last executing test programs: 12.167870918s ago: executing program 2 (id=1053): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x10b}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000040)={'wlan1\x00', 0x400}) ioctl$TUNSETPERSIST(0xffffffffffffffff, 0x400454cb, 0x1) socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x22, &(0x7f00000001c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32], 0x20}}, 0x0) 12.01017833s ago: executing program 2 (id=1054): bind$tipc(0xffffffffffffffff, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000c40)={0x42, 0x0, 0x0, 0x2}, 0x10) recvfrom(0xffffffffffffffff, &(0x7f0000001a40)=""/4087, 0xff7, 0x400000e1, 0x0, 0x0) 11.819942728s ago: executing program 2 (id=1056): syz_usb_connect(0x0, 0x2d, 0x0, 0x0) 11.190775438s ago: executing program 2 (id=1060): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe4, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000180018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$fuse(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r2, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r2, &(0x7f000000e280)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r2, &(0x7f0000000100)={0x50, 0x0, r3}, 0x50) syz_fuse_handle_req(r2, &(0x7f000000c280)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c7132fd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452802200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2c080000002744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c1789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2040000001a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c3d2a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a56faeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bcfc0dd663f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b3cfb80f9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906918966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e710cfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992febcc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d30969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f0900fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b22c1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda4518b2e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cd2c44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af418075338328f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a00", 0x2000, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)={0x90, 0x0, 0x0, {0x4}}, 0x0, 0x0, 0x0, 0x0}) lremovexattr(&(0x7f0000000580)='./file0/../file0/file0\x00', 0x0) 10.963532932s ago: executing program 2 (id=1061): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000040)={0x0, 0x1}, 0xc) setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, {0xa, 0x0, 0x0, @empty}}, 0x5c) 10.543886104s ago: executing program 2 (id=1062): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x200000000000013f, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r0}, 0x10) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) 3.962689468s ago: executing program 3 (id=1099): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000080000000000000000000850000007d00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000001c0)='kfree\x00', r0}, 0x10) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$sock(r1, &(0x7f0000001d80)={0x0, 0x0, 0x0}, 0x0) 3.765973518s ago: executing program 3 (id=1103): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, 0x35, 0x701, 0x0, 0x0, {0x8}}, 0x14}}, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), 0xffffffffffffffff) r1 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000200)={0x53, 0x0, 0x6, 0x0, @scatter={0x6, 0x0, &(0x7f0000000780)=[{&(0x7f00000000c0)=""/180, 0xb4}, {&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/85, 0x55}, {0x0}, {&(0x7f0000000540)=""/124, 0x7c}, {&(0x7f00000005c0)=""/192, 0xc0}]}, &(0x7f0000000180)="2e1cd343758c", 0x0, 0x7, 0x12, 0x0, 0x0}) r2 = memfd_create(&(0x7f00000008c0)='v\xa6\xf5lj6,r\xaf\xe8\x10/\xecg\xed\xe3h\x80\xb8!y6w\xda\xdd\xb9\nR\xe8@\x99\xb9\x8a\x0fZ\t\x90\x8bp\x10\x84\x86t\x8a\xba\xc6\xfb\xd2\f\xef&\xad\xa8M\xe8\b\xb0#\xac)\x81\x1e\x8a\f\x11D\x90\xf5\xbb\x1c\xac\xc7\xad\xdc\\\x11\x95\xf8\xe6\xa7\xc3\xbc\x18+\x92\x92N\a\xa7\x7fN\x9bL\xf8\xebQs\x02\xf9\xadi\x8f\x0f\xff\x02n\x9d\x85\xea\x1a*\x1bC\xd8\x1c\xe8\x9bYSp\xa5\xfd\ny\xdfS\xdbU\xf80\xa88\tl\xb5b\x83\x97+o:\xfc\x83\x18\xe46\x8a\x029\x19\x8fjC\xce\xa7S\x81\xd5\xda\x84\xdf\xe3A_\x05XCk\x1d\x1cC\x97r\x93\xd6t\x81b\xc7x\xab\xa2\xf0\av\x88\x01\x92\xeaF\xa9!\xfc\x1c\xbf7q\xcf\xed&\x96\xa6\x1c_\xff\xb4\x00X\x1b\xedw\xc1', 0x0) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x20301, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000380)=0x14) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000480)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0xb, '\x00', r4, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x90) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00'}) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendto$packet(0xffffffffffffffff, &(0x7f0000000080)="e7feeeb53d72", 0x6, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r7, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r6, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f00000006c0)={'wg2\x00'}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000000)) epoll_create(0x8) ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000040)) r9 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x20008004) recvmsg$kcm(r9, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000940)=""/4106, 0x100a}, {&(0x7f00000003c0)=""/23, 0x17}], 0x2}, 0x0) r10 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000080), &(0x7f00000001c0)) setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, &(0x7f00000019c0)=ANY=[@ANYBLOB="211b000000000000c204000098a301040000000001030000003b144a7e9af623ecaed79323ce4d61eb8796bad58dbec20400000000072800000000080709007f0000000000000006000000000000004000000000000000090000000000000007180006000004050000040000000000000006000000000000000401040367819b9859ad7b74f7bdd4e17d77a7aacb6b6674b2f194f573c8694b4f50396046a234f8b71aa579a084bcd359c3690632351d830a2c1571511192ee9c676e7f7b93173bdb491076e02a734fa693b8cc4c558d18eeac8c952d1934d528463b09152036ef111ce37a000000"], 0xe8) io_uring_enter(r10, 0x30c6, 0x0, 0x0, 0x0, 0x0) writev(r3, &(0x7f0000000440)=[{&(0x7f00000000c0)="e036bfe9f6080f3c8a4947f18279b10b307f3efdb5a3b3a7851038a2ef751e948ccfd28db727d49f1959ebbd81a7e52cb5e5afd7", 0x55}, {&(0x7f0000000280)="b3a5ae96edf445f20e24a5bffbb42edda7fb80f90a380fd19bc768466f18eebb24", 0x21}], 0x2) write(r2, &(0x7f0000002140)='i', 0x1) 3.427103863s ago: executing program 1 (id=1104): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x10b}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000040)={'wlan1\x00', 0x400}) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'rose0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x22, &(0x7f00000001c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r2], 0x20}}, 0x0) 2.091266031s ago: executing program 3 (id=1105): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x56a, 0x16, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, {0x9}}}]}}]}}, 0x0) ioctl$EVIOCRMFF(r0, 0x550c, 0x0) 1.984372312s ago: executing program 1 (id=1107): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000500)=@getchain={0x34, 0x66, 0x3523ad93bb3d228b, 0x0, 0x0, {}, [{0x8}, {0x7}]}, 0x34}}, 0x0) 1.879603957s ago: executing program 4 (id=1108): fsetxattr$trusted_overlay_origin(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000000c0)=@nat={'nat\x00', 0x19, 0x1, 0x178, [], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="000000000000f8ffffff000000000000000000000000000000000000000000000000000000000000feffffff00000000000000000000000000000000000000f00c0000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff010000000500000000000000080069"]}, 0x113) syz_emit_ethernet(0x29a, &(0x7f00000001c0)={@dev, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x264, 0x3a, 0x0, @dev, @dev, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xd, "7db4265c9f6aa3b46521199ea778d105c24ab977edb940e63f49a7129f45462e5eecc39f468544e3c13aa9017ccd638e784912ef2c2589d0d45cf0ed4bbe909218459bcbeaf63697aef1702b895af582b2e3b5cd435f497d415f29c5d941df10c1ca58197441e0e9b3400d98"}, {0x0, 0x8, "1598a4a8a719ffe0621615f6d04dcae3360546cf06f2665bae2296931fd1d71c1f7e8f222b9ddc4e0bfb5e5c9a484353b785e79b4d8181cf146261723484c54803466e8b"}, {0x0, 0x34, "130c3818a2eaac43f1a6efc4f7772852ea05bff405aa28758ba53e0f2060e4e027f24bb723a5571d0da2ebeb3fe47f34e606cb3987e3681841f511126b773758e143f6be25d6965fcca35155fec3f970e2067f5db8a5de787eaf96b5957e6b988c02ae9fe26ec3118d9fdcca129d1269b290f687cde5b4eaba737c806335ca0d1e43697d144c6df4dc0d31e84004bc22e87b6e2daab5674479c76a1be360d309e7e7e5fa089032b331a3ceea18d92124681c0b78a0f1665ffcba0bee11950f6b4912bb302b3e648fad7ff4862ccc823e720fdb20af8ab0a6a09dfcdacf69923d60a0efeacf81e1e7e17db9547a4962bdec794c013af7210e54d43f3fe7da2f88c674f4cfd818f6a7461368bf62f1d5f98fd9394eb74bf0559f1c6b1ebec57dba007f143108ca4be3fa330cc21a411b0b7af23ebd9282be17fb702a5ca61650b283eec78e0280e4f2713b42bd4e3615c48c55c1abe5827601038109736f9c6b7242e7c9c917309397b864eedf5ca71db1debb609b6381b54955706017731319e0cc41083f99bd11da748b47d8715080899eb15caf19df36632b73bb22596b"}]}}}}}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 1.810183028s ago: executing program 1 (id=1109): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000002080)={0xc, {"a2e3ad21ed0d30f91b5d520987f70e06d038e7ff7fc6e5539b3271298b089b0708356e090890e0878f0e1ac6e7049b3350959bfc9a240d2567f3988f7ef319520100ffe8d178708c523c921b1b9b31070d075d1836cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c198045651cf4778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5e3728ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5182cff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec6800068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 1.649146895s ago: executing program 4 (id=1110): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000240)={0xa, 0x0, 0x6, {0x0, 0x0, 0x3f}}) 1.467765227s ago: executing program 1 (id=1111): socket$vsock_stream(0x28, 0x1, 0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(0xffffffffffffffff, 0x40045532, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101}, 0x0, &(0x7f0000000080)={0x3ff, 0x0, 0xfffffffffffffffc}, 0x0, 0x0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) 1.467601428s ago: executing program 4 (id=1112): socket$inet_udp(0x2, 0x2, 0x0) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETVESABLANK(r0, 0x4b48, &(0x7f0000000000)) 1.273402569s ago: executing program 4 (id=1113): syz_emit_vhci(&(0x7f0000000100)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x4}}, 0x9) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) 1.118510124s ago: executing program 4 (id=1114): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, 0x35, 0x701, 0x0, 0x0, {0x8}}, 0x14}}, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000280), 0xffffffffffffffff) r1 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000200)={0x53, 0x0, 0x6, 0x0, @scatter={0x6, 0x0, &(0x7f0000000780)=[{&(0x7f00000000c0)=""/180, 0xb4}, {&(0x7f00000009c0)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/85, 0x55}, {0x0}, {&(0x7f0000000540)=""/124, 0x7c}, {&(0x7f00000005c0)=""/192, 0xc0}]}, &(0x7f0000000180)="2e1cd343758c", 0x0, 0x7, 0x12, 0x0, 0x0}) r2 = memfd_create(&(0x7f00000008c0)='v\xa6\xf5lj6,r\xaf\xe8\x10/\xecg\xed\xe3h\x80\xb8!y6w\xda\xdd\xb9\nR\xe8@\x99\xb9\x8a\x0fZ\t\x90\x8bp\x10\x84\x86t\x8a\xba\xc6\xfb\xd2\f\xef&\xad\xa8M\xe8\b\xb0#\xac)\x81\x1e\x8a\f\x11D\x90\xf5\xbb\x1c\xac\xc7\xad\xdc\\\x11\x95\xf8\xe6\xa7\xc3\xbc\x18+\x92\x92N\a\xa7\x7fN\x9bL\xf8\xebQs\x02\xf9\xadi\x8f\x0f\xff\x02n\x9d\x85\xea\x1a*\x1bC\xd8\x1c\xe8\x9bYSp\xa5\xfd\ny\xdfS\xdbU\xf80\xa88\tl\xb5b\x83\x97+o:\xfc\x83\x18\xe46\x8a\x029\x19\x8fjC\xce\xa7S\x81\xd5\xda\x84\xdf\xe3A_\x05XCk\x1d\x1cC\x97r\x93\xd6t\x81b\xc7x\xab\xa2\xf0\av\x88\x01\x92\xeaF\xa9!\xfc\x1c\xbf7q\xcf\xed&\x96\xa6\x1c_\xff\xb4\x00X\x1b\xedw\xc1', 0x0) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x20301, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000380)=0x14) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f0000000480)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0xb, '\x00', r4, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x90) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00'}) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendto$packet(0xffffffffffffffff, &(0x7f0000000080)="e7feeeb53d72", 0x6, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_FRAME(r8, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r7, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r6, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001505050505050"], 0x448}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f00000006c0)={'wg2\x00'}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000000)) epoll_create(0x8) ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000040)) r9 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x20008004) recvmsg$kcm(r9, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000940)=""/4106, 0x100a}, {&(0x7f00000003c0)=""/23, 0x17}], 0x2}, 0x0) r10 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000080), &(0x7f00000001c0)) setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, &(0x7f00000019c0)=ANY=[@ANYBLOB="211b000000000000c204000098a301040000000001030000003b144a7e9af623ecaed79323ce4d61eb8796bad58dbec20400000000072800000000080709007f0000000000000006000000000000004000000000000000090000000000000007180006000004050000040000000000000006000000000000000401040367819b9859ad7b74f7bdd4e17d77a7aacb6b6674b2f194f573c8694b4f50396046a234f8b71aa579a084bcd359c3690632351d830a2c1571511192ee9c676e7f7b93173bdb491076e02a734fa693b8cc4c558d18eeac8c952d1934d528463b09152036ef111ce37a000000"], 0xe8) io_uring_enter(r10, 0x30c6, 0x0, 0x0, 0x0, 0x0) writev(r3, &(0x7f0000000440)=[{&(0x7f00000000c0)="e036bfe9f6080f3c8a4947f18279b10b307f3efdb5a3b3a7851038a2ef751e948ccfd28db727d49f1959ebbd81a7e52cb5e5afd7", 0x55}, {&(0x7f0000000280)="b3a5ae96edf445f20e24a5bffbb42edda7fb80f90a380fd19bc768466f18eebb24", 0x21}], 0x2) write(r2, &(0x7f0000002140)='i', 0x1) 946.878861ms ago: executing program 0 (id=1115): capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)) r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0) r2 = dup2(r1, r0) ioctl$DRM_IOCTL_SET_MASTER(r2, 0x641e) 868.906924ms ago: executing program 0 (id=1116): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x10b}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000040)={'wlan1\x00', 0x400}) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'rose0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x22, &(0x7f00000001c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r2], 0x20}}, 0x0) 639.234927ms ago: executing program 0 (id=1117): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = dup2(r0, r0) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x8008af26, &(0x7f0000000040)) 479.767771ms ago: executing program 0 (id=1118): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000500)=@getchain={0x34, 0x66, 0x3523ad93bb3d228b, 0x0, 0x0, {}, [{0x8}, {0x7}]}, 0x34}}, 0x0) 398.150429ms ago: executing program 0 (id=1119): fsetxattr$trusted_overlay_origin(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000000c0)=@nat={'nat\x00', 0x19, 0x1, 0x178, [], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="000000000000f8ffffff000000000000000000000000000000000000000000000000000000000000feffffff00000000000000000000000000000000000000f00c0000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff010000000500000000000000080069"]}, 0x113) syz_emit_ethernet(0x29a, &(0x7f00000001c0)={@dev, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x264, 0x3a, 0x0, @dev, @dev, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xd, "7db4265c9f6aa3b46521199ea778d105c24ab977edb940e63f49a7129f45462e5eecc39f468544e3c13aa9017ccd638e784912ef2c2589d0d45cf0ed4bbe909218459bcbeaf63697aef1702b895af582b2e3b5cd435f497d415f29c5d941df10c1ca58197441e0e9b3400d98"}, {0x0, 0x8, "1598a4a8a719ffe0621615f6d04dcae3360546cf06f2665bae2296931fd1d71c1f7e8f222b9ddc4e0bfb5e5c9a484353b785e79b4d8181cf146261723484c54803466e8b"}, {0x0, 0x34, "130c3818a2eaac43f1a6efc4f7772852ea05bff405aa28758ba53e0f2060e4e027f24bb723a5571d0da2ebeb3fe47f34e606cb3987e3681841f511126b773758e143f6be25d6965fcca35155fec3f970e2067f5db8a5de787eaf96b5957e6b988c02ae9fe26ec3118d9fdcca129d1269b290f687cde5b4eaba737c806335ca0d1e43697d144c6df4dc0d31e84004bc22e87b6e2daab5674479c76a1be360d309e7e7e5fa089032b331a3ceea18d92124681c0b78a0f1665ffcba0bee11950f6b4912bb302b3e648fad7ff4862ccc823e720fdb20af8ab0a6a09dfcdacf69923d60a0efeacf81e1e7e17db9547a4962bdec794c013af7210e54d43f3fe7da2f88c674f4cfd818f6a7461368bf62f1d5f98fd9394eb74bf0559f1c6b1ebec57dba007f143108ca4be3fa330cc21a411b0b7af23ebd9282be17fb702a5ca61650b283eec78e0280e4f2713b42bd4e3615c48c55c1abe5827601038109736f9c6b7242e7c9c917309397b864eedf5ca71db1debb609b6381b54955706017731319e0cc41083f99bd11da748b47d8715080899eb15caf19df36632b73bb22596b"}]}}}}}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 342.118867ms ago: executing program 3 (id=1120): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r0}, 