T18946] __netlink_sendskb+0x60/0xd0 [ 1099.632665][T18946] netlink_dump+0x97d/0xd80 [ 1099.632698][T18946] ? __pfx_netlink_dump+0x10/0x10 [ 1099.632715][T18946] ? ip_set_dump_start+0x36f/0x530 [ 1099.632768][T18946] __netlink_dump_start+0x5a2/0x790 [ 1099.632806][T18946] ip_set_dump+0x16d/0x1f0 [ 1099.632824][T18946] ? nfnetlink_rcv_msg+0xa5c/0x1180 [ 1099.632844][T18946] ? nfnetlink_rcv_msg+0x225/0x1180 [ 1099.632865][T18946] ? __pfx_ip_set_dump+0x10/0x10 [ 1099.632881][T18946] ? __pfx_ip_set_dump_start+0x10/0x10 [ 1099.643107][ T25] hub 5-1:1.0: probe with driver hub failed with error -5 [ 1099.644954][T18946] ? __pfx_ip_set_dump_do+0x10/0x10 [ 1099.644979][T18946] ? __pfx_ip_set_dump_done+0x10/0x10 [ 1099.645010][T18946] ? nfnetlink_rcv_msg+0x225/0x1180 [ 1099.645032][T18946] nfnetlink_rcv_msg+0xbec/0x1180 [ 1099.645051][T18946] ? kernel_text_address+0xa7/0xe0 [ 1099.645072][T18946] ? nfnetlink_rcv_msg+0x225/0x1180 [ 1099.645113][T18946] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 1099.645163][T18946] ? netlink_deliver_tap+0x19d/0x1b0 [ 1099.645182][T18946] ? netlink_unicast+0x7c4/0x990 [ 1099.645205][T18946] ? netlink_sendmsg+0x8e4/0xcb0 [ 1099.645223][T18946] ? __sock_sendmsg+0x221/0x270 [ 1099.645248][T18946] ? ____sys_sendmsg+0x525/0x7d0 [ 1099.645267][T18946] ? __sys_sendmsg+0x2b0/0x3a0 [ 1099.645288][T18946] ? do_syscall_64+0xf3/0x230 [ 1099.645307][T18946] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1099.645349][T18946] netlink_rcv_skb+0x1e3/0x430 [ 1099.645370][T18946] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 1099.645393][T18946] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1099.645423][T18946] ? apparmor_capable+0x13b/0x1b0 [ 1099.645451][T18946] ? bpf_lsm_capable+0x9/0x10 [ 1099.645469][T18946] ? security_capable+0x90/0xb0 [ 1099.645501][T18946] nfnetlink_rcv+0x297/0x2ad0 [ 1099.645527][T18946] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 1099.645559][T18946] ? __dev_queue_xmit+0x2da/0x3e90 [ 1099.645592][T18946] ? __dev_queue_xmit+0x1763/0x3e90 [ 1099.645613][T18946] ? kasan_save_track+0x51/0x80 [ 1099.645645][T18946] ? do_syscall_64+0xf3/0x230 [ 1099.645667][T18946] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 1099.645685][T18946] ? __dev_queue_xmit+0x2da/0x3e90 [ 1099.645709][T18946] ? __pfx___dev_queue_xmit+0x10/0x10 [ 1099.645751][T18946] ? ref_tracker_free+0x643/0x7e0 [ 1099.645773][T18946] ? __asan_memcpy+0x40/0x70 [ 1099.645795][T18946] ? __pfx_ref_tracker_free+0x10/0x10 [ 1099.645832][T18946] ? netlink_deliver_tap+0x2e/0x1b0 [ 1099.645851][T18946] ? skb_clone+0x240/0x390 [ 1099.645876][T18946] ? __pfx_lock_release+0x10/0x10 [ 1099.645901][T18946] ? __netlink_deliver_tap+0x77e/0x7c0 [ 1099.645934][T18946] ? netlink_deliver_tap+0x2e/0x1b0 [ 1099.645958][T18946] netlink_unicast+0x7f6/0x990 [ 1099.645992][T18946] ? __pfx_netlink_unicast+0x10/0x10 [ 1099.646014][T18946] ? __virt_addr_valid+0x183/0x530 [ 1099.646037][T18946] ? __check_object_size+0x49c/0x900 [ 1099.646061][T18946] ? bpf_lsm_netlink_send+0x9/0x10 [ 1099.646085][T18946] netlink_sendmsg+0x8e4/0xcb0 [ 1099.656438][ T25] cdc_wdm 5-1:1.0: skipping garbage [ 1099.660522][T18946] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1099.660555][T18946] ? __import_iovec+0x536/0x820 [ 1099.666314][ T25] cdc_wdm 5-1:1.0: skipping garbage [ 1099.670295][T18946] ? aa_sock_msg_perm+0x91/0x160 [ 1099.677258][ T25] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 1099.679349][T18946] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1099.683745][ T25] cdc_wdm 5-1:1.0: Unknown control protocol [ 1099.693323][T18946] ? security_socket_sendmsg+0x87/0xb0 [ 1099.693359][T18946] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1099.703901][ T5282] usb 1-1: Using ep0 maxpacket: 8 [ 1099.708977][T18946] __sock_sendmsg+0x221/0x270 [ 1099.709018][T18946] ____sys_sendmsg+0x525/0x7d0 [ 1099.727262][ T5282] usb 1-1: config 0 has an invalid interface number: 52 but max is 0 [ 1099.728374][T18946] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1099.733547][ T5282] usb 1-1: config 0 has an invalid descriptor of length 72, skipping remainder of the config [ 1099.737956][T18946] __sys_sendmsg+0x2b0/0x3a0 [ 1099.737990][T18946] ? __pfx___sys_sendmsg+0x10/0x10 [ 1099.738010][T18946] ? vfs_write+0x7c4/0xc90 [ 1099.738074][T18946] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1099.738102][T18946] ? do_syscall_64+0x100/0x230 [ 1099.738126][T18946] ? do_syscall_64+0xb6/0x230 [ 1099.738149][T18946] do_syscall_64+0xf3/0x230 [ 1099.738169][T18946] ? clear_bhb_loop+0x35/0x90 [ 1099.745279][ T5282] usb 1-1: config 0 has no interface number 0 [ 1099.748526][T18946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1099.753474][ T5282] usb 1-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xA2, changing to 0x82 [ 1099.758879][T18946] RIP: 0033:0x7feef6b7def9 [ 1099.758904][T18946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1099.758919][T18946] RSP: 002b:00007feef7a3b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1099.758938][T18946] RAX: ffffffffffffffda RBX: 00007feef6d35f80 RCX: 00007feef6b7def9 [ 1099.758952][T18946] RDX: 0000000000040000 RSI: 0000000020000200 RDI: 0000000000000003 [ 1099.758964][T18946] RBP: 00007feef7a3b090 R08: 0000000000000000 R09: 0000000000000000 [ 1099.758977][T18946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1099.758988][T18946] R13: 0000000000000000 R14: 00007feef6d35f80 R15: 00007feef6e5fa28 [ 1099.759017][T18946] [ 1099.850955][ T5244] Bluetooth: hci6: command tx timeout [ 1100.250252][T18833] hsr_slave_0: entered promiscuous mode [ 1100.318130][T18833] hsr_slave_1: entered promiscuous mode [ 1100.390074][T18833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1100.414008][T18833] Cannot create hsr debugfs directory [ 1100.483857][ T5282] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x82 has an invalid bInterval 231, changing to 11 [ 1100.562422][ T5282] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x82 has invalid maxpacket 25303, setting to 1024 [ 1100.664416][ T5282] usb 1-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1100.764710][ T5282] usb 1-1: config 0 interface 52 has no altsetting 0 [ 1100.793619][ T5282] usb 1-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00 [ 1100.806778][ T5282] usb 1-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35 [ 1100.829286][ T1111] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1100.866403][T18935] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1100.867535][ T5282] usb 1-1: Product: syz [ 1100.944691][T18935] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1100.985271][ T5282] usb 1-1: SerialNumber: syz [ 1101.013274][ T5282] usb 1-1: config 0 descriptor?? [ 1101.137136][ T1111] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1101.232626][ T5282] input: syz (Stick) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.52/input/input88 [ 1101.329552][ T1111] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1101.672475][ T1111] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1101.800336][T18958] netlink: 'syz.0.2292': attribute type 3 has an invalid length. [ 1102.275340][T12944] usb 5-1: USB disconnect, device number 85 [ 1102.286705][ T5244] Bluetooth: hci6: command tx timeout [ 1102.444842][ T1111] bridge_slave_1: left allmulticast mode [ 1102.458601][ T1111] bridge_slave_1: left promiscuous mode [ 1102.477272][ T1111] bridge0: port 2(bridge_slave_1) entered disabled state [ 1102.500824][ T1111] bridge_slave_0: left allmulticast mode [ 1102.529315][ T1111] bridge_slave_0: left promiscuous mode [ 1102.539506][ T1111] bridge0: port 1(bridge_slave_0) entered disabled state [ 1102.886279][T12944] usb 1-1: USB disconnect, device number 3 [ 1103.359407][T12944] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 1103.427914][ T1111] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1103.442412][ T1111] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1103.457770][ T1111] bond0 (unregistering): Released all slaves [ 1103.547147][T12944] usb 1-1: Using ep0 maxpacket: 8 [ 1103.580574][T18973] netlink: 4272 bytes leftover after parsing attributes in process `syz.0.2303'. [ 1103.599931][T12944] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1103.632256][T18970] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2302'. [ 1103.642693][T12944] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 1103.654206][T12944] usb 1-1: can't read configurations, error -71 [ 1103.666355][T18971] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2302'. [ 1103.689880][T18975] syzkaller1: entered promiscuous mode [ 1103.697623][T18975] syzkaller1: entered allmulticast mode [ 1103.976475][T18971] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2302'. [ 1104.363985][ T5244] Bluetooth: hci6: command tx timeout [ 1104.522782][ T1111] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1104.557842][ T1111] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1104.632701][ T1111] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1104.674279][ T1111] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1104.769602][ T1111] veth1_macvtap: left promiscuous mode [ 1104.796408][ T1111] veth0_macvtap: left promiscuous mode [ 1104.802095][ T1111] veth1_vlan: left promiscuous mode [ 1104.844929][ T1111] veth0_vlan: left promiscuous mode [ 1105.030257][ T5233] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1105.041743][ T5233] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1105.052801][ T5233] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1105.063249][ T5233] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1105.073289][ T5233] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1105.081049][ T5233] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1106.300936][ T1111] team0 (unregistering): Port device team_slave_1 removed [ 1106.402785][ T1111] team0 (unregistering): Port device team_slave_0 removed [ 1107.170659][ T5244] Bluetooth: hci2: command tx timeout [ 1107.184388][T15200] usb 2-1: new high-speed USB device number 107 using dummy_hcd [ 1107.309120][T19022] program syz.0.2314 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1107.403068][T15200] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1107.418570][T15200] usb 2-1: config 203 has an invalid interface number: 59 but max is 0 [ 1107.454460][T15200] usb 2-1: config 203 has no interface number 0 [ 1107.471043][T15200] usb 2-1: config 203 interface 59 altsetting 3 has an invalid descriptor for endpoint zero, skipping [ 1107.492544][T15200] usb 2-1: config 203 interface 59 altsetting 3 has a duplicate endpoint with address 0xC, skipping [ 1107.524157][T15200] usb 2-1: config 203 interface 59 altsetting 3 endpoint 0xD has invalid maxpacket 1024, setting to 64 [ 1107.535616][T19022] FAULT_INJECTION: forcing a failure. [ 1107.535616][T19022] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1107.559984][T15200] usb 2-1: config 203 interface 59 altsetting 3 bulk endpoint 0xB has invalid maxpacket 32 [ 1107.571542][T19022] CPU: 1 UID: 0 PID: 19022 Comm: syz.0.2314 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 1107.582349][T19022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1107.592419][T19022] Call Trace: [ 1107.595696][T19022] [ 1107.598619][T19022] dump_stack_lvl+0x241/0x360 [ 1107.603301][T19022] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1107.608496][T19022] ? __pfx__printk+0x10/0x10 [ 1107.613088][T19022] ? snprintf+0xda/0x120 [ 1107.617331][T19022] should_fail_ex+0x3b0/0x4e0 [ 1107.622002][T19022] _copy_to_user+0x2f/0xb0 [ 1107.626416][T19022] simple_read_from_buffer+0xca/0x150 [ 1107.631786][T19022] proc_fail_nth_read+0x1ec/0x260 [ 1107.636808][T19022] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1107.642345][T19022] ? rw_verify_area+0x520/0x6b0 [ 1107.647189][T19022] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1107.652725][T19022] vfs_read+0x204/0xbc0 [ 1107.656871][T19022] ? __pfx_lock_release+0x10/0x10 [ 