0x10) socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_io_uring_setup(0x24fa, &(0x7f0000000180)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f00000000c0)=0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f00000002c0)=ANY=[@ANYRES32=r1, @ANYRESOCT], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r2, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 287.730478ms ago: executing program 1 (id=1121): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x2) ioctl$TIOCSTI(r0, 0x5437, 0x0) 183.803866ms ago: executing program 0 (id=1122): r0 = socket$kcm(0x10, 0x3, 0x10) syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRES8=r0, @ANYRES16=r0, @ANYRESHEX=r0, @ANYRESHEX=r0, @ANYRES64, @ANYRES16=r0, @ANYRES64=r0], 0x7) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYRESDEC=r0], 0x2e) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04030b00c9020000000000000005"], 0xe) syz_emit_vhci(0x0, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000280), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) r3 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet6(r3, &(0x7f0000000900)={&(0x7f00000000c0)={0xa, 0x4e24, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}, 0x4}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000290000003b0000000000000000000000280000000000000000000000000000000000000000000000000000000000000000000000000000009749a5a939ea1d1cd5858a9b7b688305338929259b4819d02a7112992b712bb16895b35be9ff8abda09215a5cb6ff40493997c6c30282aef7338d79122b8da4db86c32734896ea3afa4bed7fce6627d339c822e9dc7fbb94e8c97e25c60a3249efce3f9690b95241b92656477c9bda0bceaaffd12984b97605c9b202d0ed8d08122ba34c7dfb81ff0052141aab79e57f535756870a9dc8f484fa58dddc5697f82ebc7fdf27d81c643d233476fc67ea127e0ec6a2bc820c0a2700e8f1e8297c2ca20904044730d6c3"], 0xd}, 0x24008004) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$ARCH_SHSTK_UNLOCK(0x6, r5, 0x2, 0x5004) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'veth1_to_batadv\x00'}) sendmmsg$unix(r4, &(0x7f0000000000), 0x0, 0x800) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) arch_prctl$ARCH_SHSTK_ENABLE(0x1011, 0x0) mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0) r6 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r6, 0x8982, &(0x7f0000000a40)={0x0, 'macsec0\x00'}) mmap$usbmon(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0xe, 0x10, r1, 0x0) mknod$loop(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 144.823758ms ago: executing program 1 (id=1123): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[0x0], 0xf4240}) 99.853478ms ago: executing program 3 (id=1124): r0 = socket(0x22, 0x2, 0x1) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, 0x0, 0x0) 92.905743ms ago: executing program 4 (id=1125): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x24000044, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10) r1 = syz_io_uring_setup(0x5169, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)=0x0) syz_io_uring_setup(0x5e1, &(0x7f0000000600), &(0x7f0000000440)=0x0, &(0x7f0000000180)) syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r1, 0xb15, 0x0, 0x0, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000005740)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000400)='B', 0x100000}], 0x1}}], 0x1, 0x0) 0s ago: executing program 3 (id=1126): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x10b}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000040)={'wlan1\x00', 0x400}) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'rose0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x22, &(0x7f00000001c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r2], 0x20}}, 0x0) kernel console output (not intermixed with test programs): forwarding state [ 245.019475][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.026683][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 245.120909][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 245.140078][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 245.170609][ T7922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 245.202993][ T7922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.242585][ T7922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 245.257641][ T8084] FAULT_INJECTION: forcing a failure. [ 245.257641][ T8084] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 245.279804][ T7922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.298471][ T8084] CPU: 1 PID: 8084 Comm: syz.3.526 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 245.308145][ T8084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 245.318220][ T8084] Call Trace: [ 245.321526][ T8084] [ 245.324482][ T8084] dump_stack_lvl+0x241/0x360 [ 245.329283][ T8084] ? __pfx_dump_stack_lvl+0x10/0x10 [ 245.334508][ T8084] ? __pfx__printk+0x10/0x10 [ 245.339137][ T8084] ? snprintf+0xda/0x120 [ 245.343433][ T8084] should_fail_ex+0x3b0/0x4e0 [ 245.348335][ T8084] _copy_to_user+0x2f/0xb0 [ 245.352779][ T8084] simple_read_from_buffer+0xca/0x150 [ 245.358180][ T8084] proc_fail_nth_read+0x1e9/0x250 [ 245.363251][ T8084] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 245.368845][ T8084] ? rw_verify_area+0x520/0x6b0 [ 245.373843][ T8084] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 245.379419][ T8084] vfs_read+0x204/0xbc0 [ 245.383612][ T8084] ? __pfx_lock_release+0x10/0x10 [ 245.388667][ T8084] ? do_sock_setsockopt+0x3e2/0x720 [ 245.393895][ T8084] ? __pfx_vfs_read+0x10/0x10 [ 245.398596][ T8084] ? __fget_files+0x29/0x470 [ 245.403211][ T8084] ? __fget_files+0x3f6/0x470 [ 245.407930][ T8084] ksys_read+0x1a0/0x2c0 [ 245.412209][ T8084] ? __pfx_ksys_read+0x10/0x10 [ 245.417014][ T8084] ? arch_syscall_is_vdso_sigreturn+0x125/0x1a0 [ 245.423378][ T8084] ? syscall_user_dispatch+0x4e/0x90 [ 245.428701][ T8084] do_syscall_64+0xf3/0x230 [ 245.433230][ T8084] ? clear_bhb_loop+0x35/0x90 [ 245.437933][ T8084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.443935][ T8084] RIP: 0033:0x7f2ca997457c [ 245.448372][ T8084] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 245.468002][ T8084] RSP: 002b:00007f2caa690040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 245.476449][ T8084] RAX: ffffffffffffffda RBX: 00007f2ca9b03f60 RCX: 00007f2ca997457c [ 245.484455][ T8084] RDX: 000000000000000f RSI: 00007f2caa6900b0 RDI: 0000000000000004 [ 245.492451][ T8084] RBP: 00007f2caa6900a0 R08: 0000000000000000 R09: 0000000000000000 [ 245.500452][ T8084] R10: 0000000020000a00 R11: 0000000000000246 R12: 0000000000000001 [ 245.508533][ T8084] R13: 000000000000000b R14: 00007f2ca9b03f60 R15: 00007f2ca9c2fa78 [ 245.516550][ T8084] [ 245.521170][ T7922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 245.533507][ T7922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.545198][ T7922] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 245.555996][ T7922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 245.573174][ T7922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.583630][ T7922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 245.594225][ T7922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.604580][ T7922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 245.622031][ T7922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 245.649133][ T7922] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 245.713606][ T7922] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.723702][ T7922] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.742594][ T7922] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.753252][ T7922] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 245.814808][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 245.837936][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 245.906390][ T7942] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 246.184647][ T7942] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 246.220726][ T2458] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 246.265537][ T2458] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 246.348447][ T9] usb 4-1: new low-speed USB device number 19 using dummy_hcd [ 246.356179][ T1107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 246.378088][ T1107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 246.486294][ T7942] veth0_vlan: entered promiscuous mode [ 246.556207][ T7942] veth1_vlan: entered promiscuous mode [ 246.586709][ T9] usb 4-1: config index 0 descriptor too short (expected 6427, got 27) [ 246.627024][ T9] usb 4-1: config 0 has an invalid interface number: 21 but max is 0 [ 246.670886][ T9] usb 4-1: config 0 has no interface number 0 [ 246.696910][ T9] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt [ 246.727255][ T7942] veth0_macvtap: entered promiscuous mode [ 246.738104][ T9] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 246.773089][ T9] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 246.803963][ T7942] veth1_macvtap: entered promiscuous mode [ 246.834864][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.880828][ T9] usb 4-1: config 0 descriptor?? [ 246.925763][ T7942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 246.980569][ T7942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.012443][ T7942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.024346][ T7942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.047105][ T7942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.077868][ T7942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.094146][ T7942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 247.129444][ T7942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.153077][ T7942] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 247.215070][ T7942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 247.240593][ T7942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.258539][ T7942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 247.271309][ T7942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.302019][ T7942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 247.318022][ T7942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.336936][ T7942] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 247.387919][ T7942] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.408702][ T7942] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 247.443718][ T7942] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 247.467134][ T7942] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 247.493667][ T7942] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 247.512708][ T7942] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 247.567978][ T6170] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 247.739632][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 247.778080][ T6170] usb 3-1: Using ep0 maxpacket: 32 [ 247.806678][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 247.822562][ T6170] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 247.858514][ T6170] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 247.904617][ T6170] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 247.936166][ T6170] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 247.947729][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 247.956076][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 247.992282][ T6170] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 248.022147][ T6170] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 248.076392][ T6170] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 248.117824][ T6170] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.163090][ T6170] usb 3-1: Product: syz [ 248.177380][ T6170] usb 3-1: Manufacturer: syz [ 248.199760][ T6170] usb 3-1: SerialNumber: syz [ 248.241211][ T9] usb 4-1: USB disconnect, device number 19 [ 248.262461][ T8158] netlink: 'syz.1.536': attribute type 29 has an invalid length. [ 248.295755][ T8158] netlink: 'syz.1.536': attribute type 29 has an invalid length. [ 248.306284][ T8160] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 248.327000][ T8160] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 248.343034][ T8161] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.350770][ T8161] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.394796][ T8161] bridge0: port 2(bridge_slave_1) entered blocking state [ 248.402310][ T8161] bridge0: port 2(bridge_slave_1) entered forwarding state [ 248.410911][ T8161] bridge0: port 1(bridge_slave_0) entered blocking state [ 248.418151][ T8161] bridge0: port 1(bridge_slave_0) entered forwarding state [ 248.538442][ T6171] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 248.544935][ T8161] team0: Port device bridge0 added [ 248.584699][ T8158] netlink: 'syz.1.536': attribute type 29 has an invalid length. [ 248.602339][ T8164] bridge_slave_1: left allmulticast mode [ 248.602395][ T8164] bridge_slave_1: left promiscuous mode [ 248.602661][ T8164] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.690924][ T8164] bridge_slave_0: left allmulticast mode [ 248.710379][ T8164] bridge_slave_0: left promiscuous mode [ 248.716399][ T8164] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.724127][ T6171] usb 1-1: device descriptor read/64, error -71 [ 248.797706][ T8164] team0: Port device bridge0 removed [ 248.901318][ T5147] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 248.936667][ T8146] netlink: 8 bytes leftover after parsing attributes in process `syz.2.532'. [ 248.973962][ T6170] cdc_ncm 3-1:1.0: bind() failure [ 248.999473][ T6171] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 249.015966][ T6170] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 249.043909][ T6170] cdc_ncm 3-1:1.1: bind() failure [ 249.082512][ T6170] usb 3-1: USB disconnect, device number 19 [ 249.122193][ T5147] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 249.158647][ T5147] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 47, changing to 9 [ 249.187898][ T6171] usb 1-1: device descriptor read/64, error -71 [ 249.208672][ T5147] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 58219, setting to 1024 [ 249.240698][ T5147] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 249.271278][ T5147] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 249.294841][ T5147] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.319110][ T6171] usb usb1-port1: attempt power cycle [ 249.328020][ T5147] usb 5-1: config 0 descriptor?? [ 249.744418][ T5147] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x1 [ 249.758103][ T6171] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 249.781211][ T5147] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 249.819107][ T6171] usb 1-1: device descriptor read/8, error -71 [ 249.857949][ T5147] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 249.933620][ T8176] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0 [ 250.088178][ T6171] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 250.131844][ T6171] usb 1-1: device descriptor read/8, error -71 [ 250.273112][ T6171] usb usb1-port1: unable to enumerate USB device [ 250.292024][ T2466] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.472553][ T8182] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 250.551294][ T2466] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.763043][ T2466] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 250.991343][ T2466] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.081780][ T8190] : renamed from bond0 (while UP) [ 251.109035][ T5106] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 251.119891][ T5106] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 251.128676][ T5106] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 251.136626][ T5106] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 251.146942][ T5106] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 251.157948][ T5106] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 251.217898][ T6181] usb 5-1: reset high-speed USB device number 29 using dummy_hcd [ 251.355061][ T8202] process 'syz.0.550' launched './file0' with NULL argv: empty string added [ 251.418199][ T6181] usb 5-1: device descriptor read/64, error -32 [ 251.425957][ T29] kauditd_printk_skb: 33 callbacks suppressed [ 251.425975][ T29] audit: type=1326 audit(1721258073.846:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8188 comm="syz.3.548" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2ca9975a99 code=0x0 [ 251.529706][ T2466] bridge_slave_1: left allmulticast mode [ 251.557343][ T2466] bridge_slave_1: left promiscuous mode [ 251.576982][ T2466] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.605681][ T2466] bridge_slave_0: left allmulticast mode [ 251.617857][ T2466] bridge_slave_0: left promiscuous mode [ 251.638557][ T2466] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.099252][ T8213] netlink: 4200 bytes leftover after parsing attributes in process `syz.3.554'. [ 252.292725][ T6181] usb 5-1: reset high-speed USB device number 29 using dummy_hcd [ 252.304780][ T6181] usb 5-1: device reset changed ep0 maxpacket size! [ 252.330009][ T5147] usb 5-1: USB disconnect, device number 29 [ 252.387171][ T2466] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 252.402542][ T2466] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 252.413534][ T2466] bond0 (unregistering): Released all slaves [ 252.500085][ T8220] FAULT_INJECTION: forcing a failure. [ 252.500085][ T8220] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 252.533409][ T8220] CPU: 0 PID: 8220 Comm: syz.1.556 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 252.543095][ T8220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 252.548296][ T5147] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 252.553146][ T8220] Call Trace: [ 252.553162][ T8220] [ 252.553171][ T8220] dump_stack_lvl+0x241/0x360 [ 252.553199][ T8220] ? __pfx_dump_stack_lvl+0x10/0x10 [ 252.577152][ T8220] ? __pfx__printk+0x10/0x10 [ 252.581772][ T8220] ? __pfx_lock_release+0x10/0x10 [ 252.586837][ T8220] should_fail_ex+0x3b0/0x4e0 [ 252.591544][ T8220] _copy_from_user+0x2f/0xe0 [ 252.596250][ T8220] copy_from_sockptr_offset+0x6b/0xb0 [ 252.601696][ T8220] do_ipt_set_ctl+0xbdd/0x1250 [ 252.606494][ T8220] ? __pfx___might_resched+0x10/0x10 [ 252.611814][ T8220] ? __pfx_do_ipt_set_ctl+0x10/0x10 [ 252.617043][ T8220] ? __pfx_lock_release+0x10/0x10 [ 252.622108][ T8220] ? __mutex_unlock_slowpath+0x21d/0x750 [ 252.627775][ T8220] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 252.633179][ T8220] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 252.639271][ T8220] ? module_put+0x13a/0x2d0 [ 252.643889][ T8220] nf_setsockopt+0x295/0x2c0 [ 252.648501][ T8220] dccp_setsockopt+0x17c/0x12c0 [ 252.653355][ T8220] ? __pfx_aa_sk_perm+0x10/0x10 [ 252.658200][ T8220] ? __pfx_dccp_setsockopt+0x10/0x10 [ 252.663475][ T8220] ? aa_sock_opt_perm+0x79/0x120 [ 252.668427][ T8220] ? sock_common_setsockopt+0x37/0xc0 [ 252.673796][ T8220] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 252.679692][ T8220] do_sock_setsockopt+0x3af/0x720 [ 252.684716][ T8220] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 252.690254][ T8220] ? __fget_files+0x29/0x470 [ 252.694837][ T8220] ? __fget_files+0x3f6/0x470 [ 252.699698][ T8220] __sys_setsockopt+0x1ae/0x250 [ 252.704550][ T8220] __x64_sys_setsockopt+0xb5/0xd0 [ 252.709586][ T8220] do_syscall_64+0xf3/0x230 [ 252.714207][ T8220] ? clear_bhb_loop+0x35/0x90 [ 252.718899][ T8220] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.724815][ T8220] RIP: 0033:0x7f9368375a99 [ 252.729228][ T8220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 252.748841][ T8220] RSP: 002b:00007f9369090048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 252.757255][ T8220] RAX: ffffffffffffffda RBX: 00007f9368503f60 RCX: 00007f9368375a99 [ 252.765220][ T8220] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003 [ 252.773183][ T8220] RBP: 00007f93690900a0 R08: 0000000000000368 R09: 0000000000000000 [ 252.781142][ T8220] R10: 0000000020000c00 R11: 0000000000000246 R12: 0000000000000001 [ 252.789108][ T8220] R13: 000000000000000b R14: 00007f9368503f60 R15: 00007f936862fa78 [ 252.797147][ T8220] [ 252.922256][ T5147] usb 5-1: Using ep0 maxpacket: 32 [ 252.931925][ T5147] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 252.945859][ T5147] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 252.972949][ T5147] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 252.996451][ T5147] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 253.047860][ T5147] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 253.089082][ T5147] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 253.143884][ T5147] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 253.154298][ T5147] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.178328][ T5147] usb 5-1: Product: syz [ 253.182535][ T5147] usb 5-1: Manufacturer: syz [ 253.193765][ T8193] chnl_net:caif_netlink_parms(): no params data found [ 253.197817][ T5147] usb 5-1: SerialNumber: syz [ 253.268346][ T5106] Bluetooth: hci3: command tx timeout [ 253.388032][ T6171] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 253.405997][ T2466] hsr_slave_0: left promiscuous mode [ 253.415155][ T2466] hsr_slave_1: left promiscuous mode [ 253.428901][ T2466] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 253.436657][ T2466] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 253.455114][ T2466] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 253.462984][ T2466] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 253.503156][ T2466] veth1_macvtap: left promiscuous mode [ 253.510037][ T2466] veth0_macvtap: left promiscuous mode [ 253.516710][ T2466] veth1_vlan: left promiscuous mode [ 253.523236][ T2466] veth0_vlan: left promiscuous mode [ 253.578033][ T6171] usb 2-1: Using ep0 maxpacket: 16 [ 253.587359][ T6171] usb 2-1: New USB device found, idVendor=1397, idProduct=00bd, bcdDevice=c5.66 [ 253.638216][ T6171] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 253.654109][ T6171] usb 2-1: config 0 descriptor?? [ 253.663535][ T6171] usb 2-1: invalid MIDI EP [ 253.663654][ T6171] usb 2-1: snd-bcd2000: error during probing [ 253.679881][ T6171] snd-bcd2000 2-1:0.0: probe with driver snd-bcd2000 failed with error -22 [ 254.061672][ T6181] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 254.273109][ T6181] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 254.302377][ T6181] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 47, changing to 9 [ 254.329160][ T6181] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 58219, setting to 1024 [ 254.338906][ T6171] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 254.342967][ T6181] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 254.391853][ T6181] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 254.407298][ T6181] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.448834][ T6181] usb 1-1: config 0 descriptor?? [ 254.548557][ T6171] usb 4-1: Using ep0 maxpacket: 16 [ 254.569595][ T6171] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 254.595006][ T6171] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 254.607282][ T2466] team0 (unregistering): Port device team_slave_1 removed [ 254.614781][ T6171] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.653963][ T6171] usb 4-1: config 0 descriptor?? [ 254.687243][ T2466] team0 (unregistering): Port device team_slave_0 removed [ 254.873097][ T6181] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x1 [ 254.886772][ T6181] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving [ 254.905137][ T6181] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 255.106753][ T8262] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 255.123905][ T8262] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 255.149130][ T6171] hid (null): bogus close delimiter [ 255.163609][ T6171] hid (null): unknown global tag 0x83 [ 255.176049][ T6171] hid (null): unknown global tag 0xc [ 255.184841][ T6171] hid-generic 0003:0158:0100.0008: unknown main item tag 0x1 [ 255.193722][ T6171] hid-generic 0003:0158:0100.0008: unexpected long global item [ 255.202423][ T6171] hid-generic 0003:0158:0100.0008: probe with driver hid-generic failed with error -22 [ 255.320345][ T8245] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.328208][ T8245] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.347866][ T5106] Bluetooth: hci3: command tx timeout [ 255.360177][ T6177] usb 4-1: USB disconnect, device number 20 [ 255.372355][ T8245] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.379874][ T8245] bridge0: port 2(bridge_slave_1) entered forwarding state [ 255.388934][ T8245] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.396122][ T8245] bridge0: port 1(bridge_slave_0) entered forwarding state [ 255.465930][ T8245] team0: Port device bridge0 added [ 255.472844][ T8251] netlink: 8 bytes leftover after parsing attributes in process `syz.4.552'. [ 255.484917][ T8255] bridge_slave_1: left allmulticast mode [ 255.499889][ T8255] bridge_slave_1: left promiscuous mode [ 255.506100][ T8255] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.516546][ T5147] cdc_ncm 5-1:1.0: bind() failure [ 255.533900][ T5147] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 255.535233][ T8255] bridge_slave_0: left allmulticast mode [ 255.541040][ T5147] cdc_ncm 5-1:1.1: bind() failure [ 255.552044][ T8255] bridge_slave_0: left promiscuous mode [ 255.563784][ T8255] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.576935][ T5147] usb 5-1: USB disconnect, device number 30 [ 255.632419][ T8255] team0: Port device bridge0 removed [ 255.743106][ T8193] bridge0: port 1(bridge_slave_0) entered blocking state [ 255.750900][ T8193] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.758457][ T8193] bridge_slave_0: entered allmulticast mode [ 255.765532][ T8193] bridge_slave_0: entered promiscuous mode [ 255.819037][ T8193] bridge0: port 2(bridge_slave_1) entered blocking state [ 255.826276][ T8193] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.840881][ T8193] bridge_slave_1: entered allmulticast mode [ 255.852432][ T8193] bridge_slave_1: entered promiscuous mode [ 255.894622][ T8193] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 255.914364][ T8193] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 256.012150][ T8193] team0: Port device team_slave_0 added [ 256.031032][ T8193] team0: Port device team_slave_1 added [ 256.076614][ T1252] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.087986][ T1252] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.186156][ T8269] input: syz0 as /devices/virtual/input/input12 [ 256.206205][ T8268] syzkaller0: entered allmulticast mode [ 256.255488][ T5147] usb 1-1: reset high-speed USB device number 16 using dummy_hcd [ 256.263989][ T8193] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 256.290175][ T8193] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 256.349749][ T8193] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 256.373231][ T8193] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 256.384890][ T8193] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 256.394829][ T6177] usb 2-1: USB disconnect, device number 18 [ 256.434974][ T5147] usb 1-1: device descriptor read/64, error -32 [ 256.478797][ T8193] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 256.548379][ T8267] syzkaller0: left allmulticast mode [ 256.654805][ T8274] loop0: detected capacity change from 0 to 7 [ 256.686885][ T8274] Dev loop0: unable to read RDB block 7 [ 256.695673][ T5101] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 256.702257][ T8274] loop0: unable to read partition table [ 256.711309][ T8274] loop0: partition table beyond EOD, truncated [ 256.721211][ T5147] usb 1-1: reset high-speed USB device number 16 using dummy_hcd [ 256.721544][ T8274] loop_reread_partitions: partition scan of loop0 (ώθ’«xόŸΡψ ιΪ¬§½dΖ€΄ΰ–ƒέ‘―¨β·ϋ [ 256.721544][ T8274] ) failed (rc=-5) [ 256.733380][ T5101] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 256.753116][ T5101] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 256.797141][ T5101] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 256.806900][ T5101] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 256.815803][ T5101] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 256.834782][ T8193] hsr_slave_0: entered promiscuous mode [ 256.858184][ T8193] hsr_slave_1: entered promiscuous mode [ 256.877185][ T8193] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 256.878206][ T8282] netlink: 8 bytes leftover after parsing attributes in process `syz.3.569'. [ 256.894607][ T8193] Cannot create hsr debugfs directory [ 256.997510][ T2458] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.169197][ T6181] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 257.179722][ T2458] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.297181][ T2458] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.383251][ T6181] usb 2-1: Using ep0 maxpacket: 8 [ 257.395993][ T6181] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 257.409716][ T6181] usb 2-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 257.420476][ T5101] Bluetooth: hci3: command tx timeout [ 257.423494][ T6181] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 257.435238][ T6181] usb 2-1: SerialNumber: syz [ 257.446377][ T6181] usb 2-1: config 0 descriptor?? [ 257.454580][ T6181] usb 2-1: Found UVC 0.00 device (05ac:8501) [ 257.463527][ T6181] usb 2-1: No valid video chain found. [ 257.540556][ T2458] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 257.580533][ T46] usb 1-1: USB disconnect, device number 16 [ 257.797916][ T6181] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 258.018142][ T6181] usb 4-1: Using ep0 maxpacket: 16 [ 258.026924][ T6181] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 258.064779][ T6181] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 258.099789][ T6181] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.135098][ T6181] usb 4-1: config 0 descriptor?? [ 258.179175][ T8284] chnl_net:caif_netlink_parms(): no params data found [ 258.572943][ T8307] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 258.599579][ T8307] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 258.624331][ T6181] hid (null): invalid report_size 24940 [ 258.655580][ T6181] hid (null): unknown global tag 0x83 [ 258.661797][ T6181] hid (null): unknown global tag 0xc [ 258.682229][ T6181] hid-generic 0003:0158:0100.0009: unknown main item tag 0x1 [ 258.703434][ T6181] hid-generic 0003:0158:0100.0009: unexpected long global item [ 258.715096][ T6181] hid-generic 0003:0158:0100.0009: probe with driver hid-generic failed with error -22 [ 258.837163][ T6177] usb 4-1: USB disconnect, device number 21 [ 258.947941][ T5101] Bluetooth: hci1: command tx timeout [ 259.090653][ T2458] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 259.125525][ T2458] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 259.166457][ T2458] bond0 (unregistering): Released all slaves [ 259.209009][ T8321] netlink: 'syz.1.571': attribute type 8 has an invalid length. [ 259.428421][ T8321] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 259.439499][ T8321] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 259.501967][ T5101] Bluetooth: hci3: command tx timeout [ 259.732760][ T8284] bridge0: port 1(bridge_slave_0) entered blocking state [ 259.776387][ T8284] bridge0: port 1(bridge_slave_0) entered disabled state [ 259.808225][ T8284] bridge_slave_0: entered allmulticast mode [ 259.826338][ T8284] bridge_slave_0: entered promiscuous mode [ 259.852122][ T8284] bridge0: port 2(bridge_slave_1) entered blocking state [ 259.872771][ T8284] bridge0: port 2(bridge_slave_1) entered disabled state [ 259.895608][ T8284] bridge_slave_1: entered allmulticast mode [ 259.921609][ T8284] bridge_slave_1: entered promiscuous mode [ 260.005383][ T2458] hsr_slave_0: left promiscuous mode [ 260.072144][ T2458] hsr_slave_1: left promiscuous mode [ 260.139141][ T2458] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 260.153486][ T2458] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 260.185051][ T2458] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 260.204658][ T2458] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 260.257475][ T2458] veth1_macvtap: left promiscuous mode [ 260.275033][ T2458] veth0_macvtap: left promiscuous mode [ 260.287245][ T2458] veth1_vlan: left promiscuous mode [ 260.303180][ T2458] veth0_vlan: left promiscuous mode [ 260.633329][ T5151] usb 2-1: USB disconnect, device number 19 [ 261.027906][ T5101] Bluetooth: hci1: command tx timeout [ 261.305067][ T2458] team0 (unregistering): Port device team_slave_1 removed [ 261.415020][ T2458] team0 (unregistering): Port device team_slave_0 removed [ 261.688076][ T5147] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 261.914404][ T5147] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 261.951987][ T5147] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 261.983562][ T5147] usb 2-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 262.015826][ T5147] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.052073][ T5147] usb 2-1: config 0 descriptor?? [ 262.511936][ T5147] hid-led 0003:1D34:000A.000A: unknown main item tag 0x0 [ 263.098609][ T5101] Bluetooth: hci1: command tx timeout [ 263.255293][ T8193] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 263.368250][ T8193] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 263.397518][ T8193] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 263.440650][ T8284] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 263.453030][ T8193] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 263.499395][ T8284] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 263.687611][ T8284] team0: Port device team_slave_0 added [ 263.701624][ T8284] team0: Port device team_slave_1 added [ 263.850421][ T8284] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 263.877483][ T8284] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 263.903914][ T6181] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 263.915118][ T8284] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 263.945130][ T8284] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 263.952873][ T8284] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 263.982067][ T8284] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 264.088872][ T6181] usb 1-1: Using ep0 maxpacket: 8 [ 264.138692][ T6181] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 264.158439][ T6181] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 264.183452][ T6181] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 264.215032][ T8284] hsr_slave_0: entered promiscuous mode [ 264.221857][ T6181] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 