1107.661899][T19022] ? __pfx_vfs_read+0x10/0x10 [ 1107.666572][T19022] ? sg_ioctl+0x1c8c/0x2e80 [ 1107.671068][T19022] ? __fget_files+0x29/0x470 [ 1107.675656][T19022] ? __fget_files+0x3f6/0x470 [ 1107.680350][T19022] ksys_read+0x1a0/0x2c0 [ 1107.684591][T19022] ? __pfx_ksys_read+0x10/0x10 [ 1107.689345][T19022] ? do_syscall_64+0x100/0x230 [ 1107.694102][T19022] ? do_syscall_64+0xb6/0x230 [ 1107.698773][T19022] do_syscall_64+0xf3/0x230 [ 1107.703266][T19022] ? clear_bhb_loop+0x35/0x90 [ 1107.707942][T19022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1107.713837][T19022] RIP: 0033:0x7fedcab7c93c [ 1107.718254][T19022] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 1107.737878][T19022] RSP: 002b:00007fedcb957030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1107.746292][T19022] RAX: ffffffffffffffda RBX: 00007fedcad35f80 RCX: 00007fedcab7c93c [ 1107.754258][T19022] RDX: 000000000000000f RSI: 00007fedcb9570a0 RDI: 0000000000000004 [ 1107.762224][T19022] RBP: 00007fedcb957090 R08: 0000000000000000 R09: 0000000000000000 [ 1107.770193][T19022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1107.778157][T19022] R13: 0000000000000000 R14: 00007fedcad35f80 R15: 00007fedcae5fa28 [ 1107.786138][T19022] [ 1107.840242][T15200] usb 2-1: config 203 interface 59 altsetting 3 has an invalid descriptor for endpoint zero, skipping [ 1107.930802][T15200] usb 2-1: config 203 interface 59 altsetting 3 endpoint 0x6 has an invalid bInterval 255, changing to 11 [ 1107.935591][T19032] FAULT_INJECTION: forcing a failure. [ 1107.935591][T19032] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1107.956565][T18833] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1107.964721][T19032] CPU: 0 UID: 0 PID: 19032 Comm: syz.0.2316 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 1107.975526][T19032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1107.981237][T15200] usb 2-1: config 203 interface 59 altsetting 3 endpoint 0xF has invalid maxpacket 1024, setting to 64 [ 1107.985622][T19032] Call Trace: [ 1107.985637][T19032] [ 1107.985647][T19032] dump_stack_lvl+0x241/0x360 [ 1107.985676][T19032] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1107.985695][T19032] ? __pfx__printk+0x10/0x10 [ 1107.985716][T19032] ? __pfx_lock_release+0x10/0x10 [ 1107.985740][T19032] ? __lock_acquire+0x137a/0x2040 [ 1107.985770][T19032] should_fail_ex+0x3b0/0x4e0 [ 1107.985797][T19032] _copy_from_user+0x2f/0xe0 [ 1107.985822][T19032] kstrtouint_from_user+0xc6/0x190 [ 1107.985846][T19032] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 1107.985870][T19032] ? __pfx_lock_acquire+0x10/0x10 [ 1107.985903][T19032] proc_fail_nth_write+0xaa/0x2d0 [ 1107.985924][T19032] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 1107.985950][T19032] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1107.985978][T19032] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1107.986001][T19032] vfs_write+0x2a2/0xc90 [ 1107.986032][T19032] ? __pfx_vfs_write+0x10/0x10 [ 1107.986053][T19032] ? __fget_files+0x29/0x470 [ 1108.009105][T15200] usb 2-1: config 203 interface 59 altsetting 3 has a duplicate endpoint with address 0x5, skipping [ 1108.013103][T19032] ? __fget_files+0x3f6/0x470 [ 1108.013150][T19032] ksys_write+0x1a0/0x2c0 [ 1108.013178][T19032] ? __pfx_ksys_write+0x10/0x10 [ 1108.013198][T19032] ? do_syscall_64+0x100/0x230 [ 1108.013222][T19032] ? do_syscall_64+0xb6/0x230 [ 1108.013245][T19032] do_syscall_64+0xf3/0x230 [ 1108.013264][T19032] ? clear_bhb_loop+0x35/0x90 [ 1108.013291][T19032] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1108.013313][T19032] RIP: 0033:0x7fedcab7c9df [ 1108.013333][T19032] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 1108.013349][T19032] RSP: 002b:00007fedcb957030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1108.013372][T19032] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fedcab7c9df [ 1108.013386][T19032] RDX: 0000000000000001 RSI: 00007fedcb9570a0 RDI: 0000000000000005 [ 1108.013399][T19032] RBP: 00007fedcb957090 R08: 0000000000000000 R09: 0000000000000000 [ 1108.013413][T19032] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 1108.013426][T19032] R13: 0000000000000000 R14: 00007fedcad35f80 R15: 00007fedcae5fa28 [ 1108.013458][T19032] [ 1108.113876][ T8] usb 3-1: new high-speed USB device number 83 using dummy_hcd [ 1108.120936][T15200] usb 2-1: config 203 interface 59 has no altsetting 0 [ 1108.147178][T18833] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1108.245946][T15200] usb 2-1: New USB device found, idVendor=1b3d, idProduct=01dd, bcdDevice=40.a4 [ 1108.291320][T15200] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1108.311280][T15200] usb 2-1: Product: ࠖ [ 1108.322737][T15200] usb 2-1: Manufacturer: ࠝ [ 1108.325181][T18833] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1108.332922][T15200] usb 2-1: SerialNumber: Ⰹ [ 1108.364655][ T8] usb 3-1: Using ep0 maxpacket: 32 [ 1108.366432][T19020] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1108.377530][T18833] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1108.385593][ T8] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 1108.396637][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1108.447199][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1108.494441][ T8] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 1108.567773][ T8] usb 3-1: New USB device found, idVendor=056a, idProduct=00b3, bcdDevice= 0.00 [ 1108.602049][T15200] ftdi_sio 2-1:203.59: FTDI USB Serial Device converter detected [ 1108.622170][T15200] ftdi_sio ttyUSB0: unknown device type: 0x40a4 [ 1108.679564][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1108.688452][T15200] usb 2-1: USB disconnect, device number 107 [ 1108.741691][T15200] ftdi_sio 2-1:203.59: device disconnected [ 1108.761350][ T8] usb 3-1: config 0 descriptor?? [ 1108.887974][ T1111] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1108.969836][T19010] chnl_net:caif_netlink_parms(): no params data found [ 1109.097846][ T1111] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1109.255969][ T5244] Bluetooth: hci2: command tx timeout [ 1109.300191][ T1111] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1109.511719][ T1111] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1109.545633][T19010] bridge0: port 1(bridge_slave_0) entered blocking state [ 1109.594040][T19010] bridge0: port 1(bridge_slave_0) entered disabled state [ 1109.610360][T19010] bridge_slave_0: entered allmulticast mode [ 1109.665128][T19010] bridge_slave_0: entered promiscuous mode [ 1109.726070][T19010] bridge0: port 2(bridge_slave_1) entered blocking state [ 1109.743411][T19010] bridge0: port 2(bridge_slave_1) entered disabled state [ 1109.778555][T19010] bridge_slave_1: entered allmulticast mode [ 1109.806924][T19010] bridge_slave_1: entered promiscuous mode [ 1109.989920][T18833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1110.065335][T19010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1110.122166][T19010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1110.373023][T18833] 8021q: adding VLAN 0 to HW filter on device team0 [ 1110.429629][T19010] team0: Port device team_slave_0 added [ 1110.468941][T19010] team0: Port device team_slave_1 added [ 1110.568852][ T1111] bridge_slave_1: left allmulticast mode [ 1110.593346][ T1111] bridge_slave_1: left promiscuous mode [ 1110.610934][ T1111] bridge0: port 2(bridge_slave_1) entered disabled state [ 1110.678124][ T1111] bridge_slave_0: left allmulticast mode [ 1110.705086][ T1111] bridge_slave_0: left promiscuous mode [ 1110.719541][ T8] usbhid 3-1:0.0: can't add hid device: -71 [ 1110.734009][ T1111] bridge0: port 1(bridge_slave_0) entered disabled state [ 1110.747801][ T8] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1110.764750][ T8] usb 3-1: USB disconnect, device number 83 [ 1111.328090][ T5244] Bluetooth: hci2: command tx timeout [ 1112.042020][ T1111] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1112.067187][T19100] syz.0.2328 (19100): /proc/19093/oom_adj is deprecated, please use /proc/19093/oom_score_adj instead. [ 1112.132611][ T1111] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1112.207035][ T1111] bond0 (unregistering): Released all slaves [ 1112.525231][T19010] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1112.532213][T19010] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1112.645228][T19010] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1112.672073][T19010] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1112.698992][T19010] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1112.744599][T19010] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1112.771176][ T8023] bridge0: port 1(bridge_slave_0) entered blocking state [ 1112.778366][ T8023] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1113.117572][ T1111] hsr_slave_0: left promiscuous mode [ 1113.150212][ T1111] hsr_slave_1: left promiscuous mode [ 1113.168590][ T1111] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1113.193227][ T1111] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1113.212032][ T1111] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1113.237532][ T1111] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1113.314057][ T25] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 1113.341185][ T1111] veth1_macvtap: left promiscuous mode [ 1113.346982][ T1111] veth0_macvtap: left promiscuous mode [ 1113.352680][ T1111] veth1_vlan: left promiscuous mode [ 1113.358373][ T1111] veth0_vlan: left promiscuous mode [ 1113.404173][ T5244] Bluetooth: hci2: command tx timeout [ 1113.483974][ T25] usb 1-1: device descriptor read/64, error -71 [ 1113.538896][ T5233] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1113.553349][ T5233] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1113.562860][ T5233] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1113.571855][ T5233] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1113.586125][ T5233] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1113.593617][ T5233] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1113.774676][ T25] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 1113.934154][ T25] usb 1-1: device descriptor read/64, error -71 [ 1114.065186][ T25] usb usb1-port1: attempt power cycle [ 1114.312890][ T1111] team0 (unregistering): Port device team_slave_1 removed [ 1114.382392][ T1111] team0 (unregistering): Port device team_slave_0 removed [ 1114.484054][ T25] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 1114.525018][ T25] usb 1-1: device descriptor read/8, error -71 [ 1114.805270][ T25] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 1114.836564][ T25] usb 1-1: device descriptor read/8, error -71 [ 1114.981189][ T25] usb usb1-port1: unable to enumerate USB device [ 1115.130718][T19105] netlink: 'syz.0.2331': attribute type 1 has an invalid length. [ 1115.158195][T19010] hsr_slave_0: entered promiscuous mode [ 1115.198238][T19010] hsr_slave_1: entered promiscuous mode [ 1115.259008][T19112] netlink: 'syz.1.2333': attribute type 9 has an invalid length. [ 1115.274098][T19112] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2333'. [ 1115.372455][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 1115.379678][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1115.645274][ T5244] Bluetooth: hci1: command tx timeout [ 1116.025616][ T1111] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1116.044144][ T5283] usb 2-1: new high-speed USB device number 108 using dummy_hcd [ 1116.208332][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.214755][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.256101][ T5283] usb 2-1: Using ep0 maxpacket: 16 [ 1116.266460][ T5283] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 1116.289815][ T1111] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1116.301042][ T5283] usb 2-1: can't read configurations, error -61 [ 1116.464244][ T5283] usb 2-1: new high-speed USB device number 109 using dummy_hcd [ 1116.586990][ T1111] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1116.651516][T19110] chnl_net:caif_netlink_parms(): no params data found [ 1116.665021][ T5283] usb 2-1: Using ep0 maxpacket: 16 [ 1116.678457][ T5283] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 1116.688558][ T5283] usb 2-1: can't read configurations, error -61 [ 1116.695864][ T5283] usb usb2-port1: attempt power cycle [ 1116.843638][ T1111] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1117.054995][T18833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1117.119345][ T5283] usb 2-1: new high-speed USB device number 110 using dummy_hcd [ 1117.174824][ T5283] usb 2-1: Using ep0 maxpacket: 16 [ 1117.182097][ T5283] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 1117.203223][ T5283] usb 2-1: can't read configurations, error -61 [ 1117.291941][T19110] bridge0: port 1(bridge_slave_0) entered blocking state [ 1117.304643][T19110] bridge0: port 1(bridge_slave_0) entered disabled state [ 1117.313599][T19110] bridge_slave_0: entered allmulticast mode [ 1117.328768][T19110] bridge_slave_0: entered promiscuous mode [ 1117.354131][ T5283] usb 2-1: new high-speed USB device number 111 using dummy_hcd [ 1117.356129][T19110] bridge0: port 2(bridge_slave_1) entered blocking state [ 1117.376940][T19110] bridge0: port 2(bridge_slave_1) entered disabled state [ 1117.396604][T19110] bridge_slave_1: entered allmulticast mode [ 1117.406196][ T5283] usb 2-1: Using ep0 maxpacket: 16 [ 1117.416340][ T5283] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 1117.430409][ T5283] usb 2-1: can't read configurations, error -61 [ 1117.431417][T19110] bridge_slave_1: entered promiscuous mode [ 1117.467875][ T5283] usb usb2-port1: unable to enumerate USB device [ 1117.613448][T19110] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1117.633137][ T1111] bridge_slave_0: left allmulticast mode [ 1117.642777][ T1111] bridge_slave_0: left promiscuous mode [ 1117.668901][ T1111] bridge0: port 1(bridge_slave_0) entered disabled state [ 1117.724489][ T5244] Bluetooth: hci1: command tx timeout [ 1118.188922][ T1111] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 1118.422781][ T1111] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1118.439229][ T1111] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1118.449251][ T5283] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 1118.464610][ T1111] bond0 (unregistering): Released all slaves [ 1118.494772][T19110] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1118.561840][T19010] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1118.605421][T19010] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1118.634182][ T5283] usb 1-1: Using ep0 maxpacket: 8 [ 1118.641345][ T5283] usb 1-1: config 0 has an invalid interface number: 52 but max is 0 [ 1118.651959][ T5283] usb 1-1: config 0 has an invalid descriptor of length 72, skipping remainder of the config [ 1118.667648][T19110] team0: Port device team_slave_0 added [ 1118.681031][ T5283] usb 1-1: config 0 has no interface number 0 [ 1118.688390][ T5283] usb 1-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xA2, changing to 0x82 [ 1118.700187][ T5283] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x82 has an invalid bInterval 231, changing to 11 [ 1118.711924][ T5283] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x82 has invalid maxpacket 25303, setting to 1024 [ 1118.725532][ T5283] usb 1-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1118.738503][ T5283] usb 1-1: config 0 interface 52 has no altsetting 0 [ 1118.758485][ T5283] usb 1-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00 [ 1118.778366][ T5283] usb 1-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35 [ 1118.788471][ T5283] usb 1-1: Product: syz [ 1118.792767][T19010] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1118.799756][ T5283] usb 1-1: SerialNumber: syz [ 1118.808898][ T5283] usb 1-1: config 0 descriptor?? [ 1118.821509][T19010] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1118.865056][T19110] team0: Port device team_slave_1 added [ 1118.966278][T19110] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1118.991435][T19110] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1119.030099][T19110] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1119.061970][ T5283] input: syz (Stick) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.52/input/input89 [ 1119.089400][T19164] FAULT_INJECTION: forcing a failure. [ 1119.089400][T19164] name failslab, interval 1, probability 0, space 0, times 0 [ 1119.172954][T19164] CPU: 0 UID: 0 PID: 19164 Comm: syz.1.2340 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 1119.183768][T19164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1119.193839][T19164] Call Trace: [ 1119.197129][T19164] [ 1119.200052][T19164] dump_stack_lvl+0x241/0x360 [ 1119.204811][T19164] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1119.209994][T19164] ? __pfx__printk+0x10/0x10 [ 1119.214600][T19164] ? fs_reclaim_acquire+0x93/0x140 [ 1119.219718][T19164] ? __pfx___might_resched+0x10/0x10 [ 1119.225013][T19164] should_fail_ex+0x3b0/0x4e0 [ 1119.229707][T19164] ? tomoyo_encode+0x26f/0x540 [ 1119.234471][T19164] should_failslab+0xac/0x100 [ 1119.239150][T19164] ? tomoyo_encode+0x26f/0x540 [ 1119.243910][T19164] __kmalloc_noprof+0xd8/0x400 [ 1119.248682][T19164] tomoyo_encode+0x26f/0x540 [ 1119.253266][T19164] tomoyo_realpath_from_path+0x59e/0x5e0 [ 1119.258900][T19164] tomoyo_path_number_perm+0x23a/0x880 [ 1119.264363][T19164] ? tomoyo_path_number_perm+0x208/0x880 [ 1119.269991][T19164] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1119.275994][T19164] ? __fget_files+0x29/0x470 [ 1119.280586][T19164] ? __fget_files+0x3f6/0x470 [ 1119.285270][T19164] ? __fget_files+0x29/0x470 [ 1119.289874][T19164] security_file_ioctl+0x75/0xb0 [ 1119.294816][T19164] __se_sys_ioctl+0x47/0x170 [ 1119.299401][T19164] do_syscall_64+0xf3/0x230 [ 1119.303904][T19164] ? clear_bhb_loop+0x35/0x90 [ 1119.308579][T19164] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1119.314464][T19164] RIP: 0033:0x7feef6b7def9 [ 1119.318875][T19164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1119.338481][T19164] RSP: 002b:00007feef7a3b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1119.346895][T19164] RAX: ffffffffffffffda RBX: 00007feef6d35f80 RCX: 00007feef6b7def9 [ 1119.354861][T19164] RDX: 0000000000000000 RSI: 0000000000004b65 RDI: 000000000000000e [ 1119.362829][T19164] RBP: 00007feef7a3b090 R08: 0000000000000000 R09: 0000000000000000 [ 1119.370790][T19164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1119.378764][T19164] R13: 0000000000000000 R14: 00007feef6d35f80 R15: 00007feef6e5fa28 [ 1119.386765][T19164] [ 1119.403651][T19164] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1119.497156][T19110] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1119.525703][T19110] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1119.601352][T19110] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1119.696402][ T1111] hsr_slave_0: left promiscuous mode [ 1119.702359][ T1111] hsr_slave_1: left promiscuous mode [ 1119.773204][T12944] usb 1-1: USB disconnect, device number 10 [ 1119.798340][ T1111] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1119.806214][ T5244] Bluetooth: hci1: command tx timeout [ 1119.828759][ T1111] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1119.855551][ T1111] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1119.863007][ T1111] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1119.953542][T19182] FAULT_INJECTION: forcing a failure. [ 1119.953542][T19182] name failslab, interval 1, probability 0, space 0, times 0 [ 1119.958974][ T1111] veth1_macvtap: left promiscuous mode [ 1119.984684][ T1111] veth0_macvtap: left promiscuous mode [ 1119.988283][T19182] CPU: 1 UID: 0 PID: 19182 Comm: syz.1.2341 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 1119.990334][ T1111] veth1_vlan: left promiscuous mode [ 1120.000906][T19182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1120.000921][T19182] Call Trace: [ 1120.000929][T19182] [ 1120.000937][T19182] dump_stack_lvl+0x241/0x360 [ 1120.000967][T19182] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1120.000996][T19182] ? __pfx__printk+0x10/0x10 [ 1120.015296][ T1111] veth0_vlan: left promiscuous mode [ 1120.016214][T19182] should_fail_ex+0x3b0/0x4e0 [ 1120.046769][T19182] should_failslab+0xac/0x100 [ 1120.051476][T19182] __kmalloc_node_track_caller_noprof+0xda/0x440 [ 1120.057823][T19182] ? nf_ct_ext_add+0x1a2/0x3e0 [ 1120.062613][T19182] krealloc_noprof+0x7d/0x120 [ 1120.067318][T19182] nf_ct_ext_add+0x1a2/0x3e0 [ 1120.071933][T19182] init_conntrack+0x8bf/0x1310 [ 1120.076724][T19182] ? __pfx_init_conntrack+0x10/0x10 [ 1120.081951][T19182] ? __pfx___nf_conntrack_find_get+0x10/0x10 [ 1120.087958][T19182] ? __local_bh_enable_ip+0x168/0x200 [ 1120.093366][T19182] nf_conntrack_in+0xd5c/0x1890 [ 1120.098251][T19182] ? __pfx_nf_conntrack_in+0x10/0x10 [ 1120.103567][T19182] ? __pfx_ipv6_conntrack_local+0x10/0x10 [ 1120.109284][T19182] nf_hook_slow+0xc3/0x220 [ 1120.113703][T19182] ? __ip6_local_out+0x4dc/0x800 [ 1120.118720][T19182] __ip6_local_out+0x6fa/0x800 [ 1120.123477][T19182] ? __pfx___ip6_local_out+0x10/0x10 [ 1120.128754][T19182] ? __pfx_dst_output+0x10/0x10 [ 1120.133600][T19182] ? skb_checksum+0x9e/0xf0 [ 1120.138101][T19182] ip6_local_out+0x26/0x70 [ 1120.142511][T19182] ip6_send_skb+0x1b1/0x3b0 [ 1120.147008][T19182] ? ip6_send_skb+0xfd/0x3b0 [ 1120.151591][T19182] udp_v6_send_skb+0xbf5/0x1870 [ 1120.156454][T19182] udpv6_sendmsg+0x23b6/0x3270 [ 1120.161221][T19182] ? __pfx_udplite_getfrag+0x10/0x10 [ 1120.166506][T19182] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 1120.171649][T19182] ? inet_send_prepare+0x21/0x260 [ 1120.176673][T19182] ? inet_send_prepare+0x5a/0x260 [ 1120.181700][T19182] __sock_sendmsg+0xef/0x270 [ 1120.186468][T19182] ____sys_sendmsg+0x525/0x7d0 [ 1120.191340][T19182] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1120.196648][T19182] __sys_sendmmsg+0x3b2/0x740 [ 1120.201346][T19182] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1120.206580][T19182] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 1120.212480][T19182] ? ksys_write+0x23e/0x2c0 [ 1120.216983][T19182] ? __pfx_lock_release+0x10/0x10 [ 1120.222009][T19182] ? vfs_write+0x7c4/0xc90 [ 1120.226420][T19182] ? __mutex_unlock_slowpath+0x21d/0x750 [ 1120.232046][T19182] ? __pfx_vfs_write+0x10/0x10 [ 1120.236820][T19182] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1120.242802][T19182] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1120.249133][T19182] ? do_syscall_64+0x100/0x230 [ 1120.253897][T19182] __x64_sys_sendmmsg+0xa0/0xb0 [ 1120.258748][T19182] do_syscall_64+0xf3/0x230 [ 1120.263248][T19182] ? clear_bhb_loop+0x35/0x90 [ 1120.267925][T19182] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1120.273815][T19182] RIP: 0033:0x7feef6b7def9 [ 1120.278223][T19182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1120.297821][T19182] RSP: 002b:00007feef7a3b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1120.306237][T19182] RAX: ffffffffffffffda RBX: 00007feef6d35f80 RCX: 00007feef6b7def9 [ 1120.314212][T19182] RDX: 0000000000000002 RSI: 00000000200023c0 RDI: 0000000000000003 [ 1120.322177][T19182] RBP: 00007feef7a3b090 R08: 0000000000000000 R09: 0000000000000000 [ 1120.330188][T19182] R10: 0000000046000000 R11: 0000000000000246 R12: 0000000000000001 [ 1120.338161][T19182] R13: 0000000000000000 R14: 00007feef6d35f80 R15: 00007feef6e5fa28 [ 1120.346141][T19182] [ 1121.623715][ T1111] team0 (unregistering): Port device team_slave_1 removed [ 1121.815397][ T1111] team0 (unregistering): Port device team_slave_0 removed [ 1121.884439][ T5244] Bluetooth: hci1: command tx timeout [ 1123.089325][T19192] netlink: 'syz.1.2343': attribute type 10 has an invalid length. [ 1123.101286][T19192] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2343'. [ 1123.142112][T19192] batadv0: entered