264.237706][ T8284] hsr_slave_1: entered promiscuous mode [ 264.252082][ T6181] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 264.275795][ T8284] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 264.284771][ T8284] Cannot create hsr debugfs directory [ 264.290456][ T6181] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 264.313271][ T6181] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.344681][ T5147] hid-led 0003:1D34:000A.000A: probe with driver hid-led failed with error -71 [ 264.389296][ T5147] usb 2-1: USB disconnect, device number 20 [ 264.435243][ T8402] netlink: 40 bytes leftover after parsing attributes in process `syz.3.589'. [ 264.578441][ T6181] usb 1-1: GET_CAPABILITIES returned 0 [ 264.605774][ T6181] usbtmc 1-1:16.0: can't read capabilities [ 264.910467][ T8193] 8021q: adding VLAN 0 to HW filter on device bond0 [ 265.017416][ T8193] 8021q: adding VLAN 0 to HW filter on device team0 [ 265.177943][ T5101] Bluetooth: hci1: command tx timeout [ 265.192280][ T6175] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.199507][ T6175] bridge0: port 1(bridge_slave_0) entered forwarding state [ 265.266537][ T6181] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.273723][ T6181] bridge0: port 2(bridge_slave_1) entered forwarding state [ 265.429932][ T8422] FAULT_INJECTION: forcing a failure. [ 265.429932][ T8422] name failslab, interval 1, probability 0, space 0, times 0 [ 265.471961][ T8422] CPU: 0 PID: 8422 Comm: syz.1.592 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 265.481634][ T8422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 265.491717][ T8422] Call Trace: [ 265.495011][ T8422] [ 265.497959][ T8422] dump_stack_lvl+0x241/0x360 [ 265.502663][ T8422] ? __pfx_dump_stack_lvl+0x10/0x10 [ 265.507882][ T8422] ? __pfx__printk+0x10/0x10 [ 265.512488][ T8422] ? __pfx___might_resched+0x10/0x10 [ 265.517794][ T8422] should_fail_ex+0x3b0/0x4e0 [ 265.522493][ T8422] ? genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 265.528755][ T8422] should_failslab+0x9/0x20 [ 265.533270][ T8422] __kmalloc_noprof+0xd8/0x400 [ 265.538211][ T8422] genl_family_rcv_msg_attrs_parse+0xa3/0x290 [ 265.544279][ T8422] genl_rcv_msg+0x802/0xec0 [ 265.548777][ T8422] ? mark_lock+0x9a/0x350 [ 265.553104][ T8422] ? __pfx_genl_rcv_msg+0x10/0x10 [ 265.558141][ T8422] ? __pfx_lock_acquire+0x10/0x10 [ 265.563157][ T8422] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 265.568622][ T8422] ? __pfx_nl80211_set_wiphy+0x10/0x10 [ 265.574072][ T8422] ? __pfx_nl80211_post_doit+0x10/0x10 [ 265.579534][ T8422] ? __pfx___might_resched+0x10/0x10 [ 265.584819][ T8422] netlink_rcv_skb+0x1e3/0x430 [ 265.589590][ T8422] ? __pfx_genl_rcv_msg+0x10/0x10 [ 265.594612][ T8422] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 265.599909][ T8422] ? __netlink_deliver_tap+0x77e/0x7c0 [ 265.605378][ T8422] genl_rcv+0x28/0x40 [ 265.609355][ T8422] netlink_unicast+0x7f0/0x990 [ 265.614120][ T8422] ? __pfx_netlink_unicast+0x10/0x10 [ 265.619392][ T8422] ? __virt_addr_valid+0x183/0x530 [ 265.624500][ T8422] ? __check_object_size+0x49c/0x900 [ 265.629780][ T8422] ? bpf_lsm_netlink_send+0x9/0x10 [ 265.634886][ T8422] netlink_sendmsg+0x8e4/0xcb0 [ 265.639651][ T8422] ? __pfx_netlink_sendmsg+0x10/0x10 [ 265.644931][ T8422] ? __import_iovec+0x536/0x820 [ 265.649773][ T8422] ? aa_sock_msg_perm+0x91/0x160 [ 265.654710][ T8422] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 265.659986][ T8422] ? security_socket_sendmsg+0x87/0xb0 [ 265.665440][ T8422] ? __pfx_netlink_sendmsg+0x10/0x10 [ 265.670717][ T8422] __sock_sendmsg+0x221/0x270 [ 265.675473][ T8422] ____sys_sendmsg+0x525/0x7d0 [ 265.680244][ T8422] ? __pfx_____sys_sendmsg+0x10/0x10 [ 265.685635][ T8422] __sys_sendmsg+0x2b0/0x3a0 [ 265.690235][ T8422] ? __pfx___sys_sendmsg+0x10/0x10 [ 265.695337][ T8422] ? vfs_write+0x7c4/0xc90 [ 265.699799][ T8422] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 265.706129][ T8422] ? do_syscall_64+0x100/0x230 [ 265.710977][ T8422] ? do_syscall_64+0xb6/0x230 [ 265.715648][ T8422] do_syscall_64+0xf3/0x230 [ 265.720149][ T8422] ? clear_bhb_loop+0x35/0x90 [ 265.724828][ T8422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.730714][ T8422] RIP: 0033:0x7f9368375a99 [ 265.735129][ T8422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.754813][ T8422] RSP: 002b:00007f9369090048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 265.763243][ T8422] RAX: ffffffffffffffda RBX: 00007f9368503f60 RCX: 00007f9368375a99 [ 265.771224][ T8422] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 265.779205][ T8422] RBP: 00007f93690900a0 R08: 0000000000000000 R09: 0000000000000000 [ 265.787184][ T8422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 265.795151][ T8422] R13: 000000000000000b R14: 00007f9368503f60 R15: 00007f936862fa78 [ 265.803139][ T8422] [ 265.819393][ T5101] Bluetooth: hci2: command tx timeout [ 265.856362][ T8193] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 265.867133][ T8193] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 266.217123][ T8193] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 266.446213][ T6181] usb 1-1: USB disconnect, device number 17 [ 266.482201][ T8284] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 266.515141][ T8284] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 266.529705][ T8284] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 266.555161][ T8193] veth0_vlan: entered promiscuous mode [ 266.605841][ T8284] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 266.682197][ T8193] veth1_vlan: entered promiscuous mode [ 266.858729][ T5106] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 266.867492][ T5106] Bluetooth: hci2: Injecting HCI hardware error event [ 266.876177][ T5101] Bluetooth: hci2: hardware error 0x00 [ 266.892363][ T8193] veth0_macvtap: entered promiscuous mode [ 266.989074][ T5147] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 267.071062][ T8193] veth1_macvtap: entered promiscuous mode [ 267.152945][ T8454] netlink: 44 bytes leftover after parsing attributes in process `syz.0.597'. [ 267.228447][ T8193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 267.250279][ T5147] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 267.279977][ T5147] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 267.299968][ T5147] usb 2-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 267.318567][ T5147] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.339317][ T5147] usb 2-1: config 0 descriptor?? [ 267.368825][ T8193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.386313][ T8193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 267.405720][ T8193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.416221][ T8193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 267.455132][ T8193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.511912][ T8193] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 267.536986][ T8284] 8021q: adding VLAN 0 to HW filter on device bond0 [ 267.586328][ T8193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 267.622287][ T8193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.660401][ T8193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 267.683814][ T8193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.695079][ T8193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 267.706622][ T8193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 267.723298][ T8193] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 267.747596][ T8193] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 267.759790][ T8193] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 267.773401][ T8193] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 267.785929][ T5147] hid-led 0003:1D34:000A.000B: unknown main item tag 0x0 [ 267.797880][ T8193] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 267.832610][ T8284] 8021q: adding VLAN 0 to HW filter on device team0 [ 267.848649][ T6181] usb 1-1: new low-speed USB device number 18 using dummy_hcd [ 267.946555][ T6184] bridge0: port 1(bridge_slave_0) entered blocking state [ 267.953859][ T6184] bridge0: port 1(bridge_slave_0) entered forwarding state [ 267.962497][ T46] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 268.041131][ T6184] bridge0: port 2(bridge_slave_1) entered blocking state [ 268.048403][ T6184] bridge0: port 2(bridge_slave_1) entered forwarding state [ 268.075895][ T6181] usb 1-1: LPM exit latency is zeroed, disabling LPM. [ 268.104700][ T6181] usb 1-1: string descriptor 0 read error: -22 [ 268.122432][ T6181] usb 1-1: New USB device found, idVendor=1415, idProduct=0003, bcdDevice=65.5d [ 268.148635][ T6181] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.176797][ T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 268.194288][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 268.220637][ T6181] usb 1-1: config 0 descriptor?? [ 268.226774][ T46] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 268.249111][ T46] usb 4-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 268.260608][ T46] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.273234][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 268.287511][ T46] usb 4-1: config 0 descriptor?? [ 268.454537][ T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 268.491728][ T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 268.710430][ T8284] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 269.018646][ T5101] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 269.094616][ T8284] veth0_vlan: entered promiscuous mode [ 269.172525][ T8284] veth1_vlan: entered promiscuous mode [ 269.320478][ T8284] veth0_macvtap: entered promiscuous mode [ 269.369936][ T5147] hid-led 0003:1D34:000A.000B: probe with driver hid-led failed with error -71 [ 269.389808][ T8284] veth1_macvtap: entered promiscuous mode [ 269.423121][ T5147] usb 2-1: USB disconnect, device number 21 [ 269.546402][ T8284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.576722][ T8465] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 269.595092][ T6181] dvb-usb: found a 'Sony PlayTV' in cold state, will try to load a firmware [ 269.614571][ T8284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.649861][ T8284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.664489][ T8284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.674858][ T8284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.686923][ T8284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.703721][ T6181] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 269.712930][ T8284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 269.730919][ T6181] dib0700: firmware download failed at 7 with -22 [ 269.750504][ T8284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.788348][ T6181] usb 1-1: USB disconnect, device number 18 [ 269.820782][ T8284] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 269.871976][ T8284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 269.936306][ T8284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 269.982527][ T8284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 269.995763][ T8284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.011041][ T8284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 270.025983][ T8284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.043843][ T8284] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 270.075128][ T8284] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 270.094360][ T8284] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 270.135378][ T8284] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.156398][ T8284] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.170578][ T8284] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.186377][ T8284] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 270.208517][ T8467] syz.3.598 (8467) used greatest stack depth: 16984 bytes left [ 270.224245][ T46] usbhid 4-1:0.0: can't add hid device: -71 [ 270.252418][ T46] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 270.331037][ T46] usb 4-1: USB disconnect, device number 22 [ 270.572788][ T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 270.639675][ T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 270.772916][ T2843] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 270.818362][ T2843] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 270.864454][ T8524] netlink: 'syz.1.610': attribute type 29 has an invalid length. [ 270.889041][ T6182] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 270.904185][ T8524] netlink: 'syz.1.610': attribute type 29 has an invalid length. [ 270.944434][ T8524] netlink: 'syz.1.610': attribute type 29 has an invalid length. [ 271.120330][ T6182] usb 1-1: config 4 has an invalid interface number: 246 but max is 0 [ 271.176556][ T6182] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 271.193001][ T6182] usb 1-1: config 4 has no interface number 0 [ 271.223474][ T6182] usb 1-1: config 4 interface 246 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 271.259595][ T6182] usb 1-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 271.281697][ T6182] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.364909][ T6182] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 271.513702][ T8557] netlink: 4 bytes leftover after parsing attributes in process `syz.1.618'. [ 271.552141][ T8558] netlink: 'syz.2.620': attribute type 12 has an invalid length. [ 271.571046][ T8515] x_tables: duplicate entry at hook 2 [ 271.604077][ T8558] netlink: 'syz.2.620': attribute type 11 has an invalid length. [ 271.648371][ T8558] netlink: 190580 bytes leftover after parsing attributes in process `syz.2.620'. [ 271.728947][ T5151] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 271.942055][ T5151] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 271.998506][ T5151] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 272.044377][ T5151] usb 5-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 272.097638][ T5151] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 272.141636][ T5151] usb 5-1: config 0 descriptor?? [ 272.461135][ T6182] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -71 [ 272.517121][ T6182] stv0680 1-1:4.246: STV(e): camera ping failed!! [ 272.588456][ T6182] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71 [ 272.628207][ T6182] stv0680 1-1:4.246: last error: 0, command = 0x0 [ 272.660296][ T6182] usb 1-1: USB disconnect, device number 19 [ 272.892831][ T2458] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.076838][ T2458] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.291354][ T2458] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.362671][ T8601] netem: change failed [ 273.420053][ T8605] netlink: 24 bytes leftover after parsing attributes in process `syz.1.630'. [ 273.532491][ T2458] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.794715][ T5106] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 273.812198][ T5106] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 273.822618][ T5106] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 273.837928][ T5106] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 273.847528][ T5106] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 273.855185][ T5106] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 273.935224][ T6175] usb 3-1: new low-speed USB device number 20 using dummy_hcd [ 274.092460][ T5151] usbhid 5-1:0.0: can't add hid device: -71 [ 274.163463][ T5151] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 274.212314][ T5151] usb 5-1: USB disconnect, device number 31 [ 274.229323][ T6175] usb 3-1: config index 0 descriptor too short (expected 6427, got 27) [ 274.268232][ T6175] usb 3-1: config 0 has an invalid interface number: 21 but max is 0 [ 274.276366][ T6175] usb 3-1: config 0 has no interface number 0 [ 274.326528][ T6175] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt [ 274.374361][ T6175] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 274.419179][ T6175] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 274.469094][ T6175] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.484934][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 274.517929][ T6175] usb 3-1: config 0 descriptor?? [ 274.630335][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 274.886419][ T6175] usb 3-1: USB disconnect, device number 20 [ 275.310776][ T2458] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 275.336689][ T2458] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 275.370933][ T2458] bond0 (unregistering): Released all slaves [ 275.414830][ T29] audit: type=1326 audit(1721258097.846:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8659 comm="syz.1.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9368375a99 code=0x7ffc0000 [ 275.502272][ T29] audit: type=1326 audit(1721258097.846:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8659 comm="syz.1.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9368375a99 code=0x7ffc0000 [ 275.613872][ T29] audit: type=1326 audit(1721258097.846:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8659 comm="syz.1.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f9368375a99 code=0x7ffc0000 [ 275.636070][ C0] vkms_vblank_simulate: vblank timer overrun [ 275.642976][ T5151] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 275.710219][ T29] audit: type=1326 audit(1721258097.846:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8659 comm="syz.1.