promiscuous mode [ 1123.148919][T19192] batadv0: entered allmulticast mode [ 1123.175679][T19192] bridge0: port 3(batadv0) entered blocking state [ 1123.191425][T19192] bridge0: port 3(batadv0) entered disabled state [ 1123.210170][T19192] bridge0: port 3(batadv0) entered blocking state [ 1123.216753][T19192] bridge0: port 3(batadv0) entered forwarding state [ 1123.252254][T19193] bridge0: port 4(vlan2) entered blocking state [ 1123.259216][T19193] bridge0: port 4(vlan2) entered disabled state [ 1123.266631][T19193] vlan2: entered allmulticast mode [ 1123.280319][T19193] vlan2: left allmulticast mode [ 1123.432649][T19110] hsr_slave_0: entered promiscuous mode [ 1123.454930][T19110] hsr_slave_1: entered promiscuous mode [ 1123.482961][T19110] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1123.502164][T19110] Cannot create hsr debugfs directory [ 1123.687405][T18833] veth0_vlan: entered promiscuous mode [ 1123.768527][ T8023] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 1123.778680][ T8023] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 1123.904918][ T8] usb 2-1: new high-speed USB device number 112 using dummy_hcd [ 1123.938283][T18833] veth1_vlan: entered promiscuous mode [ 1124.105025][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 1124.121090][ T8] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 67, changing to 10 [ 1124.143233][ T8] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1124.156400][ T8] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 1124.166485][ T8] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64 [ 1124.204997][ T8] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1124.233053][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1124.291954][ T8] usb 2-1: Product: ᰉ [ 1124.310705][ T8] usb 2-1: Manufacturer: Г [ 1124.322612][ T8] usb 2-1: SerialNumber: ৉鹘⍄옎䥆揸쫞ᵻ㔧右赍ឍﻓ※뭵ⶨ㧆詖䣏뿞⎒⯿䞮솋孟铋ᠥ烗ᬩᚧ죔傟ⳃ樑朠ꀄḭ념〶ꭈ鐏ꍆ鏠뿋間얊⽡ッ㷽㐼煯邫蚻痞摶㓿뤴賤襆⼟톐ብꂩ앷饽㫇뇤虹ੲ頧7ﬦ凩䚪日ҷ玷䒻ꔕ紾﷉밦ࢭ缲த퉎鱏︸纋ㆠ蕙垺栜 [ 1124.451303][T18833] veth0_macvtap: entered promiscuous mode [ 1124.560759][T18833] veth1_macvtap: entered promiscuous mode [ 1124.647917][ T8] cdc_ncm 2-1:1.0: bind() failure [ 1124.656234][ T8] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 1124.676360][T19010] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1124.702436][ T8] cdc_ncm 2-1:1.1: bind() failure [ 1124.735446][ T8] usb 2-1: USB disconnect, device number 112 [ 1124.798649][T19010] 8021q: adding VLAN 0 to HW filter on device team0 [ 1124.841716][T18833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1124.864111][T18833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.876553][T18833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1124.888637][T18833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.900310][T18833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1124.918791][T18833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.933861][T18833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1124.947650][T18833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.959428][T18833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1124.971194][T18833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1124.986925][T18833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1124.998583][T18833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.009543][T18833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1125.024332][T18833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.037803][T18833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1125.049402][T18833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.085389][T18833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1125.145660][T18833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1125.185949][T18833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.213914][T18833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1125.236367][T18833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.249370][T18833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1125.260611][T18833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.270888][T18833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1125.283516][T18833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.293810][T18833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1125.304548][T18833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.334158][T18833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1125.347939][T18833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.358955][T18833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1125.370921][T18833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.381491][T18833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1125.394545][T18833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1125.441980][T18833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1125.465065][ T8017] bridge0: port 1(bridge_slave_0) entered blocking state [ 1125.472251][ T8017] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1125.489475][T18833] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1125.505227][T18833] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1125.520216][T18833] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1125.531863][T18833] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1125.558505][ T8027] bridge0: port 2(bridge_slave_1) entered blocking state [ 1125.565814][ T8027] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1125.674470][ T1168] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 1125.734255][ T5338] usb 2-1: new high-speed USB device number 113 using dummy_hcd [ 1125.753574][T19010] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1125.809583][T19110] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1125.865015][ T1168] usb 1-1: too many configurations: 149, using maximum allowed: 8 [ 1125.884985][T19110] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1125.896338][ T1168] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 1125.904680][ T1168] usb 1-1: can't read configurations, error -61 [ 1125.915118][T19110] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1125.954434][ T5338] usb 2-1: Using ep0 maxpacket: 8 [ 1125.956781][T19110] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1125.968536][ T5338] usb 2-1: config 0 has an invalid interface number: 52 but max is 0 [ 1125.997211][ T1111] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1126.003903][ T5338] usb 2-1: config 0 has an invalid descriptor of length 72, skipping remainder of the config [ 1126.008715][ T1111] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1126.039813][ T5338] usb 2-1: config 0 has no interface number 0 [ 1126.044577][T19010] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1126.054417][ T5338] usb 2-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xA2, changing to 0x82 [ 1126.074416][ T1168] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 1126.093936][ T5338] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x82 has an invalid bInterval 231, changing to 11 [ 1126.124115][ T5338] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x82 has invalid maxpacket 25303, setting to 1024 [ 1126.151049][ T8023] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1126.165852][ T8023] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1126.166230][ T5338] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1126.252854][ T5338] usb 2-1: config 0 interface 52 has no altsetting 0 [ 1126.272578][ T5338] usb 2-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00 [ 1126.289249][T19010] veth0_vlan: entered promiscuous mode [ 1126.293918][ T5338] usb 2-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35 [ 1126.296937][ T1168] usb 1-1: too many configurations: 149, using maximum allowed: 8 [ 1126.303053][ T5338] usb 2-1: Product: syz [ 1126.354331][ T1168] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 1126.362869][ T1168] usb 1-1: can't read configurations, error -61 [ 1126.362872][ T5338] usb 2-1: SerialNumber: syz [ 1126.364679][ T1168] usb usb1-port1: attempt power cycle [ 1126.414672][ T5338] usb 2-1: config 0 descriptor?? [ 1126.646524][ T5338] input: syz (Stick) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.52/input/input90 [ 1126.773461][T19010] veth1_vlan: entered promiscuous mode [ 1126.832140][T19110] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1126.848137][ T1168] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 1126.945252][ T1168] usb 1-1: too many configurations: 149, using maximum allowed: 8 [ 1126.962900][ T1168] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 1126.982508][T19110] 8021q: adding VLAN 0 to HW filter on device team0 [ 1126.989301][ T1168] usb 1-1: can't read configurations, error -61 [ 1127.111296][T19010] veth0_macvtap: entered promiscuous mode [ 1127.145647][T19249] netlink: 'syz.1.2349': attribute type 3 has an invalid length. [ 1127.174335][ T1168] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 1127.204863][T19010] veth1_macvtap: entered promiscuous mode [ 1127.221397][ T8027] bridge0: port 1(bridge_slave_0) entered blocking state [ 1127.228609][ T8027] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1127.238851][ T1168] usb 1-1: too many configurations: 149, using maximum allowed: 8 [ 1127.284015][ T1168] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 1127.321012][ T8023] bridge0: port 2(bridge_slave_1) entered blocking state [ 1127.328204][ T8023] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1127.347530][ T1168] usb 1-1: can't read configurations, error -61 [ 1127.360326][ T1168] usb usb1-port1: unable to enumerate USB device [ 1127.436731][T19010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1127.449031][T19010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1127.459893][T19010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1127.514242][T19010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1127.544791][T19010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1127.577714][T19010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1127.606640][T19264] FAULT_INJECTION: forcing a failure. [ 1127.606640][T19264] name failslab, interval 1, probability 0, space 0, times 0 [ 1127.612608][T19010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1127.647481][T19010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1127.650264][T19264] CPU: 0 UID: 0 PID: 19264 Comm: syz.3.2351 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 1127.667718][T19010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1127.668025][T19264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1127.688508][T19264] Call Trace: [ 1127.691809][T19264] [ 1127.694759][T19264] dump_stack_lvl+0x241/0x360 [ 1127.699468][T19264] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1127.700714][T19010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1127.704674][T19264] ? __pfx__printk+0x10/0x10 [ 1127.704703][T19264] ? ref_tracker_alloc+0x332/0x490 [ 1127.704731][T19264] should_fail_ex+0x3b0/0x4e0 [ 1127.704754][T19264] ? skb_clone+0x20c/0x390 [ 1127.722013][T19010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1127.724209][T19264] should_failslab+0xac/0x100 [ 1127.724241][T19264] ? skb_clone+0x20c/0x390 [ 1127.724263][T19264] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 1127.724287][T19264] skb_clone+0x20c/0x390 [ 1127.724312][T19264] __netlink_deliver_tap+0x3cc/0x7c0 [ 1127.724343][T19264] ? netlink_deliver_tap+0x2e/0x1b0 [ 1127.724362][T19264] netlink_deliver_tap+0x19d/0x1b0 [ 1127.724384][T19264] netlink_unicast+0x7c4/0x990 [ 1127.724418][T19264] ? __pfx_netlink_unicast+0x10/0x10 [ 1127.724440][T19264] ? __virt_addr_valid+0x183/0x530 [ 1127.724461][T19264] ? __check_object_size+0x49c/0x900 [ 1127.724484][T19264] ? bpf_lsm_netlink_send+0x9/0x10 [ 1127.724508][T19264] netlink_sendmsg+0x8e4/0xcb0 [ 1127.724538][T19264] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1127.724561][T19264] ? __import_iovec+0x536/0x820 [ 1127.724583][T19264] ? aa_sock_msg_perm+0x91/0x160 [ 1127.724607][T19264] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1127.724630][T19264] ? security_socket_sendmsg+0x87/0xb0 [ 1127.724657][T19264] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1127.724676][T19264] __sock_sendmsg+0x221/0x270 [ 1127.724706][T19264] ____sys_sendmsg+0x525/0x7d0 [ 1127.724744][T19264] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1127.724784][T19264] __sys_sendmsg+0x2b0/0x3a0 [ 1127.724809][T19264] ? __pfx___sys_sendmsg+0x10/0x10 [ 1127.724830][T19264] ? vfs_write+0x7c4/0xc90 [ 1127.724888][T19264] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1127.724916][T19264] ? do_syscall_64+0x100/0x230 [ 1127.724941][T19264] ? do_syscall_64+0xb6/0x230 [ 1127.724965][T19264] do_syscall_64+0xf3/0x230 [ 1127.724985][T19264] ? clear_bhb_loop+0x35/0x90 [ 1127.725011][T19264] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1127.725034][T19264] RIP: 0033:0x7fc87337def9 [ 1127.725054][T19264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1127.725069][T19264] RSP: 002b:00007fc87409d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1127.725093][T19264] RAX: ffffffffffffffda RBX: 00007fc873535f80 RCX: 00007fc87337def9 [ 1127.725108][T19264] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1127.725122][T19264] RBP: 00007fc87409d090 R08: 0000000000000000 R09: 0000000000000000 [ 1127.725134][T19264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1127.725146][T19264] R13: 0000000000000000 R14: 00007fc873535f80 R15: 00007fc87365fa28 [ 1127.725178][T19264] [ 1127.725288][ C0] vkms_vblank_simulate: vblank timer overrun [ 1128.000574][T19010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1128.012912][T19010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1128.025477][T19010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1128.035645][T19010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1128.047138][T19010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1128.093422][T19010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1128.131834][T19010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1128.194252][T19010] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1128.257798][T19010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1128.272810][T19010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1128.283735][T19010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1128.322282][T19010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1128.375732][T19010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1128.395290][T19010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1128.411045][T19010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1128.423485][T19010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1128.440554][T19010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1128.455465][T19010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1128.465802][T19010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1128.487434][T19010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1128.525506][ T25] usb 2-1: USB disconnect, device number 113 [ 1128.529033][T19010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1128.552821][T19010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1128.563050][ T5243] usb 4-1: new high-speed USB device number 122 using dummy_hcd [ 1128.584459][T19010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1128.613158][T19010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1128.624127][T19010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1128.644072][T19010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1128.686935][T19010] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1128.752811][T19010] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1128.764041][ T5243] usb 4-1: Using ep0 maxpacket: 16 [ 1128.772373][T19010] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1128.788082][ T5243] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 8.00 [ 1128.803817][T19010] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1128.812669][ T5243] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1128.836726][T19010] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1128.850880][ T5243] usb 4-1: config 0 descriptor?? [ 1128.866929][ T5243] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 1128.900847][ T5243] usb 4-1: Detected FT4232H [ 1129.072681][ T5243] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 1129.113251][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1129.125291][ T5243] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1129.126099][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1129.195867][T19110] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1129.214214][ T1168] usb 2-1: new high-speed USB device number 114 using dummy_hcd [ 1129.248236][ T8023] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1129.268280][ T8023] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1129.376239][T19110] veth0_vlan: entered promiscuous mode [ 1129.404898][ T1168] usb 2-1: Using ep0 maxpacket: 8 [ 1129.421149][T19110] veth1_vlan: entered promiscuous mode [ 1129.437480][ T1168] usb 2-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 1129.464886][ T1168] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1129.489603][ T1168] usb 2-1: Product: syz [ 1129.511590][ T1168] usb 2-1: Manufacturer: syz [ 1129.531127][ T1168] usb 2-1: SerialNumber: syz [ 1129.559526][ T1168] usb 2-1: config 0 descriptor?? [ 1129.582949][T19110] veth0_macvtap: entered promiscuous mode [ 1129.592701][ T1168] gspca_main: sq905-2.14.0 probing 2770:9120 [ 1129.643072][T19110] veth1_macvtap: entered promiscuous mode [ 1129.720481][T19110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1129.742506][T19110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1129.757824][T19110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1129.770377][T19110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1129.783828][T19110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1129.817610][T19110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1129.834040][T19110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1129.849707][T19110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1129.894548][T19110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1129.923236][T19110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1129.937990][T19110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1129.949564][T19110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1129.962886][T19110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1129.981152][T19110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1130.003648][T19110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1130.033538][T19110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1130.061409][T19110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1130.086438][T19110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1130.109749][T19110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1130.154156][T19110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1130.177338][T19110] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1130.232611][ T6220] usb 4-1: USB disconnect, device number 122 [ 1130.255195][T19110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1130.267757][ T6220] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1130.300797][T19110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1130.311677][ T6220] ftdi_sio 4-1:0.0: device disconnected [ 1130.334203][T19110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1130.359982][T19110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1130.383811][T19110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1130.434167][T19110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1130.471026][T19110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1130.493810][T19110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1130.503737][T19110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1130.538091][T19110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1130.564883][T19110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1130.600128][T19110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1130.619544][T19110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1130.647263][T19110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1130.657561][T19110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1130.668490][T19110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1130.678931][T19110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1130.695405][T19110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1130.706078][T19110] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1130.716948][T19110] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1130.730319][T19110] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1130.779572][T19110] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.808502][T19110] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.853804][T19110] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.879931][T19110] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1130.976100][T19336] FAULT_INJECTION: forcing a failure. [ 1130.976100][T19336] name failslab, interval 1, probability 0, space 0, times 0 [ 1130.992769][ T6220] usb 5-1: new high-speed USB device number 86 using dummy_hcd [ 1131.008189][ T1168] gspca_sq905: sq905_read_data: usb_control_msg failed (-110) [ 1131.024386][ T1168] sq905 2-1:0.0: probe with driver sq905 failed with error -110 [ 1131.046140][T19336] CPU: 0 UID: 0 PID: 19336 Comm: syz.3.2358 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 1131.056951][T19336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1131.067033][T19336] Call Trace: [ 1131.070333][T19336] [ 1131.073284][T19336] dump_stack_lvl+0x241/0x360 [ 1131.077990][T19336] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1131.083199][T19336] ? __pfx__printk+0x10/0x10 [ 1131.087787][T19336] ? ref_tracker_alloc+0x332/0x490 [ 1131.092890][T19336] should_fail_ex+0x3b0/0x4e0 [ 1131.097557][T19336] ? skb_clone+0x20c/0x390 [ 1131.101963][T19336] should_failslab+0xac/0x100 [ 1131.106636][T19336] ? skb_clone+0x20c/0x390 [ 1131.111044][T19336] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 1131.116496][T19336] skb_clone+0x20c/0x390 [ 1131.120776][T19336] __netlink_deliver_tap+0x3cc/0x7c0 [ 1131.126079][T19336] ? netlink_deliver_tap+0x2e/0x1b0 [ 1131.131273][T19336] netlink_deliver_tap+0x19d/0x1b0 [ 1131.136377][T19336] netlink_unicast+0x7c4/0x990 [ 1131.141143][T19336] ? __pfx_netlink_unicast+0x10/0x10 [ 1131.146430][T19336] ? __virt_addr_valid+0x183/0x530 [ 1131.151534][T19336] ? __check_object_size+0x49c/0x900 [ 1131.156813][T19336] ? bpf_lsm_netlink_send+0x9/0x10 [ 1131.161920][T19336] netlink_sendmsg+0x8e4/0xcb0 [ 1131.166689][T19336] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1131.171971][T19336] ? __import_iovec+0x536/0x820 [ 1131.176817][T19336] ? aa_sock_msg_perm+0x91/0x160 [ 1131.181750][T19336] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1131.187030][T19336] ? security_socket_sendmsg+0x87/0xb0 [ 1131.192487][T19336] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1131.197759][T19336] __sock_sendmsg+0x221/0x270 [ 1131.202435][T19336] ____sys_sendmsg+0x525/0x7d0 [ 1131.207199][T19336] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1131.212489][T19336] __sys_sendmsg+0x2b0/0x3a0 [ 1131.217073][T19336] ? __pfx___sys_sendmsg+0x10/0x10 [ 1131.222173][T19336] ? vfs_write+0x7c4/0xc90 [ 1131.226610][T19336] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1131.233017][T19336] ? do_syscall_64+0x100/0x230 [ 1131.237777][T19336] ? do_syscall_64+0xb6/0x230 [ 1131.242505][T19336] do_syscall_64+0xf3/0x230 [ 1131.247004][T19336] ? clear_bhb_loop+0x35/0x90 [ 1131.251681][T19336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1131.257578][T19336] RIP: 0033:0x7fc87337def9 [ 