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9368375a99 code=0x7ffc0000 [ 275.778155][ T29] audit: type=1326 audit(1721258097.846:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8659 comm="syz.1.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f9368375a99 code=0x7ffc0000 [ 275.848396][ T5151] usb 4-1: Using ep0 maxpacket: 16 [ 275.854449][ T29] audit: type=1326 audit(1721258097.846:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8659 comm="syz.1.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9368375a99 code=0x7ffc0000 [ 275.897552][ T5151] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 275.919827][ T5101] Bluetooth: hci2: command tx timeout [ 275.926643][ T5151] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 275.946167][ T29] audit: type=1326 audit(1721258097.846:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8659 comm="syz.1.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f9368375a99 code=0x7ffc0000 [ 275.982821][ T5151] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.019331][ T5151] usb 4-1: config 0 descriptor?? [ 276.027334][ T29] audit: type=1326 audit(1721258097.846:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8659 comm="syz.1.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9368375a99 code=0x7ffc0000 [ 276.052337][ T29] audit: type=1326 audit(1721258097.856:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8659 comm="syz.1.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9368375a99 code=0x7ffc0000 [ 276.076781][ T29] audit: type=1326 audit(1721258097.856:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8659 comm="syz.1.639" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9368375a99 code=0x7ffc0000 [ 276.189662][ T2458] hsr_slave_0: left promiscuous mode [ 276.206901][ T2458] hsr_slave_1: left promiscuous mode [ 276.224061][ T2458] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 276.245923][ T2458] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 276.318738][ T2458] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 276.338291][ T2458] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 276.426517][ T2458] veth1_macvtap: left promiscuous mode [ 276.447395][ T2458] veth0_macvtap: left promiscuous mode [ 276.467280][ T2458] veth1_vlan: left promiscuous mode [ 276.486330][ T2458] veth0_vlan: left promiscuous mode [ 276.505579][ T8654] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 276.535485][ T8654] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 276.598605][ T5151] hid (null): invalid report_size 24940 [ 276.623394][ T5151] hid (null): unknown global tag 0x83 [ 276.664549][ T5151] hid (null): unknown global tag 0xc [ 276.693887][ T5151] hid-generic 0003:0158:0100.000C: unknown main item tag 0x1 [ 276.726544][ T5151] hid-generic 0003:0158:0100.000C: unexpected long global item [ 276.774166][ T5151] hid-generic 0003:0158:0100.000C: probe with driver hid-generic failed with error -22 [ 276.836763][ T5151] usb 4-1: USB disconnect, device number 23 [ 276.947995][ T6177] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 277.099350][ T6181] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 277.168268][ T6177] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 277.221748][ T6177] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 277.248911][ T6171] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 277.295848][ T6177] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 277.316864][ T6181] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 277.363658][ T6181] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 277.396309][ T6177] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 277.396919][ T6181] usb 2-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 277.426143][ T6181] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 277.443402][ T6181] usb 2-1: config 0 descriptor?? [ 277.500936][ T6171] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 277.553913][ T8709] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 277.632043][ T6171] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 277.661668][ T6171] usb 5-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 277.746023][ T6171] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 277.820008][ T6171] usb 5-1: config 0 descriptor?? [ 277.942350][ T2458] team0 (unregistering): Port device team_slave_1 removed [ 277.969449][ T6170] usb 3-1: USB disconnect, device number 21 [ 277.979056][ T5101] Bluetooth: hci2: command tx timeout [ 278.230084][ T2458] team0 (unregistering): Port device team_slave_0 removed [ 279.454847][ T6181] usbhid 2-1:0.0: can't add hid device: -71 [ 279.484136][ T6181] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 279.529501][ T6171] usbhid 5-1:0.0: can't add hid device: -71 [ 279.535675][ T6171] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 279.543212][ T6181] usb 2-1: USB disconnect, device number 22 [ 279.582089][ T6171] usb 5-1: USB disconnect, device number 32 [ 279.865088][ T8620] chnl_net:caif_netlink_parms(): no params data found [ 280.058440][ T5101] Bluetooth: hci2: command tx timeout [ 280.087013][ T8755] netlink: 56 bytes leftover after parsing attributes in process `syz.1.654'. [ 280.186722][ T8620] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.205765][ T8620] bridge0: port 1(bridge_slave_0) entered disabled state [ 280.216467][ T8620] bridge_slave_0: entered allmulticast mode [ 280.226766][ T8620] bridge_slave_0: entered promiscuous mode [ 280.261248][ T8620] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.277975][ T6171] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 280.280788][ T8620] bridge0: port 2(bridge_slave_1) entered disabled state [ 280.293421][ T8620] bridge_slave_1: entered allmulticast mode [ 280.302608][ T8620] bridge_slave_1: entered promiscuous mode [ 280.351428][ T8620] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 280.397470][ T8620] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 280.467954][ T6171] usb 5-1: Using ep0 maxpacket: 32 [ 280.499551][ T6171] usb 5-1: New USB device found, idVendor=1d6f, idProduct=0010, bcdDevice= a.a7 [ 280.538552][ T6171] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 280.560564][ T8620] team0: Port device team_slave_0 added [ 280.562567][ T6171] usb 5-1: Product: syz [ 280.599962][ T8620] team0: Port device team_slave_1 added [ 280.609729][ T6171] usb 5-1: Manufacturer: syz [ 280.627076][ T6171] usb 5-1: SerialNumber: syz [ 280.655788][ T6171] usb 5-1: config 0 descriptor?? [ 280.675849][ T8777] Invalid logical block size (2560) [ 280.685272][ T6171] usb 5-1: bad CDC descriptors [ 280.692643][ T6171] cp210x 5-1:0.0: cp210x converter detected [ 280.736823][ T8620] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 280.766301][ T8620] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 280.822219][ T8620] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 280.865100][ T8620] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 280.887958][ T6170] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 280.902048][ T8620] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 280.969508][ T8620] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 280.981282][ T8791] netlink: 8 bytes leftover after parsing attributes in process `syz.1.663'. [ 280.991460][ T8753] netlink: 4 bytes leftover after parsing attributes in process `syz.4.653'. [ 281.080067][ T8791] netlink: 12 bytes leftover after parsing attributes in process `syz.1.663'. [ 281.099047][ T8791] netlink: 12 bytes leftover after parsing attributes in process `syz.1.663'. [ 281.119505][ T6171] cp210x 5-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 281.127047][ T6171] cp210x 5-1:0.0: querying part number failed [ 281.139858][ T8791] geneve3: entered promiscuous mode [ 281.153173][ T6170] usb 4-1: Using ep0 maxpacket: 16 [ 281.168401][ T6170] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 281.206749][ T6170] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 281.217714][ T6171] usb 5-1: cp210x converter now attached to ttyUSB0 [ 281.247797][ T6170] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 281.270501][ T6171] usb 5-1: USB disconnect, device number 33 [ 281.286855][ T6170] usb 4-1: config 0 descriptor?? [ 281.298449][ T6171] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 281.331497][ T8620] hsr_slave_0: entered promiscuous mode [ 281.347480][ T6171] cp210x 5-1:0.0: device disconnected [ 281.371951][ T8620] hsr_slave_1: entered promiscuous mode [ 281.378119][ T6181] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 281.411497][ T8800] warning: `syz.1.664' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 281.610210][ T6181] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 281.660300][ T6181] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 281.689066][ T6181] usb 3-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 281.726649][ T6181] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 281.733167][ T8774] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 281.755196][ T6181] usb 3-1: config 0 descriptor?? [ 281.785332][ T8774] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 281.813268][ T6170] hid (null): invalid report_size 24940 [ 281.848051][ T6170] hid (null): unknown global tag 0x83 [ 281.853912][ T6170] hid (null): unknown global tag 0xc [ 281.883900][ T6170] hid-generic 0003:0158:0100.000D: unknown main item tag 0x1 [ 281.917951][ T6170] hid-generic 0003:0158:0100.000D: unexpected long global item [ 281.944729][ T6170] hid-generic 0003:0158:0100.000D: probe with driver hid-generic failed with error -22 [ 282.016037][ T6182] usb 4-1: USB disconnect, device number 24 [ 282.140985][ T5101] Bluetooth: hci2: command tx timeout [ 283.109742][ T8620] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 283.191153][ T8620] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 283.256564][ T8620] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 283.320804][ T8620] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 283.503170][ T5101] Bluetooth: hci4: Malformed LE Event: 0x0d [ 283.516285][ T8855] binder: 8853:8855 ioctl c0306201 0 returned -14 [ 283.662439][ T8620] 8021q: adding VLAN 0 to HW filter on device bond0 [ 283.827240][ T6181] usbhid 3-1:0.0: can't add hid device: -71 [ 283.859152][ T6181] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 283.881596][ T8620] 8021q: adding VLAN 0 to HW filter on device team0 [ 283.909743][ T6181] usb 3-1: USB disconnect, device number 22 [ 283.931662][ T8861] netlink: 52 bytes leftover after parsing attributes in process `syz.1.676'. [ 283.944127][ T6170] bridge0: port 1(bridge_slave_0) entered blocking state [ 283.951454][ T6170] bridge0: port 1(bridge_slave_0) entered forwarding state [ 284.051315][ T6170] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.058520][ T6170] bridge0: port 2(bridge_slave_1) entered forwarding state [ 284.357099][ T8620] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 284.424421][ T8880] netlink: 4 bytes leftover after parsing attributes in process `syz.3.682'. [ 284.488329][ T6177] IPVS: starting estimator thread 0... [ 284.598129][ T8891] IPVS: using max 21 ests per chain, 50400 per kthread [ 284.603366][ T8620] veth0_vlan: entered promiscuous mode [ 284.696101][ T8620] veth1_vlan: entered promiscuous mode [ 284.724635][ T8897] netlink: 8 bytes leftover after parsing attributes in process `syz.1.687'. [ 284.879881][ T8620] veth0_macvtap: entered promiscuous mode [ 284.894587][ T8620] veth1_macvtap: entered promiscuous mode [ 284.939043][ T6181] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 284.958564][ T8620] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 284.997909][ T8620] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.009422][ T8620] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 285.020238][ T5101] Bluetooth: hci0: command tx timeout [ 285.026424][ T8620] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.037183][ T8620] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 285.082027][ T8620] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.140140][ T8620] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 285.162535][ T6181] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 285.174733][ T8620] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.178681][ T6175] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 285.209607][ T8620] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 285.216137][ T6181] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 285.238512][ T6181] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 285.255231][ T6181] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.294509][ T8620] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 285.295100][ T8896] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 285.337733][ T8620] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.387958][ T8620] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 285.431003][ T8620] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.432121][ T6175] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 285.482526][ T6175] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 285.483987][ T8620] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 285.522945][ T6175] usb 5-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 285.527949][ T8620] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.544625][ T8620] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 285.561823][ T8620] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 285.564179][ T5101] Bluetooth: hci4: Malformed LE Event: 0x0d [ 285.588104][ T6175] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.599780][ T6175] usb 5-1: config 0 descriptor?? [ 285.614569][ T6177] usb 3-1: USB disconnect, device number 23 [ 285.615914][ T8620] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 285.647911][ T8919] binder: 8918:8919 ioctl c0306201 0 returned -14 [ 285.720768][ T8620] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.738529][ T8620] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.753780][ T8620] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.802490][ T8620] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 286.048887][ T959] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 286.148034][ T959] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 286.248701][ T2843] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 286.321619][ T2843] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 286.927024][ T8938] FAULT_INJECTION: forcing a failure. [ 286.927024][ T8938] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 286.945955][ T8936] netlink: 52 bytes leftover after parsing attributes in process `syz.1.694'. [ 286.962710][ T8938] CPU: 1 PID: 8938 Comm: syz.0.695 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 286.972356][ T8938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 286.982405][ T8938] Call Trace: [ 286.985693][ T8938] [ 286.988704][ T8938] dump_stack_lvl+0x241/0x360 [ 286.993379][ T8938] ? __pfx_dump_stack_lvl+0x10/0x10 [ 286.998574][ T8938] ? __pfx__printk+0x10/0x10 [ 287.003169][ T8938] ? snprintf+0xda/0x120 [ 287.007410][ T8938] should_fail_ex+0x3b0/0x4e0 [ 287.012085][ T8938] _copy_to_user+0x2f/0xb0 [ 287.016494][ T8938] simple_read_from_buffer+0xca/0x150 [ 287.021870][ T8938] proc_fail_nth_read+0x1e9/0x250 [ 287.026909][ T8938] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 287.032454][ T8938] ? rw_verify_area+0x520/0x6b0 [ 287.037294][ T8938] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 287.042831][ T8938] vfs_read+0x204/0xbc0 [ 287.047085][ T8938] ? __pfx_lock_release+0x10/0x10 [ 287.052115][ T8938] ? __pfx_vfs_read+0x10/0x10 [ 287.056783][ T8938] ? __fget_files+0x29/0x470 [ 287.061369][ T8938] ? __fget_files+0x3f6/0x470 [ 287.066094][ T8938] ksys_read+0x1a0/0x2c0 [ 287.070342][ T8938] ? __pfx_ksys_read+0x10/0x10 [ 287.075101][ T8938] ? do_syscall_64+0x100/0x230 [ 287.079857][ T8938] ? do_syscall_64+0xb6/0x230 [ 287.084522][ T8938] do_syscall_64+0xf3/0x230 [ 287.089014][ T8938] ? clear_bhb_loop+0x35/0x90 [ 287.093683][ T8938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.099564][ T8938] RIP: 0033:0x7f2a5937457c [ 287.103968][ T8938] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 287.123654][ T8938] RSP: 002b:00007f2a5a1ff040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 287.132063][ T8938] RAX: ffffffffffffffda RBX: 00007f2a59503f60 RCX: 00007f2a5937457c [ 287.140115][ T8938] RDX: 000000000000000f RSI: 00007f2a5a1ff0b0 RDI: 0000000000000004 [ 287.148073][ T8938] RBP: 00007f2a5a1ff0a0 R08: 0000000000000000 R09: 0000000000000000 [ 287.156029][ T8938] R10: 000000000400c878 R11: 0000000000000246 R12: 0000000000000002 [ 287.163985][ T8938] R13: 000000000000000b R14: 00007f2a59503f60 R15: 00007f2a5962fa78 [ 287.171953][ T8938] [ 287.741877][ T6175] usbhid 5-1:0.0: can't add hid device: -71 [ 287.768248][ T6175] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 287.804055][ T6175] usb 5-1: USB disconnect, device number 34 [ 288.412383][ T2458] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.431918][ T5101] Bluetooth: hci4: Malformed LE Event: 0x0d [ 288.441030][ T8981] binder: 8978:8981 ioctl c0306201 0 returned -14 [ 288.603589][ T2458] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.668097][ T6170] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 288.816488][ T2458] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 288.890164][ T6170] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 288.901893][ T8983] netlink: 52 bytes leftover after parsing attributes in process `syz.1.709'. [ 288.916823][ T6170] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 288.965205][ T6170] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 289.001207][ T6170] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.055467][ T8980] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 289.064259][ T5106] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 289.075434][ T5106] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 289.080143][ T2458] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.104479][ T5106] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 289.119754][ T5106] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 289.127578][ T5106] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 289.135724][ T5106] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 289.363773][ T6170] usb 4-1: USB disconnect, device number 25 [ 289.684257][ T2458] bridge_slave_1: left allmulticast mode [ 289.698249][ T2458] bridge_slave_1: left promiscuous mode [ 289.704236][ T2458] bridge0: port 2(bridge_slave_1) entered disabled state [ 289.734727][ T2458] bridge_slave_0: left allmulticast mode [ 289.756875][ T2458] bridge_slave_0: left promiscuous mode [ 289.792762][ T2458] bridge0: port 1(bridge_slave_0) entered disabled state [ 289.993202][ T9019] netlink: 64 bytes leftover after parsing attributes in process `syz.4.720'. [ 290.300103][ T6170] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 290.537936][ T6170] usb 5-1: Using ep0 maxpacket: 32 [ 290.550492][ T6170] usb 5-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 290.572190][ T6170] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.594144][ T6170] usb 5-1: config 0 descriptor?? [ 290.614388][ T6170] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 290.838873][ T2458] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 290.849000][ T6170] gspca_sunplus: reg_w_riv err -71 [ 290.866253][ T6170] sunplus 5-1:0.0: probe with driver sunplus failed with error -71 [ 290.875093][ T2458] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 290.899484][ T2458] bond0 (unregistering): Released all slaves [ 290.907990][ T5151] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 290.917275][ T6170] usb 5-1: USB disconnect, device number 35 [ 291.118553][ T5151] usb 2-1: Using ep0 maxpacket: 32 [ 291.141096][ T5151] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 38, changing to 9 [ 291.178372][ T5106] Bluetooth: hci3: command tx timeout [ 291.195834][ T5151] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 291.209994][ T5151] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.248599][ T5151] hub 2-1:4.0: bad descriptor, ignoring hub [ 291.255466][ T5151] hub 2-1:4.0: probe with driver hub failed with error -5 [ 291.276937][ T5151] usbhid 2-1:4.0: couldn't find an input interrupt endpoint [ 291.399541][ T8998] chnl_net:caif_netlink_parms(): no params data found [ 291.707615][ T9033] netlink: 'syz.1.724': attribute type 10 has an invalid length. [ 291.776843][ T9033] : (slave syz_tun): Enslaving as an active interface with an up link [ 291.949574][ T6175] usb 2-1: USB disconnect, device number 23 [ 291.982543][ T2458] hsr_slave_0: left promiscuous mode [ 291.988936][ T2458] hsr_slave_1: left promiscuous mode [ 291.995230][ T2458] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 292.019890][ T2458] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 292.055513][ T2458] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 292.108022][ T2458] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 292.302059][ T2458] veth1_macvtap: left promiscuous mode [ 292.307661][ T2458] veth0_macvtap: left promiscuous mode [ 292.343775][ T2458] veth1_vlan: left promiscuous mode [ 292.380902][ T2458] veth0_vlan: left promiscuous mode [ 292.680323][ T9081] netlink: 36 bytes leftover after parsing attributes in process `syz.3.735'. [ 293.087963][ T5151] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 293.197875][ T6171] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 293.258375][ T5106] Bluetooth: hci3: command tx timeout [ 293.311877][ T5151] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 293.372895][ T5151] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 293.401867][ T6171] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 293.417476][ T5151] usb 5-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 293.447967][ T6171] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 293.467660][ T5151] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.521670][ T6171] usb 2-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 293.536437][ T5151] usb 5-1: config 0 descriptor?? [ 293.566911][ T6171] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.652534][ T6171] usb 2-1: config 0 descriptor?? [ 293.879680][ T2458] team0 (unregistering): Port device team_slave_1 removed [ 293.984792][ T2458] team0 (unregistering): Port device team_slave_0 removed [ 294.163055][ T6171] hid-led 0003:1D34:000A.000E: unknown main item tag 0x0 [ 295.207316][ T8998] bridge0: port 1(bridge_slave_0) entered blocking state [ 295.220278][ T8998] bridge0: port 1(bridge_slave_0) entered disabled state [ 295.254193][ T8998] bridge_slave_0: entered allmulticast mode [ 295.304471][ T8998] bridge_slave_0: entered promiscuous mode [ 295.335277][ T8998] bridge0: port 2(bridge_slave_1) entered blocking state [ 295.347680][ T8998] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.348314][ T5106] Bluetooth: hci3: command tx timeout [ 295.402853][ T8998] bridge_slave_1: entered allmulticast mode [ 295.569845][ T8998] bridge_slave_1: entered promiscuous mode [ 295.895509][ T8998] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 295.956691][ T8998] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 296.065977][ T5151] usbhid 5-1:0.0: can't add hid device: -71 [ 296.085763][ T5151] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 296.152915][ T6171] hid-led 0003:1D34:000A.000E: probe with driver hid-led failed with error -71 [ 296.178200][ T5151] usb 5-1: USB disconnect, device number 36 [ 296.235476][ T6171] usb 2-1: USB disconnect, device number 24 [ 296.253651][ T8998] team0: Port device team_slave_0 added [ 296.348539][ T8998] team0: Port device team_slave_1 added [ 296.527738][ T8998] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 296.552332][ T8998] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 296.653755][ T8998] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 296.680427][ T8998] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 296.708192][ T8998] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 296.807995][ T6175] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 296.867327][ T8998] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 296.992313][ T6175] usb 1-1: config 1 interface 0 altsetting 8 endpoint 0x1 has invalid wMaxPacketSize 0 [ 297.032394][ T6175] usb 1-1: config 1 interface 0 altsetting 8 bulk endpoint 0x1 has invalid maxpacket 0 [ 297.094045][ T6175] usb 1-1: config 1 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 297.120916][ T8998] hsr_slave_0: entered promiscuous mode [ 297.143678][ T6175] usb 1-1: config 1 interface 0 has no altsetting 0 [ 297.152095][ T8998] hsr_slave_1: entered promiscuous mode [ 297.179478][ T6175] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 297.216203][ T6175] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 297.236951][ T6175] usb 1-1: Product: syz [ 297.246317][ T6175] usb 1-1: Manufacturer: syz [ 297.257325][ T6175] usb 1-1: SerialNumber: syz [ 297.267960][ T8998] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 297.292560][ T8998] Cannot create hsr debugfs directory [ 297.417959][ T5106] Bluetooth: hci3: command tx timeout [ 297.976056][ T6181] usb 1-1: USB disconnect, device number 20 [ 298.309971][ T6182] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 298.520147][ T6182] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 298.547247][ T6182] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 298.578094][ T6182] usb 2-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 298.592484][ T6182] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.606309][ T8998] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 298.634778][ T8998] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 298.643536][ T6182] usb 2-1: config 0 descriptor?? [ 298.685424][ T8998] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 298.773870][ T8998] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 299.048741][ T9173] dccp_invalid_packet: P.Data Offset(0) too small [ 299.259565][ T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 299.447549][ T8998] 8021q: adding VLAN 0 to HW filter on device bond0 [ 299.657321][ T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 299.890747][ T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.028657][ T5101] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 300.038940][ T5101] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 300.060359][ T5101] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 300.091937][ T5101] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 300.108915][ T5101] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 300.146410][ T5101] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 300.181943][ T8998] 8021q: adding VLAN 0 to HW filter on device team0 [ 300.352687][ T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.417414][ T9195] netlink: 'syz.4.764': attribute type 29 has an invalid length. [ 300.441316][ T6175] bridge0: port 1(bridge_slave_0) entered blocking state [ 300.448619][ T6175] bridge0: port 1(bridge_slave_0) entered forwarding state [ 300.494913][ T6175] bridge0: port 2(bridge_slave_1) entered blocking state [ 300.502260][ T6175] bridge0: port 2(bridge_slave_1) entered forwarding state [ 300.570267][ T9196] netlink: 'syz.4.764': attribute type 29 has an invalid length. [ 300.893442][ T6182] usbhid 2-1:0.0: can't add hid device: -71 [ 300.932118][ T6182] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 300.945055][ T9217] fuse: Bad value for 'group_id' [ 300.952760][ T6182] usb 2-1: USB disconnect, device number 25 [ 300.978897][ T11] bridge_slave_1: left allmulticast mode [ 300.993716][ T11] bridge_slave_1: left promiscuous mode [ 300.999324][ T9217] fuse: Bad value for 'group_id' [ 301.006584][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 301.067057][ T11] bridge_slave_0: left allmulticast mode [ 301.088339][ T11] bridge_slave_0: left promiscuous mode [ 301.126445][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 301.252349][ T9223] FAULT_INJECTION: forcing a failure. [ 301.252349][ T9223] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 301.267953][ T9223] CPU: 1 PID: 9223 Comm: syz.1.769 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 301.277620][ T9223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 301.287703][ T9223] Call Trace: [ 301.291017][ T9223] [ 301.293967][ T9223] dump_stack_lvl+0x241/0x360 [ 301.298673][ T9223] ? __pfx_dump_stack_lvl+0x10/0x10 [ 301.303901][ T9223] ? __pfx__printk+0x10/0x10 [ 301.308524][ T9223] should_fail_ex+0x3b0/0x4e0 [ 301.313219][ T9223] prepare_alloc_pages+0x1da/0x5d0 [ 301.318342][ T9223] __alloc_pages_noprof+0x166/0x6c0 [ 301.323543][ T9223] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 301.329265][ T9223] ? do_splice_direct+0x28c/0x3e0 [ 301.334296][ T9223] ? __se_sys_sendfile64+0x17c/0x1e0 [ 301.339581][ T9223] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.345660][ T9223] alloc_pages_bulk_noprof+0x729/0xd40 [ 301.351129][ T9223] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 301.357107][ T9223] ? copy_splice_read+0x18d/0xb60 [ 301.362128][ T9223] ? copy_splice_read+0x18d/0xb60 [ 301.367145][ T9223] ? __kmalloc_noprof+0x217/0x400 [ 301.372164][ T9223] copy_splice_read+0x1c5/0xb60 [ 301.377085][ T9223] ? __pfx_copy_splice_read+0x10/0x10 [ 301.382456][ T9223] ? __raw_spin_lock_init+0x45/0x100 [ 301.387743][ T9223] ? alloc_pipe_info+0x370/0x4d0 [ 301.392684][ T9223] ? __pfx_copy_splice_read+0x10/0x10 [ 301.398060][ T9223] splice_direct_to_actor+0x4b7/0xc90 [ 301.403532][ T9223] ? __pfx_direct_splice_actor+0x10/0x10 [ 301.409161][ T9223] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 301.415052][ T9223] ? __fget_files+0x29/0x470 [ 301.419634][ T9223] ? __pfx_lock_release+0x10/0x10 [ 301.424654][ T9223] do_splice_direct+0x28c/0x3e0 [ 301.429503][ T9223] ? __pfx_do_splice_direct+0x10/0x10 [ 301.434960][ T9223] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 301.440854][ T9223] ? security_file_permission+0x7f/0xa0 [ 301.446396][ T9223] ? rw_verify_area+0x1d2/0x6b0 [ 301.451257][ T9223] do_sendfile+0x56d/0xe20 [ 301.455687][ T9223] ? __pfx_do_sendfile+0x10/0x10 [ 301.460726][ T9223] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 301.466883][ T9223] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 301.473236][ T9223] __se_sys_sendfile64+0x17c/0x1e0 [ 301.478344][ T9223] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 301.483979][ T9223] do_syscall_64+0xf3/0x230 [ 301.488477][ T9223] ? clear_bhb_loop+0x35/0x90 [ 301.493149][ T9223] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 301.499041][ T9223] RIP: 0033:0x7f9368375a99 [ 301.503453][ T9223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 301.523062][ T9223] RSP: 002b:00007f936906f048 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 301.531473][ T9223] RAX: ffffffffffffffda RBX: 00007f9368504038 RCX: 00007f9368375a99 [ 301.539452][ T9223] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000006 [ 301.547862][ T9223] RBP: 00007f936906f0a0 R08: 0000000000000000 R09: 0000000000000000 [ 301.555836][ T9223] R10: 0000020000023896 R11: 0000000000000246 R12: 0000000000000001 [ 301.563802][ T9223] R13: 000000000000006e R14: 00007f9368504038 R15: 00007f936862fa78 [ 301.571780][ T9223] [ 301.777952][ T9237] netlink: 4 bytes leftover after parsing attributes in process `syz.4.774'. [ 302.206607][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 302.218462][ T5106] Bluetooth: hci2: command tx timeout [ 302.225819][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 302.246319][ T11] bond0 (unregistering): Released all slaves [ 302.305093][ T9256] IPVS: sync thread started: state = MASTER, mcast_ifn = team_slave_1, syncid = 3, id = 0 [ 302.419026][ T9259] FAULT_INJECTION: forcing a failure. [ 302.419026][ T9259] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 302.448031][ T9259] CPU: 1 PID: 9259 Comm: syz.4.777 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 302.457717][ T9259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 302.467796][ T9259] Call Trace: [ 302.471093][ T9259] [ 302.474052][ T9259] dump_stack_lvl+0x241/0x360 [ 302.478802][ T9259] ? __pfx_dump_stack_lvl+0x10/0x10 [ 302.484032][ T9259] ? __pfx__printk+0x10/0x10 [ 302.488665][ T9259] ? snprintf+0xda/0x120 [ 302.492936][ T9259] should_fail_ex+0x3b0/0x4e0 [ 302.497645][ T9259] _copy_to_user+0x2f/0xb0 [ 302.502090][ T9259] simple_read_from_buffer+0xca/0x150 [ 302.507498][ T9259] proc_fail_nth_read+0x1e9/0x250 [ 302.512557][ T9259] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 302.518143][ T9259] ? rw_verify_area+0x520/0x6b0 [ 302.523026][ T9259] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 302.528632][ T9259] vfs_read+0x204/0xbc0 [ 302.532796][ T9259] ? __pfx_lock_release+0x10/0x10 [ 302.537829][ T9259] ? __pfx_vfs_read+0x10/0x10 [ 302.542528][ T9259] ? __fget_files+0x29/0x470 [ 302.547170][ T9259] ? __fget_files+0x3f6/0x470 [ 302.551877][ T9259] ksys_read+0x1a0/0x2c0 [ 302.556218][ T9259] ? __pfx_ksys_read+0x10/0x10 [ 302.561033][ T9259] ? do_syscall_64+0x100/0x230 [ 302.565797][ T9259] ? do_syscall_64+0xb6/0x230 [ 302.570542][ T9259] do_syscall_64+0xf3/0x230 [ 302.575044][ T9259] ? clear_bhb_loop+0x35/0x90 [ 302.579741][ T9259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.585644][ T9259] RIP: 0033:0x7f6cbe17457c [ 302.590072][ T9259] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 302.609693][ T9259] RSP: 002b:00007f6cbef22040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 302.618109][ T9259] RAX: ffffffffffffffda RBX: 00007f6cbe303f60 RCX: 00007f6cbe17457c [ 302.626079][ T9259] RDX: 000000000000000f RSI: 00007f6cbef220b0 RDI: 0000000000000004 [ 302.634044][ T9259] RBP: 00007f6cbef220a0 R08: 0000000000000000 R09: 0000000000000000 [ 302.642007][ T9259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 302.649970][ T9259] R13: 000000000000000b R14: 00007f6cbe303f60 R15: 00007f6cbe42fa78 [ 302.657974][ T9259] [ 302.852318][ T9193] chnl_net:caif_netlink_parms(): no params data found [ 302.911202][ T8998] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 303.158081][ T9] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 303.379590][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 303.393181][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 303.404380][ T9] usb 2-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 