1131.261998][T19336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1131.281606][T19336] RSP: 002b:00007fc87409d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1131.290020][T19336] RAX: ffffffffffffffda RBX: 00007fc873535f80 RCX: 00007fc87337def9 [ 1131.298071][T19336] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1131.306047][T19336] RBP: 00007fc87409d090 R08: 0000000000000000 R09: 0000000000000000 [ 1131.314028][T19336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1131.321991][T19336] R13: 0000000000000000 R14: 00007fc873535f80 R15: 00007fc87365fa28 [ 1131.329973][T19336] [ 1131.333102][ C0] vkms_vblank_simulate: vblank timer overrun [ 1131.464496][ T6220] usb 5-1: Using ep0 maxpacket: 32 [ 1131.485422][ T6220] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1131.514162][ T6220] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 1131.521789][ T6220] usb 5-1: can't read configurations, error -71 [ 1131.655964][T19341] can: request_module (can-proto-5) failed. [ 1131.688973][ T8017] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1131.710881][ T8017] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1131.828472][ T8023] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1131.849161][T11444] usb 2-1: USB disconnect, device number 114 [ 1131.856185][ T8023] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1132.165868][ T29] audit: type=1326 audit(1726235478.294:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19370 comm="syz.2.2330" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4174d7def9 code=0x0 [ 1132.227087][T19375] FAULT_INJECTION: forcing a failure. [ 1132.227087][T19375] name failslab, interval 1, probability 0, space 0, times 0 [ 1132.257414][T19375] CPU: 0 UID: 0 PID: 19375 Comm: syz.4.2366 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 1132.268231][T19375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1132.278316][T19375] Call Trace: [ 1132.281620][T19375] [ 1132.284579][T19375] dump_stack_lvl+0x241/0x360 [ 1132.289286][T19375] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1132.294517][T19375] ? __pfx__printk+0x10/0x10 [ 1132.299145][T19375] ? ref_tracker_alloc+0x332/0x490 [ 1132.304277][T19375] should_fail_ex+0x3b0/0x4e0 [ 1132.308958][T19375] ? skb_clone+0x20c/0x390 [ 1132.313380][T19375] should_failslab+0xac/0x100 [ 1132.318060][T19375] ? skb_clone+0x20c/0x390 [ 1132.322478][T19375] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 1132.327855][T19375] skb_clone+0x20c/0x390 [ 1132.332183][T19375] __netlink_deliver_tap+0x3cc/0x7c0 [ 1132.337489][T19375] ? netlink_deliver_tap+0x2e/0x1b0 [ 1132.342678][T19375] netlink_deliver_tap+0x19d/0x1b0 [ 1132.347812][T19375] netlink_unicast+0x7c4/0x990 [ 1132.352584][T19375] ? __pfx_netlink_unicast+0x10/0x10 [ 1132.357863][T19375] ? __virt_addr_valid+0x183/0x530 [ 1132.362968][T19375] ? __check_object_size+0x49c/0x900 [ 1132.368270][T19375] ? bpf_lsm_netlink_send+0x9/0x10 [ 1132.373379][T19375] netlink_sendmsg+0x8e4/0xcb0 [ 1132.378146][T19375] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1132.383429][T19375] ? __import_iovec+0x536/0x820 [ 1132.388284][T19375] ? aa_sock_msg_perm+0x91/0x160 [ 1132.393474][T19375] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1132.398758][T19375] ? security_socket_sendmsg+0x87/0xb0 [ 1132.404229][T19375] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1132.409504][T19375] __sock_sendmsg+0x221/0x270 [ 1132.414267][T19375] ____sys_sendmsg+0x525/0x7d0 [ 1132.419058][T19375] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1132.424350][T19375] __sys_sendmsg+0x2b0/0x3a0 [ 1132.428934][T19375] ? __pfx___sys_sendmsg+0x10/0x10 [ 1132.434043][T19375] ? vfs_write+0x7c4/0xc90 [ 1132.438493][T19375] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1132.444818][T19375] ? do_syscall_64+0x100/0x230 [ 1132.449577][T19375] ? do_syscall_64+0xb6/0x230 [ 1132.454248][T19375] do_syscall_64+0xf3/0x230 [ 1132.458742][T19375] ? clear_bhb_loop+0x35/0x90 [ 1132.463413][T19375] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1132.469301][T19375] RIP: 0033:0x7f67c857def9 [ 1132.473724][T19375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1132.493329][T19375] RSP: 002b:00007f67c9429038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1132.501745][T19375] RAX: ffffffffffffffda RBX: 00007f67c8735f80 RCX: 00007f67c857def9 [ 1132.509712][T19375] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 1132.517671][T19375] RBP: 00007f67c9429090 R08: 0000000000000000 R09: 0000000000000000 [ 1132.525732][T19375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1132.533696][T19375] R13: 0000000000000000 R14: 00007f67c8735f80 R15: 00007f67c885fa28 [ 1132.541668][T19375] [ 1132.547821][ T25] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 1132.610848][T19380] tipc: Started in network mode [ 1132.626511][T11444] usb 2-1: new high-speed USB device number 115 using dummy_hcd [ 1132.631354][T19380] tipc: Node identity aaaaaaaaaa3, cluster identity 4711 [ 1132.655034][T19380] tipc: Enabled bearer , priority 0 [ 1132.697898][T19376] tipc: Enabled bearer , priority 0 [ 1132.734389][ T25] usb 1-1: Using ep0 maxpacket: 8 [ 1132.741228][ T25] usb 1-1: config 0 has an invalid interface number: 52 but max is 0 [ 1132.754088][ T25] usb 1-1: config 0 has an invalid descriptor of length 72, skipping remainder of the config [ 1132.776695][ T25] usb 1-1: config 0 has no interface number 0 [ 1132.783068][ T25] usb 1-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xA2, changing to 0x82 [ 1132.801151][ T25] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x82 has an invalid bInterval 231, changing to 11 [ 1132.813086][ T25] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x82 has invalid maxpacket 25303, setting to 1024 [ 1132.827630][T11444] usb 2-1: config 0 has an invalid interface number: 29 but max is 0 [ 1132.839311][T11444] usb 2-1: config 0 has no interface number 0 [ 1132.847252][T11444] usb 2-1: config 0 interface 29 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 1132.858585][ T25] usb 1-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1132.872526][ T25] usb 1-1: config 0 interface 52 has no altsetting 0 [ 1132.888370][T11444] usb 2-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=60.74 [ 1132.910912][T11444] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1132.923545][ T25] usb 1-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00 [ 1132.933868][T11444] usb 2-1: Product: syz [ 1132.938187][ T25] usb 1-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35 [ 1132.953944][T11444] usb 2-1: Manufacturer: syz [ 1132.958837][T11444] usb 2-1: SerialNumber: syz [ 1132.963528][ T25] usb 1-1: Product: syz [ 1132.975638][ T25] usb 1-1: SerialNumber: syz [ 1132.995258][T11444] usb 2-1: config 0 descriptor?? [ 1133.034975][ T25] usb 1-1: config 0 descriptor?? [ 1133.042508][T19369] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 1133.059793][T11444] as10x_usb: device has been detected [ 1133.077249][T11444] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e)) [ 1133.168891][T11444] usb 2-1: DVB: registering adapter 1 frontend 0 (PCTV Systems picoStick (74e))... [ 1133.226325][T11444] as10x_usb: error during firmware upload part1 [ 1133.257801][T11444] Registered device PCTV Systems picoStick (74e) [ 1133.276844][ T25] input: syz (Stick) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.52/input/input91 [ 1133.293530][T11444] usb 2-1: USB disconnect, device number 115 [ 1133.371963][T11444] Unregistered device PCTV Systems picoStick (74e) [ 1133.380600][T11444] as10x_usb: device has been disconnected [ 1133.783934][T12944] tipc: Node number set to 10136234 [ 1133.808483][T19410] netlink: 'syz.0.2362': attribute type 3 has an invalid length. [ 1134.035221][ T6220] usb 3-1: new high-speed USB device number 84 using dummy_hcd [ 1134.243862][ T6220] usb 3-1: Using ep0 maxpacket: 16 [ 1134.258382][ T6220] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1134.296025][T19421] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2375'. [ 1134.305552][ T6220] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1134.324005][ T6220] usb 3-1: Product: 굗R뼁ࢠ曓䲌䊃첵ᝬ牉걾⴨ॣḴ睱㕧۔ꛓꗲ잙럂⵻㫭ྯ鮢ఙϘ兿餎 [ 1134.390467][ T6220] usb 3-1: Manufacturer: 䎼컨枈䰊晆睧ﵼ⊬⏈뾭ࡄ诸珽뜒잽袪Ɤɍ馹♒䪚겁㯹ᮭ籠ꌇ錵遞ᶩ⯚੤㊽釾⥺ࢊ楝﷾硨쯧꣪ᢦ㮛⏄✔ꆎ㼏ׁᘡ晋༰㥥␃ꯓ숒㆙㳒》队渍ন㿳뗘Ӕ臭릍硔䗆鏈ᰣ튍둞ꓝ撯퓫鰚꘱錈竍쉤䨚⎙튃伩ㄴ⢹﫱嚊궰㜖쬓䐓줓ͱ磵萩㋼謁룒辂裢烐繺ɹ佇엤⺠ [ 1134.476579][ T6220] usb 3-1: SerialNumber: 㰊 [ 1134.566062][T19421] bond0: (slave bond_slave_0): Releasing backup interface [ 1134.752087][T19429] IPVS: sync thread started: state = BACKUP, mcast_ifn = netdevsim0, syncid = 0, id = 0 [ 1134.766057][T11444] usb 5-1: new high-speed USB device number 88 using dummy_hcd [ 1134.863646][ T6220] cdc_ncm 3-1:1.0: bind() failure [ 1134.882023][ T6220] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 1134.900304][ T6220] cdc_ncm 3-1:1.1: bind() failure [ 1134.926965][ T6220] usb 3-1: USB disconnect, device number 84 [ 1134.953948][T11444] usb 5-1: Using ep0 maxpacket: 16 [ 1134.967090][T11444] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 1135.024966][T11444] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 1135.067140][ T1168] usb 1-1: USB disconnect, device number 15 [ 1135.074004][T11444] usb 5-1: Product: syz [ 1135.097480][T11444] usb 5-1: Manufacturer: syz [ 1135.119768][T11444] usb 5-1: SerialNumber: syz [ 1135.166424][T11444] usb 5-1: config 0 descriptor?? [ 1135.524101][ T6220] usb 2-1: new high-speed USB device number 116 using dummy_hcd [ 1135.652494][T19445] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2382'. [ 1135.738182][ T6220] usb 2-1: Using ep0 maxpacket: 16 [ 1135.756877][ T6220] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1135.788960][ T6220] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x1D, changing to 0xD [ 1135.810642][ T6220] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7 [ 1135.833406][ T6220] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1135.904932][ T6220] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1135.924131][ T6220] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1135.932173][ T6220] usb 2-1: Manufacturer: syz [ 1135.966211][ T6220] usb 2-1: config 0 descriptor?? [ 1135.982935][ T6220] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 1136.161488][T19449] input: syz1 as /devices/virtual/input/input92 [ 1136.193882][ T6220] usb 2-1: USB disconnect, device number 116 [ 1136.716791][ T1168] usb 3-1: new high-speed USB device number 85 using dummy_hcd [ 1136.986043][ T1168] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1143.173351][ T1168] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1144.541949][ T1168] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 1249.553739][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 1249.560721][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P19456/1:b..l P19453/1:b..l P4899/1:b..l P19435/1:b..l P19459/1:b..l P4900/1:b..l [ 1249.575328][ C1] rcu: (detected by 1, t=10502 jiffies, g=200129, q=962468 ncpus=2) [ 1249.583375][ C1] task:dhcpcd state:R running task stack:20672 pid:4900 tgid:4900 ppid:4899 flags:0x00000002 [ 1249.596390][ C1] Call Trace: [ 1249.599690][ C1] [ 1249.602607][ C1] __schedule+0x1800/0x4a60 [ 1249.607120][ C1] ? __pfx___schedule+0x10/0x10 [ 1249.611959][ C1] ? ttwu_do_activate+0x200/0x7e0 [ 1249.616978][ C1] ? preempt_schedule+0xe1/0xf0 [ 1249.621807][ C1] preempt_schedule_common+0x84/0xd0 [ 1249.627074][ C1] preempt_schedule+0xe1/0xf0 [ 1249.631742][ C1] ? __pfx_preempt_schedule+0x10/0x10 [ 1249.637124][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1249.643094][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1249.649418][ C1] preempt_schedule_thunk+0x1a/0x30 [ 1249.654606][ C1] _raw_spin_unlock_irqrestore+0x130/0x140 [ 1249.660406][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1249.666725][ C1] __wake_up_common_lock+0x18c/0x1e0 [ 1249.672000][ C1] sock_def_readable+0x20f/0x5b0 [ 1249.676924][ C1] ? sock_def_readable+0xd7/0x5b0 [ 1249.681933][ C1] unix_dgram_sendmsg+0x1493/0x1f80 [ 1249.687128][ C1] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 1249.692656][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 1249.697598][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1249.702869][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 1249.708315][ C1] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 1249.713843][ C1] __sock_sendmsg+0x221/0x270 [ 1249.718507][ C1] sock_write_iter+0x2dd/0x400 [ 1249.723256][ C1] ? __pfx_sock_write_iter+0x10/0x10 [ 1249.728531][ C1] ? __pfx_aa_sk_perm+0x10/0x10 [ 1249.733366][ C1] do_iter_readv_writev+0x60a/0x890 [ 1249.738582][ C1] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 1249.744305][ C1] ? bpf_lsm_file_permission+0x9/0x10 [ 1249.749676][ C1] ? security_file_permission+0x7f/0xa0 [ 1249.755227][ C1] ? rw_verify_area+0x1d2/0x6b0 [ 1249.760072][ C1] vfs_writev+0x37c/0xbb0 [ 1249.764395][ C1] ? bpf_lsm_file_permission+0x9/0x10 [ 1249.769756][ C1] ? security_file_permission+0x7f/0xa0 [ 1249.775297][ C1] ? __pfx_vfs_writev+0x10/0x10 [ 1249.780153][ C1] ? vfs_read+0x65f/0xbc0 [ 1249.784477][ C1] ? __rseq_handle_notify_resume+0x353/0x14e0 [ 1249.790527][ C1] do_writev+0x1b1/0x350 [ 1249.794757][ C1] ? __pfx_do_writev+0x10/0x10 [ 1249.799510][ C1] ? do_syscall_64+0x100/0x230 [ 1249.804259][ C1] ? do_syscall_64+0xb6/0x230 [ 1249.808936][ C1] do_syscall_64+0xf3/0x230 [ 1249.813680][ C1] ? clear_bhb_loop+0x35/0x90 [ 1249.818351][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1249.824227][ C1] RIP: 0033:0x7fac49319e03 [ 1249.828623][ C1] RSP: 002b:00007fff2b8507a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1249.837042][ C1] RAX: ffffffffffffffda RBX: 00007fff2b870c08 RCX: 00007fac49319e03 [ 1249.845035][ C1] RDX: 0000000000000005 RSI: 00007fff2b8507c0 RDI: 000000000000000c [ 1249.853000][ C1] RBP: 00007fff2b870c08 R08: 000000000000000c R09: 00007fff2b850800 [ 1249.860957][ C1] R10: 00007fff2b850808 R11: 0000000000000246 R12: 000055e29205ce30 [ 1249.868928][ C1] R13: 00007fff2b860a48 R14: 0000000000000148 R15: 0000000000000004 [ 1249.876906][ C1] [ 1249.879930][ C1] task:syz.1.2387 state:R running task stack:25968 pid:19459 tgid:19458 ppid:18329 flags:0x00004004 [ 1249.891668][ C1] Call Trace: [ 1249.894934][ C1] [ 1249.897873][ C1] __schedule+0x1800/0x4a60 [ 1249.902382][ C1] ? __pfx___schedule+0x10/0x10 [ 1249.907226][ C1] ? mark_lock+0x9a/0x350 [ 1249.911550][ C1] ? preempt_schedule+0xe1/0xf0 [ 1249.916383][ C1] preempt_schedule_common+0x84/0xd0 [ 1249.921651][ C1] preempt_schedule+0xe1/0xf0 [ 1249.927523][ C1] ? __pfx_preempt_schedule+0x10/0x10 [ 1249.932874][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1249.938773][ C1] preempt_schedule_thunk+0x1a/0x30 [ 1249.943989][ C1] _raw_spin_unlock+0x3e/0x50 [ 1249.948658][ C1] unmap_page_range+0x3818/0x42c0 [ 1249.953794][ C1] ? __pfx_unmap_page_range+0x10/0x10 [ 1249.959178][ C1] ? mas_next_slot+0xeab/0xf90 [ 1249.963932][ C1] ? uprobe_munmap+0x183/0x460 [ 1249.968698][ C1] ? unmap_single_vma+0x1bd/0x2b0 [ 1249.973714][ C1] unmap_vmas+0x3cc/0x5f0 [ 1249.978048][ C1] ? __pfx_unmap_vmas+0x10/0x10 [ 1249.982887][ C1] ? tlb_gather_mmu_fullmm+0x160/0x210 [ 1249.988336][ C1] exit_mmap+0x264/0xc80 [ 1249.992561][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 1249.997303][ C1] ? __asan_memset+0x23/0x50 [ 1250.001887][ C1] ? uprobe_clear_state+0x277/0x290 [ 1250.007068][ C1] ? mm_update_next_owner+0xa4/0x810 [ 1250.012336][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1250.017519][ C1] __mmput+0x115/0x390 [ 1250.021578][ C1] exit_mm+0x220/0x310 [ 1250.025634][ C1] ? __pfx_exit_mm+0x10/0x10 [ 1250.030205][ C1] ? taskstats_exit+0x326/0xa60 [ 1250.035049][ C1] do_exit+0x9b2/0x27f0 [ 1250.039204][ C1] ? __pfx_do_exit+0x10/0x10 [ 1250.043791][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1250.049157][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1250.055129][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1250.061469][ C1] ? _raw_spin_lock_irq+0xdf/0x120 [ 1250.066574][ C1] do_group_exit+0x207/0x2c0 [ 1250.071146][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 1250.076329][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 1250.081509][ C1] get_signal+0x16a1/0x1740 [ 1250.086013][ C1] ? __pfx_get_signal+0x10/0x10 [ 1250.090852][ C1] arch_do_signal_or_restart+0x96/0x860 [ 1250.096386][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1250.102541][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1250.108518][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 1250.114224][ C1] syscall_exit_to_user_mode+0xc9/0x370 [ 1250.119751][ C1] do_syscall_64+0x100/0x230 [ 1250.124325][ C1] ? clear_bhb_loop+0x35/0x90 [ 1250.128985][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1250.134863][ C1] RIP: 0033:0x7feef6b7def9 [ 1250.139281][ C1] RSP: 002b:00007feef7a3b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1250.147686][ C1] RAX: 0000000000000000 RBX: 00007feef6d35f88 RCX: 00007feef6b7def9 [ 1250.155668][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007feef6d35f88 [ 1250.163625][ C1] RBP: 00007feef6d35f80 R08: 0000000000000000 R09: 0000000000000000 [ 1250.171578][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007feef6d35f8c [ 1250.179967][ C1] R13: 0000000000000000 R14: 00007feef6e5f940 R15: 00007feef6e5fa28 [ 1250.187958][ C1] [ 1250.190971][ C1] task:syz.0.2379 state:R running task stack:24432 pid:19435 tgid:19434 ppid:18136 flags:0x00004002 [ 1250.202687][ C1] Call Trace: [ 1250.205954][ C1] [ 1250.208872][ C1] __schedule+0x1800/0x4a60 [ 1250.213376][ C1] ? __pfx___schedule+0x10/0x10 [ 1250.218216][ C1] ? mark_lock+0x9a/0x350 [ 1250.222542][ C1] ? preempt_schedule+0xe1/0xf0 [ 1250.227373][ C1] preempt_schedule_common+0x84/0xd0 [ 1250.232637][ C1] preempt_schedule+0xe1/0xf0 [ 1250.237317][ C1] ? __pfx_preempt_schedule+0x10/0x10 [ 1250.242667][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1250.248557][ C1] preempt_schedule_thunk+0x1a/0x30 [ 1250.253752][ C1] _raw_spin_unlock+0x3e/0x50 [ 1250.258428][ C1] unmap_page_range+0x3818/0x42c0 [ 1250.263453][ C1] ? __pfx_unmap_page_range+0x10/0x10 [ 1250.268815][ C1] ? mas_next_slot+0xeab/0xf90 [ 1250.273573][ C1] ? uprobe_munmap+0x183/0x460 [ 1250.278322][ C1] ? unmap_single_vma+0x1bd/0x2b0 [ 1250.283332][ C1] unmap_vmas+0x3cc/0x5f0 [ 1250.287650][ C1] ? __pfx_unmap_vmas+0x10/0x10 [ 1250.292491][ C1] ? tlb_gather_mmu_fullmm+0x160/0x210 [ 1250.297933][ C1] exit_mmap+0x264/0xc80 [ 1250.302162][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 1250.306907][ C1] ? __asan_memset+0x23/0x50 [ 1250.311495][ C1] ? uprobe_clear_state+0x277/0x290 [ 1250.316673][ C1] ? mm_update_next_owner+0xa4/0x810 [ 1250.321960][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1250.327155][ C1] __mmput+0x115/0x390 [ 1250.331210][ C1] exit_mm+0x220/0x310 [ 1250.335261][ C1] ? __pfx_exit_mm+0x10/0x10 [ 1250.339832][ C1] ? taskstats_exit+0x326/0xa60 [ 1250.344668][ C1] do_exit+0x9b2/0x27f0 [ 1250.348809][ C1] ? __pfx_do_exit+0x10/0x10 [ 1250.353385][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1250.359357][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1250.365669][ C1] ? cgroup_freezing+0x2a8/0x350 [ 1250.370615][ C1] do_group_exit+0x207/0x2c0 [ 1250.375186][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 1250.380392][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 1250.385574][ C1] get_signal+0x16a1/0x1740 [ 1250.390068][ C1] ? __pfx_get_signal+0x10/0x10 [ 1250.394898][ C1] ? __pfx_task_work_add+0x10/0x10 [ 1250.399993][ C1] arch_do_signal_or_restart+0x96/0x860 [ 1250.405525][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1250.411659][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1250.417629][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 1250.423348][ C1] syscall_exit_to_user_mode+0xc9/0x370 [ 1250.428878][ C1] do_syscall_64+0x100/0x230 [ 1250.433449][ C1] ? clear_bhb_loop+0x35/0x90 [ 1250.438107][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1250.443992][ C1] RIP: 0033:0x7fedcab7def9 [ 1250.448389][ C1] RSP: 002b:00007fedcb957038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 1250.456783][ C1] RAX: fffffffffffffe00 RBX: 00007fedcad35f80 RCX: 00007fedcab7def9 [ 1250.464754][ C1] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000007 [ 1250.472716][ C1] RBP: 00007fedcabf0b76 R08: 00000000200002c0 R09: 0000000000000000 [ 1250.480679][ C1] R10: 0000000020000280 R11: 0000000000000246 R12: 0000000000000000 [ 1250.488636][ C1] R13: 0000000000000000 R14: 00007fedcad35f80 R15: 00007fedcae5fa28 [ 1250.496601][ C1] [ 1250.499603][ C1] task:dhcpcd state:R running task stack:23632 pid:4899 tgid:4899 ppid:1 flags:0x00004002 [ 1250.511323][ C1] Call Trace: [ 1250.514600][ C1] [ 1250.517530][ C1] __schedule+0x1800/0x4a60 [ 1250.522063][ C1] ? __pfx___schedule+0x10/0x10 [ 1250.526896][ C1] ? ttwu_do_activate+0x200/0x7e0 [ 1250.531909][ C1] ? preempt_schedule+0xe1/0xf0 [ 1250.536760][ C1] preempt_schedule_common+0x84/0xd0 [ 1250.542051][ C1] preempt_schedule+0xe1/0xf0 [ 1250.546775][ C1] ? __pfx_preempt_schedule+0x10/0x10 [ 1250.552133][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1250.558096][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1250.564410][ C1] preempt_schedule_thunk+0x1a/0x30 [ 1250.569590][ C1] _raw_spin_unlock_irqrestore+0x130/0x140 [ 1250.575380][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1250.581695][ C1] __wake_up_common_lock+0x18c/0x1e0 [ 1250.587093][ C1] sock_def_readable+0x20f/0x5b0 [ 1250.592025][ C1] ? sock_def_readable+0xd7/0x5b0 [ 1250.597043][ C1] unix_dgram_sendmsg+0x1493/0x1f80 [ 1250.602233][ C1] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 1250.607757][ C1] ? aa_sock_msg_perm+0x91/0x160 [ 1250.612672][ C1] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1250.617965][ C1] ? security_socket_sendmsg+0x87/0xb0 [ 1250.623406][ C1] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 1250.628926][ C1] __sock_sendmsg+0x221/0x270 [ 1250.633768][ C1] sock_write_iter+0x2dd/0x400 [ 1250.638610][ C1] ? __pfx_sock_write_iter+0x10/0x10 [ 1250.643886][ C1] do_iter_readv_writev+0x60a/0x890 [ 1250.649069][ C1] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 1250.654775][ C1] ? bpf_lsm_file_permission+0x9/0x10 [ 1250.660154][ C1] ? security_file_permission+0x7f/0xa0 [ 1250.665711][ C1] ? rw_verify_area+0x1d2/0x6b0 [ 1250.670545][ C1] vfs_writev+0x37c/0xbb0 [ 1250.674862][ C1] ? __seccomp_filter+0x4fe/0x1fe0 [ 1250.679993][ C1] ? __pfx_vfs_writev+0x10/0x10 [ 1250.684835][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1250.689928][ C1] do_writev+0x1b1/0x350 [ 1250.694163][ C1] ? __pfx_do_writev+0x10/0x10 [ 1250.698921][ C1] ? __secure_computing+0x125/0x370 [ 1250.704127][ C1] do_syscall_64+0xf3/0x230 [ 1250.708609][ C1] ? clear_bhb_loop+0x35/0x90 [ 1250.713270][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1250.719141][ C1] RIP: 0033:0x7fac49319e03 [ 1250.723532][ C1] RSP: 002b:00007fff2b8708c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1250.731942][ C1] RAX: ffffffffffffffda RBX: 00007fff2b870c08 RCX: 00007fac49319e03 [ 1250.739894][ C1] RDX: 0000000000000005 RSI: 00007fff2b8708e0 RDI: 000000000000000a [ 1250.747841][ C1] RBP: 0000000000004801 R08: 000000000000000a R09: 00007fff2b870920 [ 1250.755804][ C1] R10: 00007fff2b870928 R11: 0000000000000246 R12: 000055e292038c00 [ 1250.763752][ C1] R13: 000055e276125f88 R14: 00000000ffffffff R15: 000055e2925e4a10 [ 1250.771712][ C1] [ 1250.774724][ C1] task:syz.2.2385 state:R running task stack:25744 pid:19453 tgid:19453 ppid:19110 flags:0x00004006 [ 1250.786443][ C1] Call Trace: [ 1250.789700][ C1] [ 1250.792636][ C1] __schedule+0x1800/0x4a60 [ 1250.797165][ C1] ? kasan_addr_to_slab+0x51/0x80 [ 1250.802189][ C1] ? __pfx___schedule+0x10/0x10 [ 1250.807035][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1250.813019][ C1] ? __lock_acquire+0x137a/0x2040 [ 1250.818048][ C1] ? preempt_schedule_irq+0xf0/0x1c0 [ 1250.823327][ C1] preempt_schedule_irq+0xfb/0x1c0 [ 1250.828425][ C1] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 