303.414520][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.452915][ T9] usb 2-1: config 0 descriptor?? [ 303.458884][ T11] hsr_slave_0: left promiscuous mode [ 303.488394][ T11] hsr_slave_1: left promiscuous mode [ 303.521250][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 303.531219][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 303.565486][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 303.578976][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 303.653551][ T11] veth1_macvtap: left promiscuous mode [ 303.668016][ T11] veth0_macvtap: left promiscuous mode [ 303.688263][ T11] veth1_vlan: left promiscuous mode [ 303.718591][ T11] veth0_vlan: left promiscuous mode [ 304.168243][ T9298] netlink: 60 bytes leftover after parsing attributes in process `syz.3.785'. [ 304.297927][ T5106] Bluetooth: hci2: command tx timeout [ 304.393153][ T9] usbhid 2-1:0.0: can't add hid device: -71 [ 304.408167][ T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 304.456206][ T9] usb 2-1: USB disconnect, device number 26 [ 304.783682][ T9327] FAULT_INJECTION: forcing a failure. [ 304.783682][ T9327] name failslab, interval 1, probability 0, space 0, times 0 [ 304.802773][ T9327] CPU: 0 PID: 9327 Comm: syz.1.793 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 304.812453][ T9327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 304.822627][ T9327] Call Trace: [ 304.825904][ T9327] [ 304.828831][ T9327] dump_stack_lvl+0x241/0x360 [ 304.833503][ T9327] ? __pfx_dump_stack_lvl+0x10/0x10 [ 304.838699][ T9327] ? __pfx__printk+0x10/0x10 [ 304.843311][ T9327] ? __alloc_skb+0x28f/0x440 [ 304.847910][ T9327] should_fail_ex+0x3b0/0x4e0 [ 304.852601][ T9327] ? _sctp_make_chunk+0x161/0x460 [ 304.857620][ T9327] should_failslab+0x9/0x20 [ 304.862220][ T9327] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 304.867628][ T9327] _sctp_make_chunk+0x161/0x460 [ 304.872511][ T9327] sctp_make_datafrag_empty+0xa6/0x510 [ 304.878106][ T9327] ? sctp_user_addto_chunk+0xa8/0x220 [ 304.883516][ T9327] sctp_datamsg_from_user+0x740/0xf20 [ 304.888941][ T9327] sctp_sendmsg_to_asoc+0xf7e/0x1800 [ 304.894258][ T9327] ? __pfx_sctp_hash_cmp+0x10/0x10 [ 304.899413][ T9327] ? sctp_epaddr_lookup_transport+0x16e/0x290 [ 304.905508][ T9327] ? sctp_endpoint_lookup_assoc+0x7c/0x250 [ 304.911347][ T9327] ? sctp_epaddr_lookup_transport+0x1f3/0x290 [ 304.917448][ T9327] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 304.923196][ T9327] ? __local_bh_enable_ip+0x168/0x200 [ 304.928575][ T9327] ? sctp_sendmsg+0xbb9/0x3520 [ 304.933451][ T9327] ? sctp_sendmsg_check_sflags+0x181/0x2c0 [ 304.939271][ T9327] sctp_sendmsg+0x1bc3/0x3520 [ 304.943971][ T9327] ? __pfx_sctp_sendmsg+0x10/0x10 [ 304.949005][ T9327] ? __pfx_aa_sk_perm+0x10/0x10 [ 304.953867][ T9327] ? inet_sendmsg+0x330/0x390 [ 304.958652][ T9327] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 304.963947][ T9327] ? security_socket_sendmsg+0x87/0xb0 [ 304.969535][ T9327] __sock_sendmsg+0x1a6/0x270 [ 304.974216][ T9327] __sys_sendto+0x3a4/0x4f0 [ 304.978734][ T9327] ? __pfx___sys_sendto+0x10/0x10 [ 304.983802][ T9327] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 304.989815][ T9327] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 304.996137][ T9327] __x64_sys_sendto+0xde/0x100 [ 305.000906][ T9327] do_syscall_64+0xf3/0x230 [ 305.005503][ T9327] ? clear_bhb_loop+0x35/0x90 [ 305.010293][ T9327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 305.016199][ T9327] RIP: 0033:0x7f9368375a99 [ 305.020606][ T9327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 305.040213][ T9327] RSP: 002b:00007f9369090048 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 305.048665][ T9327] RAX: ffffffffffffffda RBX: 00007f9368503f60 RCX: 00007f9368375a99 [ 305.056636][ T9327] RDX: 0000000000034000 RSI: 0000000020000300 RDI: 0000000000000003 [ 305.064604][ T9327] RBP: 00007f93690900a0 R08: 0000000020000380 R09: 0000000000000010 [ 305.072583][ T9327] R10: f20300000000dcff R11: 0000000000000246 R12: 0000000000000002 [ 305.080549][ T9327] R13: 000000000000000b R14: 00007f9368503f60 R15: 00007f936862fa78 [ 305.088521][ T9327] [ 305.126192][ T11] team0 (unregistering): Port device team_slave_1 removed [ 305.181522][ T11] team0 (unregistering): Port device team_slave_0 removed [ 305.774563][ T9193] bridge0: port 1(bridge_slave_0) entered blocking state [ 305.782293][ T9193] bridge0: port 1(bridge_slave_0) entered disabled state [ 305.789716][ T9193] bridge_slave_0: entered allmulticast mode [ 305.797026][ T9193] bridge_slave_0: entered promiscuous mode [ 305.853483][ T9193] bridge0: port 2(bridge_slave_1) entered blocking state [ 305.883689][ T9193] bridge0: port 2(bridge_slave_1) entered disabled state [ 305.916860][ T9193] bridge_slave_1: entered allmulticast mode [ 305.944926][ T9193] bridge_slave_1: entered promiscuous mode [ 305.964025][ T9349] No such timeout policy "syz0" [ 306.108969][ T9193] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 306.113749][ T8998] veth0_vlan: entered promiscuous mode [ 306.231905][ T9193] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 306.248406][ T5147] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 306.253753][ T8998] veth1_vlan: entered promiscuous mode [ 306.378326][ T5106] Bluetooth: hci2: command tx timeout [ 306.393219][ T9193] team0: Port device team_slave_0 added [ 306.413174][ T9193] team0: Port device team_slave_1 added [ 306.448439][ T5147] usb 2-1: config 0 descriptor has 1 excess byte, ignoring [ 306.472533][ T5147] usb 2-1: config 0 has no interfaces? [ 306.484728][ T5147] usb 2-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 306.508773][ T9193] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 306.520512][ T9193] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 306.526938][ T5147] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.549264][ T9193] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 306.572408][ T5147] usb 2-1: Product: syz [ 306.581110][ T5147] usb 2-1: Manufacturer: syz [ 306.591950][ T8998] veth0_macvtap: entered promiscuous mode [ 306.598271][ T5147] usb 2-1: SerialNumber: syz [ 306.605829][ T5147] usb 2-1: config 0 descriptor?? [ 306.622601][ T9193] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 306.638454][ T9193] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 306.670396][ T9193] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 306.688504][ T8998] veth1_macvtap: entered promiscuous mode [ 306.818954][ T9193] hsr_slave_0: entered promiscuous mode [ 306.827017][ T9193] hsr_slave_1: entered promiscuous mode [ 306.851218][ T5147] usb 2-1: USB disconnect, device number 27 [ 306.935139][ T8998] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 306.947813][ T8998] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 306.959385][ T8998] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 306.971603][ T8998] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 306.990980][ T8998] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 307.004066][ T8998] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 307.022535][ T8998] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 307.105988][ T8998] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 307.121004][ T8998] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 307.133156][ T8998] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 307.151016][ T8998] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 307.164826][ T8998] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 307.185284][ T8998] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 307.235419][ T8998] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 307.321226][ T8998] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.333980][ T8998] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.354180][ T8998] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.363786][ T8998] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.912252][ T1107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 307.912278][ T1107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 307.938291][ T5151] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 308.128254][ T5151] usb 2-1: Using ep0 maxpacket: 16 [ 308.143461][ T5151] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 308.156575][ T5151] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 308.178404][ T5151] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 308.215959][ T5151] usb 2-1: config 0 descriptor?? [ 308.303609][ T1107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 308.336186][ T1107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 308.463409][ T5106] Bluetooth: hci2: command tx timeout [ 308.649432][ T9193] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 308.693512][ T9193] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 308.714152][ T9387] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 308.752513][ T9193] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 308.759966][ T9387] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 308.827167][ T5151] hid (null): report_id 3323596431 is invalid [ 308.836440][ T9193] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 308.851464][ T5151] hid (null): unknown global tag 0xe [ 308.870013][ T5151] hid (null): unknown global tag 0x63 [ 308.893189][ T9431] pim6reg1: entered promiscuous mode [ 308.908648][ T9431] pim6reg1: entered allmulticast mode [ 308.911099][ T5151] hid-generic 0003:0158:0100.000F: unknown main item tag 0x1 [ 308.956992][ T5151] hid-generic 0003:0158:0100.000F: unexpected long global item [ 308.998674][ T5151] hid-generic 0003:0158:0100.000F: probe with driver hid-generic failed with error -22 [ 309.058151][ T5151] usb 2-1: USB disconnect, device number 28 [ 309.355588][ T9193] 8021q: adding VLAN 0 to HW filter on device bond0 [ 309.434550][ T9193] 8021q: adding VLAN 0 to HW filter on device team0 [ 309.506988][ T6171] bridge0: port 1(bridge_slave_0) entered blocking state [ 309.514324][ T6171] bridge0: port 1(bridge_slave_0) entered forwarding state [ 309.572250][ T5151] bridge0: port 2(bridge_slave_1) entered blocking state [ 309.579491][ T5151] bridge0: port 2(bridge_slave_1) entered forwarding state [ 309.795339][ T9467] veth1_macvtap: left promiscuous mode [ 309.892012][ T9193] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 310.046480][ T9193] veth0_vlan: entered promiscuous mode [ 310.065358][ T9193] veth1_vlan: entered promiscuous mode [ 310.161805][ T9193] veth0_macvtap: entered promiscuous mode [ 310.181078][ T9484] pim6reg1: entered promiscuous mode [ 310.186857][ T9484] pim6reg1: entered allmulticast mode [ 310.200834][ T9193] veth1_macvtap: entered promiscuous mode [ 310.339850][ T9193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 310.373422][ T9193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.393774][ T9193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 310.415672][ T9193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.447058][ T9193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 310.476800][ T9193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.496289][ T9193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 310.516802][ T9193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.543771][ T9193] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 310.595984][ T9193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 310.629410][ T9193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.671195][ T9193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 310.718038][ T9193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.738513][ T9193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 310.814325][ T9193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.837595][ T9193] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 310.869861][ T9193] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 310.892638][ T9193] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 310.942434][ T9193] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 310.984504][ T9193] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.021035][ T9193] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.051434][ T9193] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.403661][ T1116] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 311.429431][ T1116] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 311.441675][ T9549] macvlan1: entered allmulticast mode [ 311.458683][ T9549] veth1_vlan: entered allmulticast mode [ 311.543197][ T9552] team0: Device ipvlan2 failed to register rx_handler [ 311.686386][ T9566] netlink: 191416 bytes leftover after parsing attributes in process `syz.2.863'. [ 311.742292][ T2466] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 311.799948][ T2466] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 312.010653][ T9578] netlink: 44 bytes leftover after parsing attributes in process `syz.1.867'. [ 312.103020][ T9578] netlink: 20 bytes leftover after parsing attributes in process `syz.1.867'. [ 312.161795][ T9588] netlink: 76 bytes leftover after parsing attributes in process `syz.4.870'. [ 312.283780][ T9590] ptrace attach of ""[9595] was attempted by "./syz-executor exec"[9590] [ 312.325187][ T9588] Κό: entered promiscuous mode [ 312.683767][ T9614] team0: Device ipvlan2 failed to register rx_handler [ 312.768271][ T9616] netlink: 8 bytes leftover after parsing attributes in process `syz.4.877'. [ 312.784325][ T9616] bond0: option primary: mode dependency failed, not supported in mode balance-rr(0) [ 312.960119][ T9622] 8021q: adding VLAN 0 to HW filter on device ipvlan2 [ 313.743236][ T9647] team0: Device ipvlan3 failed to register rx_handler [ 313.767536][ T29] kauditd_printk_skb: 7 callbacks suppressed [ 313.767554][ T29] audit: type=1326 audit(1721258136.196:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9621 comm="syz.4.880" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6cbe175a99 code=0x0 [ 313.876354][ T9649] vivid-004: disconnect [ 314.037542][ T9621] vivid-004: reconnect [ 314.573476][ T9665] netlink: 'syz.1.896': attribute type 10 has an invalid length. [ 314.651197][ T9665] batman_adv: batadv0: Adding interface: team0 [ 314.659442][ T9665] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 314.685756][ T9665] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 314.757627][ T9666] netlink: 'syz.1.896': attribute type 10 has an invalid length. [ 314.766003][ T9666] netlink: 2 bytes leftover after parsing attributes in process `syz.1.896'. [ 314.776072][ T9666] team0: entered promiscuous mode [ 314.782408][ T9666] team_slave_0: entered promiscuous mode [ 314.790861][ T9666] team_slave_1: entered promiscuous mode [ 314.813720][ T9666] 8021q: adding VLAN 0 to HW filter on device team0 [ 314.821874][ T9666] batman_adv: batadv0: Interface activated: team0 [ 314.830275][ T9666] batman_adv: batadv0: Interface deactivated: team0 [ 314.837994][ T9666] batman_adv: batadv0: Removing interface: team0 [ 314.871629][ T9666] bridge0: port 3(team0) entered blocking state [ 314.878222][ T9666] bridge0: port 3(team0) entered disabled state [ 314.884819][ T9666] team0: entered allmulticast mode [ 314.890206][ T9666] team_slave_0: entered allmulticast mode [ 314.896807][ T9666] team_slave_1: entered allmulticast mode [ 314.979910][ T9666] team0: left allmulticast mode [ 314.984941][ T9666] team_slave_0: left allmulticast mode [ 314.991764][ T9666] team_slave_1: left allmulticast mode [ 315.270523][ T9680] team0: Device ipvlan2 failed to register rx_handler [ 316.448548][ T9709] vlan2: entered promiscuous mode [ 316.466739][ T9709] bridge0: port 3(vlan2) entered blocking state [ 316.488104][ T9709] bridge0: port 3(vlan2) entered disabled state [ 316.530313][ T9709] vlan2: entered allmulticast mode [ 316.562237][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 316.786725][ T9715] team0: Device ipvlan3 is VLAN challenged and team device has VLAN set up [ 316.981388][ T29] audit: type=1326 audit(1721258139.416:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9704 comm="syz.4.910" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6cbe175a99 code=0x0 [ 317.102964][ T9729] vivid-004: disconnect [ 317.391317][ T9704] vivid-004: reconnect [ 317.510110][ T1252] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.519740][ T1252] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.968124][ T9752] netlink: 16 bytes leftover after parsing attributes in process `syz.3.927'. [ 318.547926][ T5106] Bluetooth: hci3: unexpected subevent 0x01 length: 30 > 18 [ 318.983919][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 319.346444][ T9789] netlink: zone id is out of range [ 319.375274][ T9789] netlink: zone id is out of range [ 319.401932][ T9789] netlink: zone id is out of range [ 319.434148][ T9789] netlink: zone id is out of range [ 319.444409][ T9789] netlink: zone id is out of range [ 319.461428][ T9789] netlink: zone id is out of range [ 319.481633][ T9789] netlink: zone id is out of range [ 319.499305][ T9789] netlink: zone id is out of range [ 319.911934][ T5106] Bluetooth: hci3: unexpected cc 0x202f length: 1 < 9 [ 320.000471][ T9810] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 320.514545][ T9836] netlink: 40 bytes leftover after parsing attributes in process `syz.0.953'. [ 320.656423][ T9838] hsr0: entered promiscuous mode [ 320.666756][ T9837] hsr0: left promiscuous mode [ 320.776246][ T9840] netlink: 'syz.0.955': attribute type 18 has an invalid length. [ 321.062429][ T9846] netlink: 72 bytes leftover after parsing attributes in process `syz.0.959'. [ 321.519414][ T9866] netlink: 4 bytes leftover after parsing attributes in process `syz.1.965'. [ 321.571388][ T9866] netlink: 8 bytes leftover after parsing attributes in process `syz.1.965'. [ 321.599460][ T9866] netlink: 4 bytes leftover after parsing attributes in process `syz.1.965'. [ 322.279099][ T9879] vlan2: entered promiscuous mode [ 322.284182][ T9879] dummy0: entered promiscuous mode [ 322.308069][ T9879] vlan2: entered allmulticast mode [ 322.313242][ T9879] dummy0: entered allmulticast mode [ 322.747510][ T9900] bridge0: port 2(bridge_slave_1) entered disabled state [ 322.757138][ T9900] bridge0: port 1(bridge_slave_0) entered disabled state [ 322.795849][ T9900] bridge0: entered allmulticast mode [ 322.837808][ T9904] bridge0: port 2(bridge_slave_1) entered blocking state [ 322.845119][ T9904] bridge0: port 2(bridge_slave_1) entered forwarding state [ 322.853009][ T9904] bridge0: port 1(bridge_slave_0) entered blocking state [ 322.860259][ T9904] bridge0: port 1(bridge_slave_0) entered forwarding state [ 322.886681][ T9904] bridge0: entered promiscuous mode [ 323.978088][ T5106] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 323.987983][ T5106] Bluetooth: hci3: Injecting HCI hardware error event [ 323.996847][ T5106] Bluetooth: hci3: hardware error 0x00 [ 325.786864][ T9999] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1022'. [ 326.004922][T10003] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1021'. [ 326.135472][T10010] IPVS: set_ctl: invalid protocol: 0 224.0.0.2:0 [ 326.149910][ T5106] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 326.176469][T10003] bond0: entered promiscuous mode [ 326.208413][ T5106] Bluetooth: hci1: ACL packet for unknown connection handle 203 [ 326.216628][ T5106] Bluetooth: hci1: Malformed Event: 0x02 [ 326.222647][ T6177] IPVS: starting estimator thread 0... [ 326.264829][T10006] veth3: entered promiscuous mode [ 326.272468][T10006] bond0: (slave veth3): Enslaving as an active interface with an up link [ 326.308177][T10017] IPVS: using max 33 ests per chain, 79200 per kthread [ 326.381729][T10019] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1029'. [ 327.607971][ T6175] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 327.696841][T10069] pim6reg: entered allmulticast mode [ 327.750145][ T5106] Bluetooth: hci4: ACL packet for unknown connection handle 203 [ 327.759245][ T5106] Bluetooth: hci4: Malformed Event: 0x02 [ 327.851884][ T6175] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 327.869168][ T6175] usb 4-1: config 0 has no interfaces? [ 327.875518][ T6175] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 327.888276][ T6175] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 327.899993][ T6175] usb 4-1: config 0 descriptor?? [ 328.942485][ T6171] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 329.140457][ T6171] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 329.166299][ T6171] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 329.186938][ T6171] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 329.206818][ T6171] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 329.215291][ T6171] usb 1-1: SerialNumber: syz [ 329.463802][ T6171] usb 1-1: 0:2 : does not exist [ 329.486322][ T6171] usb 1-1: unit 5: unexpected type 0x09 [ 329.531314][ T6171] usb 1-1: USB disconnect, device number 21 [ 329.719965][ T1107] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 329.816049][ T5095] udevd[5095]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 329.955956][ T1107] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.165482][ T1107] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.325570][ T1107] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.677444][T10108] futex_wake_op: syz.0.1065 tries to shift op by -1; fix this program [ 330.678917][ T1107] bridge_slave_1: left allmulticast mode [ 330.713535][ T5101] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 330.727193][ T5101] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 330.745469][ T5101] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 330.754501][ T5101] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 330.762147][ T1107] bridge_slave_1: left promiscuous mode [ 330.769935][ T5101] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 330.777216][ T1107] bridge0: port 2(bridge_slave_1) entered disabled state [ 330.785589][ T5101] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 330.870272][ T1107] bridge_slave_0: left allmulticast mode [ 330.875971][ T1107] bridge_slave_0: left promiscuous mode [ 330.884104][ T1107] bridge0: port 1(bridge_slave_0) entered disabled state [ 330.915945][T10112] capability: warning: `syz.0.1066' uses 32-bit capabilities (legacy support in use) [ 331.359302][ T6171] usb 4-1: USB disconnect, device number 26 [ 331.898325][ T1107] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 331.909882][ T1107] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 331.921848][ T1107] bond0 (unregistering): Released all slaves [ 332.529781][ T6171] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 332.722724][ T6171] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 332.727451][T10166] syzkaller0: entered promiscuous mode [ 332.743653][ T6171] usb 2-1: config 0 has no interfaces? [ 332.759675][ T6171] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 332.775351][ T6171] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.793015][T10166] syzkaller0: entered allmulticast mode [ 332.801465][ T6171] usb 2-1: config 0 descriptor?? [ 332.858841][ T5106] Bluetooth: hci3: command tx timeout [ 334.574661][ T1107] hsr_slave_0: left promiscuous mode [ 334.583291][ T1107] hsr_slave_1: left promiscuous mode [ 334.601597][ T1107] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 334.622461][ T1107] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 334.636539][ T1107] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 334.656385][ T1107] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 334.706910][ T1107] veth1_macvtap: left promiscuous mode [ 334.712777][ T1107] veth0_macvtap: left promiscuous mode [ 334.719974][ T1107] veth1_vlan: left promiscuous mode [ 334.725662][ T1107] veth0_vlan: left promiscuous mode [ 334.938099][ T5106] Bluetooth: hci3: command tx timeout [ 334.938181][ T4497] Bluetooth: hci4: command 0x0406 tx timeout [ 335.378234][ T1107] team0 (unregistering): Port device team_slave_1 removed [ 335.415535][ T1107] team0 (unregistering): Port device team_slave_0 removed [ 335.857151][T10194] syzkaller0: entered promiscuous mode [ 335.863065][T10194] syzkaller0: entered allmulticast mode [ 335.872407][T10200] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 335.949301][ T6182] usb 2-1: USB disconnect, device number 29 [ 337.020769][ T5101] Bluetooth: hci3: command tx timeout [ 338.170348][T10111] chnl_net:caif_netlink_parms(): no params data found [ 338.634943][T10111] bridge0: port 1(bridge_slave_0) entered blocking state [ 338.658046][ T6182] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 338.658815][T10111] bridge0: port 1(bridge_slave_0) entered disabled state [ 338.710578][T10111] bridge_slave_0: entered allmulticast mode [ 338.749321][T10111] bridge_slave_0: entered promiscuous mode [ 338.799059][T10111] bridge0: port 2(bridge_slave_1) entered blocking state [ 338.820336][T10111] bridge0: port 2(bridge_slave_1) entered disabled state [ 338.830928][T10111] bridge_slave_1: entered allmulticast mode [ 338.840329][T10111] bridge_slave_1: entered promiscuous mode [ 338.868142][ T6182] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 338.903572][ T6182] usb 4-1: New USB device found, idVendor=056a, idProduct=0016, bcdDevice= 0.00 [ 338.933276][ T6182] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.974880][ T6182] usb 4-1: config 0 descriptor?? [ 338.998978][ T6182] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 339.000451][T10111] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 339.069323][T10111] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 339.099272][ T5101] Bluetooth: hci3: command tx timeout [ 339.230158][ T6182] usb 4-1: USB disconnect, device number 27 [ 339.286088][T10111] team0: Port device team_slave_0 added [ 339.306812][T10111] team0: Port device team_slave_1 added [ 339.384664][T10111] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 339.394464][T10111] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 339.420769][ C1] vkms_vblank_simulate: vblank timer overrun [ 339.430432][T10111] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 339.475162][T10111] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 339.483075][T10111] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 339.509047][ C1] vkms_vblank_simulate: vblank timer overrun [ 339.515833][T10111] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 339.692586][T10111] hsr_slave_0: entered promiscuous mode [ 339.723587][T10111] hsr_slave_1: entered promiscuous mode [ 339.734826][T10111] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 339.772663][T10111] Cannot create hsr debugfs directory [ 340.114137][ T5101] Bluetooth: hci2: SCO packet for unknown connection handle 3 [ 340.257657][T10326] ------------[ cut here ]------------ [ 340.271653][T10326] WARNING: CPU: 0 PID: 10326 at mm/page_alloc.c:4659 __alloc_pages_noprof+0x36a/0x6c0 [ 340.281606][T10326] Modules linked in: [ 340.285527][T10326] CPU: 0 PID: 10326 Comm: syz.1.1123 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 340.295829][T10326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 340.306365][T10326] RIP: 0010:__alloc_pages_noprof+0x36a/0x6c0 [ 340.312818][T10326] Code: a9 00 00 08 00 0f 85 12 01 00 00 44 89 e9 81 e1 7f ff ff ff a9 00 00 04 00 44 0f 45 e9 e9 02 01 00 00 c6 05 7d f2 a8 0d 01 90 <0f> 0b 90 83 fb 0a 0f 86 6c fd ff ff 45 31 ed 48 c7 44 24 20 0e 36 [ 340.333023][T10326] RSP: 0018:ffffc90005027880 EFLAGS: 00010246 [ 340.339541][T10326] RAX: 0000000000000000 RBX: 000000000000000b RCX: 0000000000000000 [ 340.347538][T10326] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90005027908 [ 340.356581][T10326] RBP: ffffc90005027998 R08: ffffc90005027907 R09: 0000000000000000 [ 340.365577][T10326] R10: ffffc900050278e0 R11: fffff52000a04f21 R12: 1ffff92000a04f18 [ 340.374003][T10326] R13: 0000000000040dc0 R14: dffffc0000000000 R15: 1ffff92000a04f14 [ 340.382560][T10326] FS: 00007f93690906c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 [ 340.391891][T10326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 340.398689][T10326] CR2: 00000000203d0000 CR3: 000000005c5f8000 CR4: 00000000003526f0 [ 340.406688][T10326] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 340.414841][T10326] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 340.422917][T10326] Call Trace: [ 340.426219][T10326] [ 340.429231][T10326] ? __warn+0x163/0x4e0 [ 340.433413][T10326] ? __alloc_pages_noprof+0x36a/0x6c0 [ 340.438947][T10326] ? report_bug+0x2b3/0x500 [ 340.443484][T10326] ? __alloc_pages_noprof+0x36a/0x6c0 [ 340.449506][T10326] ? handle_bug+0x3e/0x70 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 340.454542][T10326] ? exc_invalid_op+0x1a/0x50 [ 340.459994][T10326] ? asm_exc_invalid_op+0x1a/0x20 [ 340.465060][T10326] ? __alloc_pages_noprof+0x36a/0x6c0 [ 340.470610][T10326] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 340.476356][T10326] ? irqentry_exit+0x63/0x90 [ 340.481044][T10326] __kmalloc_large_node+0x8b/0x1d0 [ 340.486192][T10326] ? drm_mode_create_lease_ioctl+0x580/0x1dc0 [ 340.493853][T10326] __kmalloc_noprof+0x2aa/0x400 [ 340.498980][T10326] ? _copy_from_user+0xa6/0xe0 [ 340.503787][T10326] drm_mode_create_lease_ioctl+0x580/0x1dc0 [ 340.509780][T10326] ? __pfx_drm_mode_create_lease_ioctl+0x10/0x10 [ 340.516245][T10326] ? do_raw_spin_unlock+0x13c/0x8b0 [ 340.521536][T10326] ? _raw_spin_unlock+0x28/0x50 [ 340.526411][T10326] drm_ioctl_kernel+0x33a/0x440 [ 340.531365][T10326] ? __pfx_drm_mode_create_lease_ioctl+0x10/0x10 [ 340.537726][T10326] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 340.543548][T10326] ? __might_fault+0xc6/0x120 [ 340.548326][T10326] drm_ioctl+0x611/0xad0 [ 340.552597][T10326] ? __pfx_drm_mode_create_lease_ioctl+0x10/0x10 [ 340.559654][T10326] ? __pfx_drm_ioctl+0x10/0x10 [ 340.564478][T10326] ? bpf_lsm_file_ioctl+0x9/0x10 [ 340.570085][T10326] ? security_file_ioctl+0x87/0xb0 [ 340.575853][T10326] ? __pfx_drm_ioctl+0x10/0x10 [ 340.580721][T10326] __se_sys_ioctl+0xfc/0x170 [ 340.585350][T10326] do_syscall_64+0xf3/0x230 [ 340.589979][T10326] ? clear_bhb_loop+0x35/0x90 [ 340.594680][T10326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.600655][T10326] RIP: 0033:0x7f9368375a99 [ 340.605095][T10326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 340.624971][T10326] RSP: 002b:00007f9369090048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 340.633499][T10326] RAX: ffffffffffffffda RBX: 00007f9368503f60 RCX: 00007f9368375a99 [ 340.641543][T10326] RDX: 0000000020000040 RSI: 00000000c01864c6 RDI: 0000000000000003 [ 340.649600][T10326] RBP: 00007f93683e4e5d R08: 0000000000000000 R09: 0000000000000000 [ 340.658303][T10326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 340.666301][T10326] R13: 000000000000000b R14: 00007f9368503f60 R15: 00007f936862fa78 [ 340.675053][T10326] [ 340.678220][T10326] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 340.685518][T10326] CPU: 0 PID: 10326 Comm: syz.1.1123 Not tainted 6.10.0-syzkaller-04472-g51835949dda3 #0 [ 340.695346][T10326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 340.705422][T10326] Call Trace: [ 340.708702][T10326] [ 340.711633][T10326] dump_stack_lvl+0x241/0x360 [ 340.716316][T10326] ? __pfx_dump_stack_lvl+0x10/0x10 [ 340.721507][T10326] ? __pfx__printk+0x10/0x10 [ 340.726095][T10326] ? vscnprintf+0x5d/0x90 [ 340.730419][T10326] panic+0x349/0x860 [ 340.734305][T10326] ? __warn+0x172/0x4e0 [ 340.738458][T10326] ? __pfx_panic+0x10/0x10 [ 340.742880][T10326] __warn+0x346/0x4e0 [ 340.746857][T10326] ? __alloc_pages_noprof+0x36a/0x6c0 [ 340.752224][T10326] report_bug+0x2b3/0x500 [ 340.756550][T10326] ? __alloc_pages_noprof+0x36a/0x6c0 [ 340.761917][T10326] handle_bug+0x3e/0x70 [ 340.766068][T10326] exc_invalid_op+0x1a/0x50 [ 340.770566][T10326] asm_exc_invalid_op+0x1a/0x20 [ 340.775440][T10326] RIP: 0010:__alloc_pages_noprof+0x36a/0x6c0 [ 340.781414][T10326] Code: a9 00 00 08 00 0f 85 12 01 00 00 44 89 e9 81 e1 7f ff ff ff a9 00 00 04 00 44 0f 45 e9 e9 02 01 00 00 c6 05 7d f2 a8 0d 01 90 <0f> 0b 90 83 fb 0a 0f 86 6c fd ff ff 45 31 ed 48 c7 44 24 20 0e 36 [ 340.801015][T10326] RSP: 0018:ffffc90005027880 EFLAGS: 00010246 [ 340.807077][T10326] RAX: 0000000000000000 RBX: 000000000000000b RCX: 0000000000000000 [ 340.815088][T10326] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90005027908 [ 340.823060][T10326] RBP: ffffc90005027998 R08: ffffc90005027907 R09: 0000000000000000 [ 340.831018][T10326] R10: ffffc900050278e0 R11: fffff52000a04f21 R12: 1ffff92000a04f18 [ 340.838995][T10326] R13: 0000000000040dc0 R14: dffffc0000000000 R15: 1ffff92000a04f14 [ 340.846973][T10326] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 340.852688][T10326] ? irqentry_exit+0x63/0x90 [ 340.857279][T10326] __kmalloc_large_node+0x8b/0x1d0 [ 340.862390][T10326] ? drm_mode_create_lease_ioctl+0x580/0x1dc0 [ 340.868457][T10326] __kmalloc_noprof+0x2aa/0x400 [ 340.873298][T10326] ? _copy_from_user+0xa6/0xe0 [ 340.878061][T10326] drm_mode_create_lease_ioctl+0x580/0x1dc0 [ 340.883957][T10326] ? __pfx_drm_mode_create_lease_ioctl+0x10/0x10 [ 340.890294][T10326] ? do_raw_spin_unlock+0x13c/0x8b0 [ 340.895488][T10326] ? _raw_spin_unlock+0x28/0x50 [ 340.900351][T10326] drm_ioctl_kernel+0x33a/0x440 [ 340.905311][T10326] ? __pfx_drm_mode_create_lease_ioctl+0x10/0x10 [ 340.911646][T10326] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 340.917017][T10326] ? __might_fault+0xc6/0x120 [ 340.921692][T10326] drm_ioctl+0x611/0xad0 [ 340.925928][T10326] ? __pfx_drm_mode_create_lease_ioctl+0x10/0x10 [ 340.932255][T10326] ? __pfx_drm_ioctl+0x10/0x10 [ 340.937024][T10326] ? bpf_lsm_file_ioctl+0x9/0x10 [ 340.941954][T10326] ? security_file_ioctl+0x87/0xb0 [ 340.947055][T10326] ? __pfx_drm_ioctl+0x10/0x10 [ 340.951813][T10326] __se_sys_ioctl+0xfc/0x170 [ 340.956398][T10326] do_syscall_64+0xf3/0x230 [ 340.960895][T10326] ? clear_bhb_loop+0x35/0x90 [ 340.965571][T10326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 340.971465][T10326] RIP: 0033:0x7f9368375a99 [ 340.975958][T10326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 340.995558][T10326] RSP: 002b:00007f9369090048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 341.003968][T10326] RAX: ffffffffffffffda RBX: 00007f9368503f60 RCX: 00007f9368375a99 [ 341.011930][T10326] RDX: 0000000020000040 RSI: 00000000c01864c6 RDI: 0000000000000003 [ 341.019890][T10326] RBP: 00007f93683e4e5d R08: 0000000000000000 R09: 0000000000000000 [ 341.027848][T10326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 341.035807][T10326] R13: 000000000000000b R14: 00007f9368503f60 R15: 00007f936862fa78 [ 341.043821][T10326] [ 341.046951][T10326] Kernel Offset: disabled [ 341.051300][T10326] Rebooting in 86400 seconds..