1250.834136][ C1] irqentry_exit+0x5e/0x90 [ 1250.838535][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1250.844497][ C1] RIP: 0010:rcu_is_watching+0x67/0xb0 [ 1250.849871][ C1] Code: 89 f7 e8 ac 11 81 00 48 c7 c3 78 7c 03 00 49 03 1e 48 89 d8 48 c1 e8 03 42 0f b6 04 38 84 c0 75 22 8b 03 65 ff 0d c1 13 8a 7e <74> 10 83 e0 04 c1 e8 02 5b 41 5e 41 5f c3 cc cc cc cc e8 22 f3 86 [ 1250.869473][ C1] RSP: 0018:ffffc9000427f980 EFLAGS: 00000286 [ 1250.875521][ C1] RAX: 00000000004d6cc4 RBX: ffff8880b8837c78 RCX: ffff88802f7a1e00 [ 1250.883472][ C1] RDX: ffff88802f7a1e00 RSI: ffffffff8c608f20 RDI: ffffffff8c608ee0 [ 1250.891420][ C1] RBP: 0000000000000001 R08: ffffffff81b61230 R09: 1ffffffff283c908 [ 1250.899369][ C1] R10: dffffc0000000000 R11: fffffbfff283c909 R12: 1ffff110052340a9 [ 1250.907325][ C1] R13: ffff8880291a0000 R14: ffffffff8e29fa50 R15: dffffc0000000000 [ 1250.915282][ C1] ? bpf_task_storage_free+0x170/0x2a0 [ 1250.920838][ C1] ? bpf_task_storage_free+0x1c/0x2a0 [ 1250.926291][ C1] bpf_task_storage_free+0x179/0x2a0 [ 1250.931567][ C1] security_task_free+0x48/0xc0 [ 1250.936407][ C1] copy_process+0x29e8/0x3dc0 [ 1250.941080][ C1] ? copy_process+0xa03/0x3dc0 [ 1250.945835][ C1] ? __pfx_copy_process+0x10/0x10 [ 1250.950851][ C1] ? __might_fault+0xc6/0x120 [ 1250.955946][ C1] ? __asan_memset+0x23/0x50 [ 1250.960523][ C1] kernel_clone+0x226/0x8f0 [ 1250.965012][ C1] ? __pfx_kernel_clone+0x10/0x10 [ 1250.970026][ C1] __se_sys_clone3+0x2cb/0x350 [ 1250.974788][ C1] ? __pfx___se_sys_clone3+0x10/0x10 [ 1250.980070][ C1] ? do_syscall_64+0x100/0x230 [ 1250.984813][ C1] ? do_syscall_64+0xb6/0x230 [ 1250.989469][ C1] do_syscall_64+0xf3/0x230 [ 1250.993949][ C1] ? clear_bhb_loop+0x35/0x90 [ 1250.998607][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1251.004488][ C1] RIP: 0033:0x7f4174db1f29 [ 1251.008882][ C1] RSP: 002b:00007f417505f8f8 EFLAGS: 00000202 ORIG_RAX: 00000000000001b3 [ 1251.017287][ C1] RAX: ffffffffffffffda RBX: 00007f4174d34870 RCX: 00007f4174db1f29 [ 1251.025237][ C1] RDX: 00007f4174d34870 RSI: 0000000000000058 RDI: 00007f417505f940 [ 1251.033191][ C1] RBP: 00007f4175bb26c0 R08: 00007f4175bb26c0 R09: 00007f417505fa27 [ 1251.041158][ C1] R10: 0000000000000008 R11: 0000000000000202 R12: ffffffffffffffa8 [ 1251.049108][ C1] R13: 000000000000006e R14: 00007f417505f940 R15: 00007f417505fa28 [ 1251.057075][ C1] [ 1251.060075][ C1] task:syz.3.2386 state:R running task stack:26288 pid:19456 tgid:19456 ppid:18833 flags:0x00004004 [ 1251.071796][ C1] Call Trace: [ 1251.075057][ C1] [ 1251.077970][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1251.083329][ C1] ? rcu_preempt_deferred_qs_irqrestore+0x262/0xc70 [ 1251.089901][ C1] ? __pfx___schedule+0x10/0x10 [ 1251.094732][ C1] ? lock_acquire+0x264/0x550 [ 1251.099395][ C1] ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10 [ 1251.106314][ C1] ? rcu_is_watching+0x15/0xb0 [ 1251.111076][ C1] ? rcu_read_unlock_special+0x470/0x550 [ 1251.116688][ C1] ? __pfx_rcu_read_unlock_special+0x10/0x10 [ 1251.122645][ C1] ? __pfx_lock_release+0x10/0x10 [ 1251.127655][ C1] ? __rcu_read_unlock+0xa1/0x110 [ 1251.132672][ C1] ? unmap_page_range+0x38be/0x42c0 [ 1251.137889][ C1] ? __pfx_unmap_page_range+0x10/0x10 [ 1251.143261][ C1] ? mas_next_slot+0xeab/0xf90 [ 1251.148011][ C1] ? uprobe_munmap+0x183/0x460 [ 1251.152758][ C1] ? unmap_single_vma+0x1bd/0x2b0 [ 1251.157775][ C1] ? unmap_vmas+0x3cc/0x5f0 [ 1251.162266][ C1] ? __pfx_unmap_vmas+0x10/0x10 [ 1251.167110][ C1] ? tlb_gather_mmu_fullmm+0x160/0x210 [ 1251.172553][ C1] ? exit_mmap+0x264/0xc80 [ 1251.176950][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 1251.181690][ C1] ? __asan_memset+0x23/0x50 [ 1251.186271][ C1] ? uprobe_clear_state+0x277/0x290 [ 1251.191444][ C1] ? mm_update_next_owner+0xa4/0x810 [ 1251.196711][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1251.201985][ C1] ? __mmput+0x115/0x390 [ 1251.206224][ C1] ? exit_mm+0x220/0x310 [ 1251.210462][ C1] ? __pfx_exit_mm+0x10/0x10 [ 1251.215029][ C1] ? taskstats_exit+0x326/0xa60 [ 1251.219869][ C1] ? do_exit+0x9b2/0x27f0 [ 1251.224179][ C1] ? __pfx_do_exit+0x10/0x10 [ 1251.228745][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1251.234113][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1251.240076][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1251.246380][ C1] ? _raw_spin_lock_irq+0xdf/0x120 [ 1251.251476][ C1] ? do_group_exit+0x207/0x2c0 [ 1251.256217][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 1251.261396][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 1251.266574][ C1] ? get_signal+0x16a1/0x1740 [ 1251.271238][ C1] ? __pfx_get_signal+0x10/0x10 [ 1251.276073][ C1] ? arch_do_signal_or_restart+0x96/0x860 [ 1251.281774][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1251.287926][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1251.294078][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 1251.299779][ C1] ? syscall_exit_to_user_mode+0xc9/0x370 [ 1251.305496][ C1] ? do_syscall_64+0x100/0x230 [ 1251.310240][ C1] ? clear_bhb_loop+0x35/0x90 [ 1251.314918][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1251.320976][ C1] [ 1251.323983][ C1] rcu: rcu_preempt kthread starved for 10460 jiffies! g200129 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 1251.334406][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 1251.335250][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 1251.341858][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 1251.351811][ C1] rcu: RCU grace-period kthread stack dump: [ 1251.351820][ C1] task:rcu_preempt state:I stack:23544 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 1251.351860][ C1] Call Trace: [ 1251.351868][ C1] [ 1251.380366][ C1] __schedule+0x1800/0x4a60 [ 1251.384913][ C1] ? __pfx___schedule+0x10/0x10 [ 1251.389790][ C1] ? __pfx_lock_release+0x10/0x10 [ 1251.394827][ C1] ? __asan_memset+0x23/0x50 [ 1251.399452][ C1] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 1251.405294][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1251.411638][ C1] ? schedule+0x90/0x320 [ 1251.415893][ C1] schedule+0x14b/0x320 [ 1251.420065][ C1] schedule_timeout+0x1be/0x310 [ 1251.424944][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 1251.430354][ C1] ? __pfx_process_timeout+0x10/0x10 [ 1251.435678][ C1] ? prepare_to_swait_event+0x32e/0x350 [ 1251.441254][ C1] rcu_gp_fqs_loop+0x2df/0x1330 [ 1251.446106][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 1251.451319][ C1] ? __pfx_rcu_implicit_dynticks_qs+0x10/0x10 [ 1251.457406][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 1251.462690][ C1] ? finish_swait+0xd4/0x1e0 [ 1251.467274][ C1] rcu_gp_kthread+0xa7/0x3b0 [ 1251.471856][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1251.477054][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1251.482946][ C1] ? __kthread_parkme+0x169/0x1d0 [ 1251.487970][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1251.493163][ C1] kthread+0x2f0/0x390 [ 1251.497225][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1251.502412][ C1] ? __pfx_kthread+0x10/0x10 [ 1251.507010][ C1] ret_from_fork+0x4b/0x80 [ 1251.511418][ C1] ? __pfx_kthread+0x10/0x10 [ 1251.516007][ C1] ret_from_fork_asm+0x1a/0x30 [ 1251.520773][ C1] [ 1251.523781][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 1251.530089][ C1] Sending NMI from CPU 1 to CPUs 0: [ 1251.535294][ C0] NMI backtrace for cpu 0 [ 1251.535308][ C0] CPU: 0 UID: 0 PID: 2927 Comm: kworker/u8:9 Not tainted 6.11.0-rc7-syzkaller-00097-g196145c606d0 #0 [ 1251.535328][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1251.535339][ C0] Workqueue: events_unbound toggle_allocation_gate [ 1251.535364][ C0] RIP: 0010:smp_call_function_many_cond+0x1860/0x29d0 [ 1251.535384][ C0] Code: 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 39 18 0c 00 41 83 e4 01 49 bc 00 00 00 00 00 fc ff df 75 07 e8 e4 13 0c 00 eb 38 f3 90 <42> 0f b6 04 23 84 c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 c8 13 [ 1251.535398][ C0] RSP: 0018:ffffc90009ae7700 EFLAGS: 00000293 [ 1251.535412][ C0] RAX: ffffffff818778e8 RBX: 1ffff110171288f1 RCX: ffff888031248000 [ 1251.535425][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 1251.535436][ C0] RBP: ffffc90009ae78e0 R08: ffffffff818778b7 R09: 1ffffffff283c908 [ 1251.535449][ C0] R10: dffffc0000000000 R11: fffffbfff283c909 R12: dffffc0000000000 [ 1251.535461][ C0] R13: ffff8880b8944788 R14: ffff8880b883fb40 R15: 0000000000000001 [ 1251.535473][ C0] FS: 0000000000000000(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000 [ 1251.535487][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1251.535500][ C0] CR2: 00007f531c96d866 CR3: 000000000e734000 CR4: 00000000003506f0 [ 1251.535515][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1251.535525][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1251.535536][ C0] Call Trace: [ 1251.535543][ C0] [ 1251.535551][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 1251.535571][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 1251.535592][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1251.535611][ C0] ? nmi_handle+0x2a/0x5a0 [ 1251.535635][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 1251.535653][ C0] ? nmi_handle+0x14f/0x5a0 [ 1251.535668][ C0] ? nmi_handle+0x2a/0x5a0 [ 1251.535685][ C0] ? smp_call_function_many_cond+0x1860/0x29d0 [ 1251.535702][ C0] ? default_do_nmi+0x63/0x160 [ 1251.535721][ C0] ? exc_nmi+0x123/0x1f0 [ 1251.535740][ C0] ? end_repeat_nmi+0xf/0x53 [ 1251.535762][ C0] ? smp_call_function_many_cond+0x1847/0x29d0 [ 1251.535778][ C0] ? smp_call_function_many_cond+0x1878/0x29d0 [ 1251.535796][ C0] ? smp_call_function_many_cond+0x1860/0x29d0 [ 1251.535814][ C0] ? smp_call_function_many_cond+0x1860/0x29d0 [ 1251.535832][ C0] ? smp_call_function_many_cond+0x1860/0x29d0 [ 1251.535850][ C0] [ 1251.535856][ C0] [ 1251.535864][ C0] ? kmem_cache_alloc_bulk_noprof+0x146/0x790 [ 1251.535884][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 1251.535901][ C0] ? kmem_cache_alloc_bulk_noprof+0x146/0x790 [ 1251.535927][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 1251.535945][ C0] ? __pfx___might_resched+0x10/0x10 [ 1251.535963][ C0] ? __mutex_trylock_common+0x183/0x2e0 [ 1251.535979][ C0] ? __pfx___might_resched+0x10/0x10 [ 1251.535999][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 1251.536018][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 1251.536036][ C0] text_poke_bp_batch+0x352/0xb30 [ 1251.536061][ C0] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 1251.536079][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 1251.536099][ C0] ? arch_jump_label_transform_queue+0x9b/0x100 [ 1251.536129][ C0] text_poke_finish+0x30/0x50 [ 1251.536146][ C0] arch_jump_label_transform_apply+0x1c/0x30 [ 1251.536165][ C0] static_key_disable_cpuslocked+0xd2/0x1c0 [ 1251.536186][ C0] static_key_disable+0x1a/0x20 [ 1251.536205][ C0] toggle_allocation_gate+0x1b8/0x250 [ 1251.536226][ C0] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 1251.536247][ C0] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1251.536273][ C0] ? process_scheduled_works+0x945/0x1830 [ 1251.536292][ C0] process_scheduled_works+0xa2c/0x1830 [ 1251.536326][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 1251.536350][ C0] ? assign_work+0x364/0x3d0 [ 1251.536371][ C0] worker_thread+0x870/0xd30 [ 1251.536398][ C0] ? __kthread_parkme+0x169/0x1d0 [ 1251.536419][ C0] ? __pfx_worker_thread+0x10/0x10 [ 1251.536438][ C0] kthread+0x2f0/0x390 [ 1251.536452][ C0] ? __pfx_worker_thread+0x10/0x10 [ 1251.536470][ C0] ? __pfx_kthread+0x10/0x10 [ 1251.536486][ C0] ret_from_fork+0x4b/0x80 [ 1251.536504][ C0] ? __pfx_kthread+0x10/0x10 [ 1251.536519][ C0] ret_from_fork_asm+0x1a/0x30 [ 1251.536546][ C0] [ 1251.959851][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 1251.976017][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 1251.995848][ T1168] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1253.614036][ T6220] usb 5-1: USB disconnect, device number 88